In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.

The data illustrates a worrying trend where API exploits are pervasive and increasingly sophisticated, affecting a range of industries this quarter. These exploits have been found in AI hardware by industry leaders like NVIDIA, in formidable hardware devices by Fortinet, in ubiquitous DevOps tools like Grafana, and even on major social platforms such as Reddit. The insights presented serve to equip API security and DevOps teams with the data-driven knowledge necessary to bolster API security throughout 2023 and beyond.Key findings from the report that demand immediate attention include:

• A significant 63% of all HackerOne bug bounty rewards paid in the current year have been attributed to API security vulnerabilities, representing an expenditure of $26,490 in the last quarter alone.
• The total number of unique API attacks has seen an unprecedented surge, witnessing a 60% increase year over year from Q2’22 to Q2’23.
• The complexity and consistency of API attacks have also escalated dramatically. The average volume of malicious requests per API attack sequence has risen from 22 to 30 this quarter, up from just 5 in Q2’22.