Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Q2-2023 API ThreatStats™ Report

In this comprehensive Q2-2023 report, we reflect on an intensified API threat landscape, underlining prevalent threat vectors, susceptible APIs, and new dimensions in the API security arena. With the inclusion of bug bounty analysis and our inaugural API Security Awards, this report provides granular insights into the current state of API security.

Thanks for filling out the form!
The resource link will open in the new tab. If its not, please follow this link
Oops! Something went wrong while submitting the form.

The data illustrates a worrying trend where API exploits are pervasive and increasingly sophisticated, affecting a range of industries this quarter. These exploits have been found in AI hardware by industry leaders like NVIDIA, in formidable hardware devices by Fortinet, in ubiquitous DevOps tools like Grafana, and even on major social platforms such as Reddit. The insights presented serve to equip API security and DevOps teams with the data-driven knowledge necessary to bolster API security throughout 2023 and beyond.Key findings from the report that demand immediate attention include:

  • A significant 63% of all HackerOne bug bounty rewards paid in the current year have been attributed to API security vulnerabilities, representing an expenditure of $26,490 in the last quarter alone.
  • The total number of unique API attacks has seen an unprecedented surge, witnessing a 60% increase year over year from Q2’22 to Q2’23.
  • The complexity and consistency of API attacks have also escalated dramatically. The average volume of malicious requests per API attack sequence has risen from 22 to 30 this quarter, up from just 5 in Q2’22.

Trusted by the world’s most innovative companies:

15 min

To unboard and view secutity results
“I needed cloud security tooling that could get me visibility fast. Wallarm answers all my visibility needs within minutes — across multiple clouds.”
Miro Logo


per year in const savings
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Rappi Logo


visibility into multi-cloud environments
“With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as a code approach.”
Dropbox Logo
Panasonic Logo
Victoria's Secret Logo
Miro Logo
Gannet Logo
Dropbox Logo
Rappi Logo
Wargaming Logo
Semrush Logo
Tipalti Logo
UZ Leuven Logo

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.