AI Boom Outpaces Security as API Risks Surge, Report Finds

A new report by Salt Security highlights a growing disconnect between rapid AI adoption and the security frameworks needed to support it, with most organizations struggling to secure increasingly complex API environments.

According to the company’s 1H 2026 State of AI and API Security report, 92% of organizations lack the maturity required to protect AI-driven systems. As enterprises deploy autonomous AI agents at scale, APIs – the backbone enabling these systems to act – have surged, with 66% of organizations reporting API growth of more than 50% in the past year.

This expansion is exposing critical vulnerabilities. Nearly half (47%) of organizations have delayed AI deployments due to API security concerns, while 32% reported at least one API-related security incident in the past year. At the same time, only 8% said they have advanced API security capabilities.

The report also points to a shift in the threat landscape: 99% of attacks now originate from authenticated sources, often involving rogue or poorly governed AI agents operating with legitimate credentials. Misconfigurations remain a key weakness, with 65% of attacks exploiting improperly secured APIs.

A lack of visibility is compounding the risk. Fewer than a quarter of organizations maintain a fully automated API inventory, while most rely on partial or manual tracking.

Salt Security argues that API security must now be treated as a core pillar of cybersecurity, as APIs increasingly underpin AI operations and account for the majority of web traffic.