Global survey reveals rising AI threats & costly API security gaps
The findings were published in Radware's 2025 Cyber Survey: Application Security at a Breaking Point. The report documents a variety of threat areas that are growing more prevalent as organisations' security defences fall behind accelerating risks, particularly those involving AI, APIs, and business logic attacks.
AI threats
According to the survey, the increasing use of AI by malicious actors is causing a spike in cybersecurity concerns. Many organisations are particularly worried about hackers using AI to develop and refine attack tools, generate higher volumes of cyberattack traffic, and produce new vectors for zero-day attacks.
The survey found 70% of respondents are highly or extremely concerned about hackers using AI to create or improve hacking tools. Similarly, 67% expressed strong concern about the potential for AI to generate a larger volume of attacks, and 66% feared the role of AI in launching new zero-day attack vectors.
Despite these concerns, there is little uptake of AI-based protection measures; only 8% of surveyed organisations reported using AI-driven security solutions. However, a significant shift in adoption is anticipated, with four out of five organisations planning to implement AI-based cybersecurity solutions within the next year. "The weaponisation of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected," said Shira Sagiv, Radware's Vice President of Product Portfolio. "Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure."
API vulnerabilities
The survey also points to continued vulnerability in the management of APIs, which are increasingly in use by organisations but often ill-protected. Between 2023 and 2025, API usage has risen by 42%, with the frequency of daily API updates multiplying sixfold during the same period.
On average, organisations are integrating 19 third-party APIs per application, a practice that introduces new risks involving data exposure and potential compromise that are not easily solved at the coding stage.
Business logic attacks, a frequent variant of API attacks, were also noted as a mounting risk. While 81% of respondents said having real-time protection measures for business logic attacks is very or extremely important, only 50% had actually deployed runtime business logic protections. Furthermore, only 29% of security staff are fully trained to detect and manage these types of attacks.
Documentation and audit processes are also lagging. Only 6% of respondents have full documentation for all of their APIs, which poses an additional challenge for maintaining visibility and control. Additionally, half of those surveyed reported not knowing what third-party code is being used by their web applications, where sensitive data may be leaked to external services, or at what points malicious scripts and services are introduced into their systems.
Operational and compliance pressures
Other findings indicate growing concerns over resilience and regulatory compliance. Only 16% of respondents are confident in their protection against data breach attempts involving third-party code running on web applications. The commercial impact of attacks remains high, with downtime due to distributed denial of service (DDoS) attacks costing organisations an average of USD $6,100 per minute—equivalent to USD $366,000 per hour.
Compliance with numerous international regulations continues to place heavy demands on organisations. An average of 54% surveyed said they have high or extreme concern about compliance obligations spanning NIS2, HIPAA, SEC regulations, PCI DSS 4, GDPR, DORA, and SOX.
Survey methodology
The survey, conducted in partnership with Osterman Research, collected responses from a range of professionals including compliance, risk and data privacy officers, vice presidents of research and development, network security administrators, and API architects. Participants were drawn from nine countries located in North America, EMEA, APAC, and LATAM regions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
9 hours ago
- Techday NZ
Skills AI-driven shops want to see in developers
Architectural and system design thinking (problem-solving and critical thinking) As AI becomes more capable of generating code, developers should be both skilled code writers and strategic architects who focus on upfront design and system-level thinking. System architecture skills have become significantly more valuable because AI tools require proper structure, context, and guidance to generate quality code that delivers business value. Effective AI interaction, the critical validation of AI-generated outputs, and the debugging of AI-specific error patterns necessitate strong, continuously updated technical and coding foundations. Senior engineers now spend their time defining how systems connect to subsystems, establishing business logic, and building high-context environments for AI tools. Developers become orchestrators of the code, versus only the writers of the code—doing analysis and planning on the front end, then reviewing outputs to ensure they don't create technical debt. Well-engineered prompts mirror systems architecture documentation, containing clear functionality statements, domain expertise, and explicit constraints that produce predictable AI outputs. AI communication and context management (communication and collaboration) Working effectively with AI requires sophisticated communication skills that dramatically influence output quality. Developers must become proficient in the art of framing problems, providing appropriate context, and structuring interactions with AI systems. This skill becomes critical as teams transition from using AI tools to orchestrating complex AI-driven workflows across the development lifecycle. Modern prompt engineering focuses on designing process-oriented thinking that guides AI through complex tasks by defining clear goals, establishing constraints, and creating effective interaction rules. Developers must understand how to provide sufficient context without overwhelming AI systems and learn to iterate on feedback across multiple cycles. As AI agents increasingly participate in software development, teams must architect these interactions strategically, breaking complex problems into manageable chunks and building contextual workflows