Kong Study Examines AI-Enhanced Security Concerns

Kong, which develops cloud API technology, published its findings from API Security Perspectives 2025: AI-Enhanced Threats and API Security report. This document highlights the API security landscape, reflecting on how new AI developments could impact it.

Notably, about 25 percent of respondents witnessed AI-enhanced security threats related to APIs or LLMs, with 75 percent expressing “serious” concern regarding future AI-enhanced attacks. While approximately 85 percent remain confident in their organization’s security capabilities, 55 percent experienced an API security incident in the past year.

The findings also highlighted the importance of having a strong security strategy, with one in five respondents revealing an incident cost the organization over $500,000 in the past 12 months.

Despite many either taking measures (92 percent) or identifying API security as a top priority (88 percent), Kong noted that many organizations lack the comprehensive security measures needed to protect API infrastructure in the AI era.

“Organizations cannot afford to underestimate their own security risks — especially in the age of AI,” said Marco Palladino, Kong’s CTO and co-founder. “The report showcases that API security is being taken seriously as part of overall cybersecurity strategy, but there are still some blind spots that can open an organization up to threats. As AI continues to advance, not only will companies create more vulnerabilities within their own organizations, but attacks will become more sophisticated. Understanding the full threat landscape is crucial to maintaining a strong API security posture.”

Additionally, just 35 percent are adopting a zero trust architecture to mitigate API security risk, with only three percent citing shadow APIs as a “significant” threat. Additional findings included:

  • Top measures to secure APIs against AI-enhanced threats including increased monitoring and traffic analysis (66 percent), educating staff on AI-related threats (60 percent) and AI-driven threat detection systems (51 percent).
  • Top steps to mitigate API security risks being API monitoring and anomaly detection tools (63 percent), API gateway solutions (61 percent) and API encryption and tokenization (58 percent).
  • 45 percent of organizations have dedicated at least 20 percent of their cybersecurity budgets to API security.
  • 41 percent are unsure or doubtful that the organization’s investment is enough to address API security risk.
  • 66 percent of organizations are implementing API governance frameworks to ensure compliance with internal policies and external regulations.

The survey was commissioned with a professional polling firm, Oct.-Nov. 2024, and included responses from 700 IT professionals and business leaders across the U.S. and the U.K..