There’s been an alarming surge in API-based cyberattacks during the first half of 2025, with researchers from Thales observing more than 40,000 such incidents across 4,000 monitored environments since the start of the year.
APIs are becoming the preferred attack vector of cybercriminals because they can be fully automated, meaning that attackers can execute millions of malicious requests with ease. The attacks in question are often highly sophisticated in nature, and thus, harder to detect and deter.
Security experts face an unprecedented challenge. In 2025, the threat landscape is constantly shifting, with bad actors deploying new and increasingly complex methods to dupe unsuspecting businesses and individuals. And with most institutions woefully underprepared for this worsening situation, things could get a lot worse before they start getting better.
