API attacks surge sharply across global enterprises

Organisations faced a steep escalation in cyber threats targeting application programming interfaces, with average daily API attacks per enterprise climbing to 258 in 2025, marking a 113% increase from 121 the previous year, according to industry cybersecurity assessments tracking enterprise network activity.

The data underscores a widening attack surface as businesses deepen reliance on APIs to connect cloud services, mobile applications and third-party platforms. Analysts say the growth reflects both the expansion of digital ecosystems and the increasing sophistication of attackers exploiting gaps in API security frameworks.

A notable shift in attack patterns has also emerged, with 61% of incidents involving unauthorised workflows and abnormal behavioural activity. That represents a significant rise compared with earlier measurements, pointing to attackers bypassing traditional authentication layers and manipulating legitimate processes rather than relying solely on brute-force intrusions or credential theft.

Security specialists describe this evolution as part of a broader transition towards logic-based attacks, where adversaries exploit weaknesses in how APIs are designed rather than targeting infrastructure vulnerabilities alone. These methods often evade conventional detection systems because they mimic normal user behaviour while executing malicious actions in the background.

The surge coincides with rapid enterprise adoption of microservices architectures, where applications are broken into smaller, interconnected components communicating through APIs. While this model enhances scalability and development speed, it also multiplies entry points for potential breaches if not rigorously secured.

Financial services, healthcare and e-commerce sectors remain among the most exposed, given their heavy reliance on real-time data exchange and high-value transactions. Cybersecurity firms have observed that attackers increasingly target APIs handling payments, identity verification and sensitive personal information, where even minor vulnerabilities can yield significant returns.

Executives in the cybersecurity industry warn that many organisations continue to underestimate API-specific risks, often applying legacy security models that fail to account for the dynamic and distributed nature of modern application environments. Traditional web application firewalls and perimeter-based defences, while still relevant, are frequently insufficient against attacks exploiting business logic flaws within APIs.

The findings also highlight a growing gap between deployment speed and security oversight. Development teams under pressure to release features rapidly may overlook comprehensive API testing, leaving endpoints exposed to misuse. Industry surveys indicate that a substantial proportion of APIs remain undocumented or poorly monitored, complicating efforts to detect anomalous behaviour.

Artificial intelligence and automation are playing a dual role in this landscape. While defenders increasingly use AI-driven tools to identify irregular patterns and respond to threats in real time, attackers are also leveraging automation to scale their operations, probing APIs at higher volumes and with greater precision. This technological arms race is contributing to the sharp rise in daily attack counts.

Regulatory scrutiny is intensifying alongside these developments. Authorities in several jurisdictions are tightening data protection and cybersecurity requirements, placing greater emphasis on securing application interfaces as part of broader compliance frameworks. Organisations failing to protect APIs adequately risk not only operational disruption but also financial penalties and reputational damage.

Industry leaders are advocating for a shift towards “API-first security” strategies, integrating protection mechanisms directly into the development lifecycle rather than treating them as an afterthought. This includes practices such as continuous monitoring, behavioural analytics, zero-trust authentication models and automated threat detection tailored specifically to API environments.

Some companies have begun investing heavily in dedicated API security platforms capable of mapping all endpoints, identifying vulnerabilities and detecting suspicious activity across distributed systems. These tools aim to provide visibility into complex ecosystems where APIs may be deployed across multiple clouds, on-premises infrastructure and partner networks.

Despite increased awareness, challenges remain in aligning security priorities with business objectives. Organisations often struggle to balance the need for seamless user experiences with stringent access controls, particularly in consumer-facing applications where friction can affect engagement and revenue.