Kubernetes 1.33 was released today.
Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI.
Key Findings Include:
1. API-Related Data Breaches Continue to Wreak Havoc
57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
2. Traditional Security Solutions Fail to Deliver API Protection
Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
3. Generative AI Applications Create New Risks
65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization's attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
4. Bot Attacks and Fraud are Rampant
53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
5. Third-Party APIs Are a Hidden Danger
Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a "high ability" to mitigate these external risks, leaving a vast attack surface greatly exposed.
"API breaches are rampant, and the industry is in denial," said Richard Bird, Chief Security Officer of Traceable. "Organizations keep deploying the same solutions — Web Application Firewalls, API gateways, and lifecycle tools — yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We're also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate."
Methodology: The study incorporates insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA.
Industry News
Docker announced a major expansion of its AI initiative with the upcoming Docker MCP Catalog and Docker MCP Toolkit.
Perforce Software announced the release of its latest platform update for Puppet Enterprise Advanced, designed to streamline DevSecOps practices and fortify enterprise security postures.
Azul announced JVM Inventory, a new feature of Azul Intelligence Cloud designed to address the complexity and risk of migrating off Oracle Java.
LaunchDarkly announced the acquisition of Highlight, a powerful, open source, full-stack application monitoring platform known for its error monitoring, logging, distributed tracing and session replay capabilities.
O’Reilly announced AI Codecon—a groundbreaking virtual conference series dedicated to exploring the rapidly evolving world of AI-assisted software development.
Veracode unveiled new capabilities offering proactive risk mitigation and automated security at enterprise scale.
Snyk launched Snyk API & Web, delivering a dynamic application security testing (DAST) solution designed to meet the growing demands of modern and increasingly AI-powered software development.
Check Point® Software Technologies Ltd. announced that it has ranked as a Leader and the only Outperformer for its Check Point Quantum Security Solutions in GigaOm’s latest Radar for Enterprise Firewall report.
Postman announced new releases designed to help organizations build APIs faster, more securely, and with less friction.
SnapLogic announced AgentCreator 3.0, an evolution in agentic AI technology that eliminates the complexity of enterprise AI adoption.
GitLab announced the general availability of GitLab Duo with Amazon Q.
Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.
Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.
CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.