More than 80% of developers and business leaders say AI investments have already created the opportunity for new products or services, according to Kong’s 2024 API Impact Report. Clearly, AI has proven its value and place in the enterprise, but with new innovations come new potential vulnerabilities.
But as organizations push forward into and navigate the rising risk of AI-enhanced threats and the adoption of AI tools and large language models (LLMs), what have tech leaders experienced? And what are they most concerned about in the year ahead?
In API Security Perspectives 2025: AI-Enhanced Threats and API Security, we surveyed 700 IT leaders about API security and the rising risk of AI-enhanced threats — and how prepared they may or may not be.
Nearly 75% of respondents express serious concern about AI-enhanced attacks, but a notable disconnect emerged. While 55% of organizations experienced an API security incident in the past year (and one-third call the incident "severe"), 85% say they’re confident in their organization’s security capabilities. This confidence may be misplaced, given that 77% acknowledge the potential for significant security risks from AI and LLM integration into their API ecosystem.
These API security incidents also can come with substantial costs: 47% of those who experienced an incident in the past 12 months reported remediation costs of more than $100,000 — and 20% said costs exceeded $500,000.
The gap between perception and reality requires attention, particularly as API attacks are projected to grow by 548% by 2030. Moreover, API breaches lead to more leaked data than the average security breach, Gartner reports.
Other key findings include:
The convergence of AI and APIs presents both unprecedented opportunities and risks. While organizations recognize the changing threat landscape, many lack the comprehensive security measures needed to protect their API infrastructure in the AI age. The key will be to treat API infrastructure as mission critical.
What does the age of AI mean for API security? And are organizations ready for the rise of AI-enhanced threats? Read API Security Perspectives 2025: AI-Enhanced Threats and API Security to learn more
Ever feel like you're fighting an uphill battle with your API strategy? You're building APIs faster than ever, but somehow everything feels harder. Wasn’t API-first supposed to make all this easier? Well, you're not alone. And now industry analys
Kong-quer the Agentic AI Hackathon 🚀 Calling all builders, tinkerers, and API innovators. The Kong Hackathon is back for API Summit 2025 ! This year, we’re challenging developers worldwide to create projects that don’t just react, they think , a
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM
This is part one of a series exploring how Kong AI Gateway can be used in an AI Agent development with LangGraph. The series comprises three parts: Basic ReAct AI Agent with Kong AI Gateway Single LLM ReAct AI Agent with Kong AI Gateway and LangGr
What Is RAG, and Why Should You Use It? RAG (Retrieval-Augmented Generation) is not a new concept in AI, and unsurprisingly, when talking to companies, everyone seems to have their own interpretation of how to implement it. So, let’s start with a r
Survey Says: Google LLMs See Usage Surge, Most OK with DeepSeek in the Workplace Enterprise adoption of large language models (LLMs) is surging. According to Gartner , more than 80% of enterprises will have deployed generative AI (GenAI) applicatio