29% of organizations identify external APIs and SaaS-embedded AI features as their greatest AI supply chain risk.

Within the next 12 to 18 months, nearly a third (32%) of CISOs, AppSec managers and developers expect Application Programming Interface (API) breaches via shadow APIs or business logic attacks.

7% of organisations assess API risk monthly or less.

Only 32% of organisations conduct daily API risk assessments.

37% of organisations have a dedicated API security solution.

13% of organisations have users making API calls to api.anthropic.com.

Analysis of FireTail's customer data revealed that nearly 39% of all API requests resulted in HTTP 429 (Too Many Requests) responses, suggesting potential abuse. Of these 429 responses, about 20% were linked to bot traffic.

The mean number of warnings per OpenAPI specification significantly increased, from an average of 215 warnings per spec in 2023 to 1,078 warnings per spec in 2025. Unrestricted String and Array Lengths emerged as the most common warning type.

A scan of publicly accessible GitHub repositories found that the number of OpenAPI specifications decreased from 2,879 in 2023 to 2,160 in 2025.

In the last three years, there have been 79 documented API breaches, significantly more than the 22 cloud-related breaches in the same period, indicating APIs are a growing focal point for attackers.

Approximately 70% of AI data breaches have no secondary breach vector, deviating from typical multi-vector API breaches.

TracFone Wireless faced a $16 million settlement and a comprehensive consent decree due to API vulnerabilities that exposed customer data.

Cumulatively, over 1.6 billion records have been exposed since 2017 due to API breaches.

Nearly 60% of organizations report inadequate visibility into the APIs supporting their AI systems.

Approximately 9% of API traffic from Russia, China, and Iran was flagged as bot activity, particularly in January, November, and December 2024.

The FireTail API Data Breach Tracker shows a rise in API security incidents, increasing from 22 in 2023 to 26 in 2024.

Despite the rise in API security incidents, the number of breaches dropped from 18 to 93.

Of the 2,869 security issues analysed in Agentic AI projects, the majority were API-related (65%).

OWASP API Security Top 10–related incidents increased by 32%, revealing authentication and authorization flaws.

Akamai documented 150 billion API attacks from January 2023 through December 2024.