Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

2022 Year-End API ThreatStats™ Report

This 2022 recap report looks back at the deteriorating API threat landscape, the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more to provide API security and DevOps teams the data-driven insights needed to improve API security in 2023.

Thanks for filling out the form!
The resource link will open in the new tab. If its not, please follow this link
Oops! Something went wrong while submitting the form.

One of the main take-aways is that the API threat landscape is becoming ever more dangerous. We make this assessment based on the 2022 data, and specifically these four trends:

  • Attack Growth. In 2022 we saw a huge increase in attacks against our customers’ APIs, which ballooned +197% from H1 to H2. Extrapolating to beyond our customers and it’s understandable that we’re reading about more and more API-related breaches.
  • CVE Growth. In 2022 we saw a big increase in API-related CVEs, growing +78% from H1 to H2. And while this growth has stabilized a bit over the past two (2) quarters, we do not see it getting any better in 2023.
  • Worsening Time-to-Exploit. From Q2-2022 when we started tracking this metric, we’ve seen a continued decline in the average time between a CVE being published and a related exploit POC being published – from about 58 days (Q2) to about four (4) days (Q3) to negative three (-3) days in Q4. Not only that, but the average zero-day exploit found in Q4 was released more than two months before the CVE is published.

The full report delves into this and several other areas in much greater detail. We also invite you to listen to our 2022 Year-End API ThreatStats™ webinar on-demand in which Ivan goes into greater detail on some of the most impactful API vulnerabilities seen in 2022.

Trusted by the world’s most innovative companies:

15 min

To unboard and view secutity results
“I needed cloud security tooling that could get me visibility fast. Wallarm answers all my visibility needs within minutes — across multiple clouds.”
Miro Logo


per year in const savings
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Rappi Logo


visibility into multi-cloud environments
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Dropbox Logo
Panasonic Logo
Victoria's Secret Logo
Miro Logo
Gannet Logo
Dropbox Logo
Rappi Logo
Wargaming Logo
Semrush Logo
Tipalti Logo
UZ Leuven Logo

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.