Radware, which lends application security and delivery solutions for multi-cloud environments, published its 2025 Cyber Survey: Application Security at a Breaking Point.
This study noted threat areas of rapidly growing concern for organizations as their cyber-defenses lag. This includes a “major” lack of protection against AI threats, as well as API and business logic attacks, among others.
“The weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected,” said Radware VP of product portfolio, Shira Sagiv. “Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure.”
Of note, AI use aimed at improving and intensifying hacking tradecraft is of greatest concern, as organizations noted “significant” concern over threat actors using the technology to generate new attacks at a faster cadence.
AI-related concerns included:
-
Creating/improving hacking tools (70 percent).
-
Generating larger volumes of cyberattacks (67 percent).
-
Launching zero-day attack vectors (66 percent).
Other takeaways included:
-
Despite concern about hackers embracing AI, just eight percent of organizations use AI-based defense.
-
Four/fifths of organizations plan to implement AI cybersecurity solutions in the next 12 months.
-
Organizations increasing API use despite remaining ill-protected.
-
API usage up 42 percent (2025), compared to the highest rate of use in 2023.
-
Organizations employing 19 third-party APIs, per application.
-
Business logic attacks representing a growing-concern threat area.
-
Just 29 percent having security staff fully trained to detect and mitigate such attacks.
Additionally, just 16 percent of organizations remain confident in their current protection against data breach attempts of third-party services code running on their web applications.
The survey, which was conducted with Osterman Research, included responses from compliance, chief risk and data privacy officers; VPs of R&D; senior network security admins; senior DevOps and DevSecOps administrators and cloud security and API architects, among other titles, across nine countries spanning North America, EMEA, APAC and LATAM.