that align with business objectives. Ensuring quality & security (adaptability and continuous learning) As AI takes a more proactive role in software development, companies should develop specialised QA processes tailored to the unique error patterns and risks of AI-generated code. This should include validating AI reasoning processes, employing adversarial testing for both prompts and code, leveraging formal methods for critical components where appropriate, and implementing advanced, defense-in-depth prompt security measures. Organisations are responding by implementing "prompt security" practices to prevent injection attacks and establishing specialised review processes for AI-generated code. They're creating adversarial testing frameworks that deliberately challenge AI outputs with unusual inputs while maintaining human oversight at critical decision points. This represents a fundamental evolution from traditional debugging approaches to validating AI reasoning processes and ensuring business logic alignment—a necessary adaptation as AI becomes more autonomous in software development workflows. Follow us on: Share on:
Techday NZ
9 hours ago
- Techday NZ
GenAI adoption surges in healthcare but security hurdles remain
Ninety-nine percent of healthcare organisations are now making use of generative artificial intelligence (GenAI), according to new global research from Nutanix, but almost all say they face challenges in data security and scaling these technologies to production. The findings are drawn from the seventh annual Healthcare Enterprise Cloud Index (ECI) report by Nutanix, which surveyed 1,500 IT and engineering decision-makers across multiple industries and regions, including the healthcare sector. The research highlights both rapid uptake of GenAI in healthcare settings and significant ongoing barriers around infrastructure and privacy. GenAI use widespread, but risks loom Among healthcare organisations surveyed, a striking 99% said they are currently leveraging GenAI applications or workloads, such as AI-powered chatbots, code co-pilots and tools for clinical development automation. This sector now leads all other industries in GenAI adoption, the report found. However, nearly as many respondents—96%—admitted their existing data security and governance were not robust enough to support GenAI at scale. Additionally, 99% say scaling from pilot or development to production remains a serious challenge, with integration into existing IT systems cited as the most significant barrier to wider deployment. "In healthcare, every decision we make has a direct impact on patient outcomes - including how we evolve our technology stack," said Jon Edwards, Director IS Infrastructure Engineering at Legacy Health. "We took a close look at how to integrate GenAI responsibly, and that meant investing in infrastructure that supports long-term innovation without compromising on data privacy or security. We're committed to modernising our systems to deliver better care, drive efficiency, and uphold the trust that patients place in us." Patient data privacy and security concerns underpin much of this hesitation. The number one challenge flagged by healthcare leaders is the task of integrating GenAI with legacy IT infrastructure (79%), followed by the continued existence of data silos (65%) and ongoing obstacles in developing cloud-native applications and containers (59%). Infrastructure modernisation lags adoption The report stresses that while GenAI uptake is high, inadequate IT modernisation could impede progress. Scaling modern applications such as GenAI requires updated infrastructure solutions capable of handling complex data security, integrity, and resilience demands. Respondents overwhelmingly agree more must be done in this area. Key findings also indicate that improving foundational data security and governance will remain an ongoing priority. Ninety-six percent agree their organisations could still improve the security of their GenAI models and applications, while fears around using large language models (LLMs)—especially with sensitive healthcare data—are prevalent. Scott Ragsdale, Senior Director, Sales - Healthcare & SLED at Nutanix, described the recent surge in GenAI adoption as a departure from healthcare's traditional technology adoption timeline. "While healthcare has typically been slower to adopt new technologies, we've seen a significant uptick in the adoption of GenAI, much of this likely due to the ease of access to GenAI applications and tools. Even with such large adoption rates by organisations, there continue to be concerns given the importance of protecting healthcare data. Although all organisations surveyed are using GenAI in some capacity, we'll likely see more widespread adoption within those organisations as concerns around privacy and security are resolved." Nearly all healthcare respondents (99%) acknowledge difficulties in moving GenAI workloads to production, driven chiefly by the challenge of integrating with existing systems. This indicates that, despite wide experimentation and early deployments, many organisations remain cautious about full-scale rollouts. Containers and cloud-native trends In addition to GenAI, the survey found a rapid expansion in the use of application containerisation and Kubernetes deployments across healthcare. Ninety-nine percent of respondents said they are at least in the process of containerising applications, and 92% note distinct benefits from cloud-native application adoption, such as improved agility and security. Container-based infrastructure is viewed as crucial for enabling secure, seamless access to both patient and business data over hybrid and multicloud environments. As a result, many healthcare IT decision-makers are expected to prioritise modern deployment strategies involving containers for both new and existing workloads. Respondents continue to see GenAI as a path towards improved productivity, automation and efficiency, with major use cases involving customer support chatbots, experience solutions, and code generation tools. Yet, the sector remains grappling with the challenges of scale, security, and complexity inherent to these new technologies. The Nutanix study was conducted by Vanson Bourne in Autumn 2024 and included perspectives from across the Americas, EMEA and Asia-Pacific-Japan.
