AI use drives APIs to become the main attack surface
A new report reveals that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks.
The survey from Wallarm, of 200 US-based enterprise leaders on AI and API security, finds over 53 percent report engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks.
Newly launched APIs found by attackers in under 30 seconds
Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.
The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.
Source code: The source of truth for securing the API attack surface
Most organizations find themselves in the midst of their API security journey, racing to keep pace with expanding API ecosystems in a colossal threat landscape. As a core enabler of modern applications, facilitating seamless connectivity and powering mobile and web applications, APIs are everywhere. The DevOps revolution has completely transformed the pace at which developers can design and build APIs faster than a security team can match.
Large enterprises are operating with tens of thousands of APIs, and even small organizations have a surprising number, both internal and external. With applications and API portfolios becoming increasingly complex, maintaining a comprehensive understanding of all existing APIs has emerged as a significant hurdle. As APIs can quickly become obscured or forgotten, many organizations lack accurate context into the sheer scale and volume of APIs that persist across their infrastructure -- subsequently resulting in the absence of a full picture of their attack surface. As one cannot secure what they cannot see, the absence of discovery mechanisms opens organizations to a host of security risks. That is why API discovery is now a crucial process for security teams, designed to identify, catalog, and assess APIs.