Get the New State of AI & API Security Report (H1 2026)
The State of AI and API Security: Navigating the Agentic Era.

AI and API Security Trends 2026 (H1)

The H1 2026 State of AI and API Security report examines how companies are securing AI and APIs, the challenges they face, and how their API security strategies are evolving in the Agentic AI Era.

Download the report

By how much has the number of APIs increased over the past 12 months?

Chart showing how much APIs have increased.

AI is reliant on APIs, which are becoming the execution layer for AI systems

The number of APIs in use in organisations today have exploded, with two-thirds (66%) reporting growth of over 50% in the last year.

However, as organizations scale AI-driven automation, security is failing to keep pace, creating what Salt defines as the Agentic Security Gap.

The security of modern AI environments now requires visibility and control across the entire agentic stack, not just individual APIs.

How confident are you in your organization's ability to detect and respond to attacks leveraging Generative AI?

Only 18% of respondents are very confident about detecting Gen AI attacks.

AI adoption is accelerating and security is falling behind

79% of boards and executive teams have increased scrutiny of AI security risks, yet only 18% are extremely confident in their ability to detect attacks leveraging Generative AI, a confidence gap that reflects the inadequacy of legacy tools in agentic environments.

How do you compare?

Check out our H1 2026 State of AI and API Security Report to find out.

Download the report

Does your organization use Generative AI o develop APIs?

69% of respondents do use Gen AI to develop APIs.

Gen AI is being utilized in API production at an increasing rate

Nearly 90% of organizations are already using or planning to use GenAI in API development, introducing new security risks into the software lifecycle.

Attack attempts leveraging the OWASP API Security Top 10 vs. other attack types

78% of attack attempts are leveraging the OWASP API Security Top 10 list.

Attackers are following the OWASP Top 10. Are you?

The OWASP API Security Top 10 is a crucial resource for professionals working in API security, and it highlights the most common and high-risk vulnerabilities that attackers exploit.

A large percentage of API attacks target these well-known weaknesses. 78% of attack attempts leverage one of more of OWASP API Top 10 methods.

In the past 12 months, what security problems have you found in production APIs? (Pick all that apply)

The top 3 issues are vulnerability, data leaks, authentication problems.

The stark reality of API risks

API Security incidents are common, but they shouldn’t be. 32% of organizations experienced an API security incident in the past year and 47% delayed application deployment due to API security concerns.

There were common security issues discovered in production APIs such as Sensitive data exposure (44%), Vulnerabilities (43%), Authentication problems (41%), and Credential stuffing/brute force attacks (27%).

These incidents demonstrate that API security directly impacts business continuity and innovation velocity.

Attack attempts from authenticated vs. unauthenticated attackers

99% of attack attempts come from authenticated users.

A quick look into attack attempts, as analyzed by Salt Labs

Nearly all (99%) of attack attempts analyzed by Salt Labs originate from authenticated sources, increasingly rogue agents operating with legitimate credentials but no human oversight, no rate limiting, and no behavioral guardrails.

Download the full report now

Get an in-depth analysis on the concerns, risks, and trends around AI & API security.

Download the report