Salt Security has released its State of API Security Report Q1 2025, containing survey results from more than 200 security and IT professionals as well as anonymized empirical data from customers. The research emphasizes the ongoing API security challenges organizations are experiencing, with 99% reporting API security issues in the past 12 months.
API security concerns delayed new application rollout in 55% of organizations. In production APIs, the most commonly reported security obstacles include vulnerabilities exposing APIs to attacks (37%), exposure of sensitive information (34%), and API authentication weaknesses (29%). Furthermore, generative AI has elevated API security challenges. 47% consider securing AI-generated code to be a concern, and 40% believe vulnerabilities introduced by AI-generated code are a top risk.
As for API attacks, the research found that 95% within the last 12 months came from authenticated sources. Additionally, 98% of attempted attacks focused on external-facing APIs.
The report also found that API security budgets are increasing, as 69% of organizations expanded API security budgets by more than 5%. While budgets are increasing, API security maturity is low. 59% of organizations are still planning or in basic stages, while only 6% have advanced security programs for API security. Issues obstructing progress include budget constraints (30%), limited resources (22%), and inadequate tools (10%).