Techday NZ
11 hours ago
- Techday NZ
Swyftx acquires Caleb & Brown to target wealthy US investors
Swyftx has entered into an agreement to acquire US-based crypto brokerage Caleb & Brown in a move targeting high-net-worth investors in the United States. The acquisition follows Swyftx's earlier purchase of New Zealand crypto exchange Easy Crypto, as the group continues its recent expansion across markets in Australasia, North America, and beyond. Major acquisition According to Swyftx, the transaction constitutes the largest crypto acquisition in Australasian history and signals the group's ambition to address the needs of affluent digital asset investors, particularly in the United States, where the company seeks to access the world's largest crypto market. Jason Titman, Chief Executive Officer of Swyftx, highlighted the strategic nature of the acquisition and noted its intended impact on both the US and New Zealand markets. He said high-value customers currently represent approximately 30 percent of Easy Crypto's user base in New Zealand, but are responsible for about three-quarters of total trading volumes. Titman reported a significant increase in high-net-worth activity: "Titman says they have recorded a 25 percent increase in wealthier clients over the past year, signalling strong and growing demand for tailored crypto services." "What we know about this segment of the market is that they're often older, looking for more than just low fees and they're not interested in crypto's meme-culture. "Many of them are business owners or professional investors who are used to personalised financial services. This acquisition gives us the platform and expertise to meet those expectations. "Caleb & Brown has quietly established one of the most impressive brokerage offerings in the world, with a heavily differentiated private client service. We see enormous growth potential. "Swyftx has the resources to build on Caleb & Brown's competitive advantages and peel off high net worth clients from the largest exchanges. There are polished and well-respected platforms operating in the US but a lot of the new breed of wealthy investors want a service that is ultra client-centric, with round-the-clock access to broker expertise. It is the kind of relationship management they get in traditional finance. "Over the next couple of years, we'll look to significantly grow Caleb & Brown's network of relationship managers so that we can target more wealthy clients from the big US exchanges on their home turf. We see this as an underserved market," he says. Expanding global reach Titman described the deal as "the largest crypto acquisition in ANZ history" and said that it "gives Swyftx access to the world's leading digital assets market at a time when the US has sought to position itself as the 'crypto capital of the planet'. The US currently accounts for around a quarter of all global trade volumes in cryptocurrency." Swyftx has expanded significantly in recent years, now serving over 1.2 million customers across the group. The acquisition of Caleb & Brown will extend Swyftx's reach to Australia, New Zealand, South Africa, and the United States, with the group projected to employ just under 300 staff members upon deal completion. Caleb & Brown background Caleb & Brown, established by Rupert Hackett and Dr Prash Puspanathan in 2016, provides crypto brokerage, asset management, and research services to private clients across the US and Australia. The company reportedly oversees over AUD $2 billion in digital assets and employs 64 team members between Australia and the United States under the leadership of Equal Partner and Chief Executive Officer, Jackson Zeng. Zeng commented on the significance of the acquisition and its alignment with the company's approach to client service: "We're excited to join the Swyftx Group. It is the fastest-growing exchange in the ANZ region and shares our client-centric approach." "This deal is a testament to the strength of our brokerage and its differentiated offering. Swyftx has the resources to help us scale faster, diversify our product offering and expand our geographic reach," he says. The acquisition places Swyftx among the largest players in the region's digital asset brokerage sector, with strengthened capabilities to serve high-net-worth individuals seeking bespoke crypto services across multiple continents. Follow us on: Share on:
