By Pratik Shah, Managing Director – India & SAARC, F5
In the heart of India’s tech revolution, artificial intelligence (AI) and application programming interfaces (APIs) are quietly transforming industries. While AI often takes center stage, APIs work behind the scenes, powering almost every digital interaction—from grocery apps to essential platforms that drive our services. As AI demand grows, so too does reliance on the APIs that support it.
Industry reports show that APIs will account for nearly 90% of global web traffic by 2025, underscoring their vital role in the digital economy. This trend is set to continue, with APAC companies projected to allocate up to 16% of their budgets to AI by 2025, according to the 2024 Strategic Insights: API Security in APAC report, leading to a corresponding surge in API usage.
However, this rapid growth brings increased risks. In early 2024, over 80% of mitigated cyberattacks targeted APIs. Attackers, using generative AI and advanced tools, are exploiting vulnerabilities with greater precision, allowing even low-skilled hackers to breach API security.The challenge now is securing AI models that rely on APIs. This requires strong visibility, defenses against sophisticated bots, and a deep understanding of how APIs expand an organization’s attack surface. The key issue isn’t just managing API growth, but ensuring security keeps pace.
Unlocking Secure Innovation: Tackling API Security in the AI Era
If an application is a busy marketplace, where APIs act as the doors—inviting people in, enabling interactions, and keeping business flowing. However, as more doors open, the need for stronger security grows, because every access point is a potential target.The rapid expansion of APIs adds complexity to security efforts, multiplying the ways attackers can break in. Even more concerning, many organizations lack the visibility they need to understand where their APIs are or how they’re being used. It’s akin to managing a building with countless hidden entrances—without a clear map, security gaps are inevitable, leaving organizations vulnerable to threats that can easily slip through the cracks.Even traditional security measures that once sufficed in simpler digital environments often fail to protect the complex API architectures powering modern applications.
Addressing these challenges will require rethinking API security strategies to increase visibility, deploy stronger bot defenses, and enhance signals intelligence to differentiate between helpful AI agents and malicious bots. In an era where AI and APIs are intertwined, securing this ecosystem is paramount. In fact, 16% of Indian organisations state broken function level authorization as the top concern, double the APAC average, according to the 2024 Strategic Insights: API Security in APAC report. This is followed by poor authentication and server-side request forgery, which is a concern for 15% of Indian businesses. These statistics underscore an important reality; as India moves toward its digital future, the security of its API infrastructure cannot be ignored.
Comprehensive API security strategy
In today’s digital era, security must be as innovative as the technology it protects. We know that attackers are evolving, using tactics such as decompiling apps, stealing API keys, and probing API endpoints. Although AI and machine learning solutions offer valuable capabilities, they must be integrated into a broader, multi-layered security framework tailored to India’s unique digital landscape.The most effective approach combines various security elements—signals intelligence, mobile security, bot defenses, and web application firewalls. Each layer complements the others, creating a resilient barrier that adapts to an ever-changing threat landscape.
It is imperative for organizations to embrace the ‘Shift Left, Shield Right’ methodology. This strategy integrates security measures from the earliest stages of development, ensuring that vulnerabilities are addressed before deployment. While securing APIs during production is crucial, it should be part of a larger strategy that begins with proactive security testing during development.Automated tools that provide continuous monitoring, real-time detection of anomalies, and immediate response to threats are essential for maintaining visibility and adapting to emerging risks. By implementing these measures, businesses can ensure that their security evolves in step with technological innovation. By staying ahead of emerging API security threats and best practices, organizations can protect sensitive business functions and ensure robust security as India’s digital ecosystem continues to expand.
