Sustained surge in API-targeted attacks with behavior-based vectors and AI amplification in 2025
Summary
Hide ▲
Show ▼
APIs have become the primary attack surface for organizations globally, with a 113% annual increase in daily attack volume during 2025. Security incidents involving APIs were reported by 87% of organizations last year, reflecting a shift from traditional web-based exploitation to behavior-based attacks. Unauthorized workflows and abnormal activity accounted for 61% of API incidents, up from 30% in 2024, indicating adoption of more subtle, evasive techniques. The most exploited API vulnerabilities aligned with OWASP Top 10 risks, including misconfigurations (40%), broken object property level authorization (35%), and broken authentication (19%). The expansion of agentic AI has intensified the risk, with an average of 3,000 APIs per customer found to expose sensitive data in 2025, 12% of which contained security weaknesses and 24% of those issues directly related to sensitive data exposure.
Timeline
-
17.03.2026 12:30 1 articles · 3h ago
API attack volume surges 113% annually with behavior-based vectors and AI-driven amplification documented in 2025
APIs constitute the primary attack surface for organizations, with average daily attacks per organization rising to 258 in 2025 from 121 in 2024. Unauthorized workflows and abnormal activity now represent 61% of API incidents, up from 30% in 2024, signaling a transition from traditional web-based exploitation toward behavior-based attacks. The most frequently exploited vulnerabilities align with OWASP Top API Security Risks: security misconfigurations (40%), broken object property level authorization (35%), and broken authentication (19%). Agentic AI has amplified exposure risks, with an average of 3,000 APIs per customer containing sensitive data in 2025; 12% of those APIs exhibited weaknesses, and 24% of those issues directly involved sensitive data exposure.
Show sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30
Information Snippets
-
Average daily API attacks per organization increased to 258 in 2025, up 113% from 121 in 2024.
First reported: 17.03.2026 12:301 source, 1 articleShow sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30
-
61% of API attacks in 2025 involved unauthorized workflows and abnormal activity, compared to 30% in 2024, indicating a shift toward behavior-based attack techniques.
First reported: 17.03.2026 12:301 source, 1 articleShow sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30
-
OWASP Top API Security Risks most frequently exploited were security misconfigurations (40%), broken object property level authorization (35%), and broken authentication (19%).
First reported: 17.03.2026 12:301 source, 1 articleShow sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30
-
An average of 3,000 APIs per customer contained sensitive data in 2025, with 12% showing security weaknesses and 24% of those issues related to sensitive data exposure.
First reported: 17.03.2026 12:301 source, 1 articleShow sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30
-
Web application attacks increased 73% in volume between 2023 and 2025, while Layer 7 DDoS attacks rose 104% over the past three years.
First reported: 17.03.2026 12:301 source, 1 articleShow sources
- Average Number of Daily API Attacks Up 113% Annually — www.infosecurity-magazine.com — 17.03.2026 12:30