Google unveiled a significant wave of advancements designed to supercharge how developers build and scale AI applications – from early-stage experimentation right through to large-scale deployment.
Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI.
Key Findings Include:
1. API-Related Data Breaches Continue to Wreak Havoc
57% of organizations suffered an API-related data breach in the past two years, with a staggering 73% of these experiencing three or more incidents. Even more concerning, 41% endured five or more breaches, revealing a systemic failure in API defenses and a clear need for investment in purpose-built API security solutions.
2. Traditional Security Solutions Fail to Deliver API Protection
Despite deploying an array of security tools—from legacy WAFs to CDNs and Gateways—only 19% of organizations rate their defenses as highly effective. Moreover, 53% admit that traditional solutions like WAFs and WAAPs are ineffective at identifying or preventing fraud at the API layer.
3. Generative AI Applications Create New Risks
65% of organizations state that generative AI applications pose a serious to extreme risk to APIs. 60% state that the additional API integrations required for generative AI applications expand their organization's attack surface; the same percentage cite concerns about sensitive data exposure and unauthorized access.
4. Bot Attacks and Fraud are Rampant
53% of organizations have experienced one or more bot attacks involving their APIs, and 44% say that bot mitigation is a top challenge. Fraud is equally concerning, emerging as the second most prevalent cause of API-related data breaches among survey respondents.
5. Third-Party APIs Are a Hidden Danger
Organizations now use an average of 131 third-party APIs, up slightly from last year's 127. Yet, only 16% have a "high ability" to mitigate these external risks, leaving a vast attack surface greatly exposed.
"API breaches are rampant, and the industry is in denial," said Richard Bird, Chief Security Officer of Traceable. "Organizations keep deploying the same solutions — Web Application Firewalls, API gateways, and lifecycle tools — yet only a small percentage report any real success. This cognitive dissonance is a ticking time bomb. The truth is, these traditional defenses are failing, and the more companies rely on them, the more they expose themselves to devastating attacks. We're also seeing a surge in bot attacks, increasing instances of API fraud, and new vulnerabilities emerging from the rapid adoption of generative AI applications. Companies must confront the uncomfortable truth: their current strategies are inadequate. Without a fundamental shift in how they secure APIs, breaches and their consequences will continue to escalate."
Methodology: The study incorporates insights from over 1,500 IT and cybersecurity experts across the US, UK, and EMEA.
Industry News
Red Hat announced Red Hat Advanced Developer Suite, a new addition to Red Hat OpenShift, the hybrid cloud application platform powered by Kubernetes, designed to improve developer productivity and application security with enhancements to speed the adoption of Red Hat AI technologies.
Perforce Software announced Perforce Intelligence, a blueprint to embed AI across its product lines and connect its AI with platforms and tools across the DevOps lifecycle.
CloudBees announced CloudBees Unify, a strategic leap forward in how enterprises manage software delivery at scale, shifting from offering standalone DevOps tools to delivering a comprehensive, modular solution for today’s most complex, hybrid software environments.
Azul and JetBrains announced a strategic technical collaboration to enhance the runtime performance and scalability of web and server-side Kotlin applications.
Docker, Inc.® announced Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images designed to meet today’s toughest software supply chain challenges.
GitHub announced that GitHub Copilot now includes an asynchronous coding agent, embedded directly in GitHub and accessible from VS Code—creating a powerful Agentic DevOps loop across coding environments.
Red Hat announced its integration with the newly announced NVIDIA Enterprise AI Factory validated design, helping to power a new wave of agentic AI innovation.
JFrog announced the integration of its foundational DevSecOps tools with the NVIDIA Enterprise AI Factory validated design.
GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.