New F5 Report Unveils Scary Truths About API Security in the AI Era

SEATTLE--(BUSINESS WIRE)--F5 (NASDAQ: FFIV) today announced the findings of its 2024 State of Application Strategy Report: API Security, revealing concerning truths about the current state of API security across industries. The report highlights significant gaps in API protection, exposing them to potential threats that could jeopardize enterprise security and operations. These challenges are magnified by the rapid proliferation of APIs in today’s digital landscape.

The survey found that less than 70% of customer-facing APIs are secured using HTTPS (Hypertext Transfer Protocol Secure), leaving nearly one-third of these APIs completely unprotected. This is a stark contrast to the 90% of web pages that are now accessed via HTTPS, following the push for secure web communications over the past decade.

“APIs are becoming the backbone of digital transformation efforts, connecting critical services and applications across organizations,” said Lori MacVittie, Distinguished Engineer at F5. “However, as our report indicates, many organizations are not keeping pace with the security requirements needed to protect these valuable assets, especially in the context of emerging AI-driven threats.”

Key Findings of the Report Include:

• Rapid growth and diverse environments: The average organization now manages 421 different APIs, with most hosted in public cloud environments. Despite this growth, a significant number of APIs—particularly those that are customer-facing—remain unprotected.
• Evolving API uses and security needs: As APIs increasingly connect to AI services like OpenAI, the security model must adapt to cover both inbound and outbound API traffic. Current practices largely focus on inbound traffic, leaving outbound API calls vulnerable.
• Fragmented responsibility for API security: The report reveals a divided responsibility for API security within organizations, with 53% managing it under application security and 31% through API management and integration platforms. This division can lead to gaps in coverage and inconsistent security practices.
• High demand for programmable security solutions: Respondents ranked programmability as the most valuable API security capability, underscoring the need for real-time inspection and response to API traffic and threats.

Addressing the Gaps in API Security

To address these security gaps, the report recommends organizations adopt comprehensive security solutions that can cover the entire API lifecycle, from design through deployment. By integrating API security into both development and operational phases, organizations can better protect their digital assets against a growing array of threats.

“APIs are integral to the AI era, but they must be secured to ensure that AI and digital services can operate safely and effectively,” added MacVittie. “This report is a call to action for organizations to re-evaluate their API security strategies and take the necessary steps to protect their data and services.”

The full 2024 State of Application Strategy Report: API Security is available for download.

About this Report

The data presented in this report reflects the results of both the annual F5 State of Application Strategy survey and targeted follow-up research with additional API decision makers—more than two-thirds of them in C-level roles—for global organizations of all sizes and across industries, from technology, manufacturing, finance, and retail to organizations in healthcare and education.

About F5

F5 is a multicloud application security and delivery company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to secure every app—on premises, in the cloud, or at the edge. F5 enables businesses to continuously stay ahead of threats while delivering exceptional, secure digital experiences for their customers. For more information, go to f5.com. (NASDAQ: FFIV)

You can also follow @F5 on X or visit us on LinkedIn and Facebook to learn about F5, its partners, and technologies.

F5 is a trademark, service mark, or tradename of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

SOURCE: F5, Inc.