Beyond the Breaking Point: Strategies for Application Security in the Age of AI

By Erik Linask, Group Editorial Director | June 13, 2025

In today's interconnected and digitally driven world, businesses have to pay more attention to application security than ever. It’s not simply a recommendation, but a but a critical imperative for organizational survival. As businesses increasingly rely on web and mobile applications for everything from customer interactions and e-commerce to internal operations and data management, these applications become prime targets for cyberattacks.

Radware’s “2025 Cyber Survey,” aptly subtitled “Application Security (News - Alert) at a Breaking Point,” underscores this reality, showing that more than half of organizations already experience a range of attacks against their applications monthly or more frequently, with bot, API, and application attacks leading the charge. This constant barrage of threats (which shouldn’t be news to anyone) highlights that any weakness in application security can directly translate into significant financial losses, reputational damage, and operational disruptions.

The financial ramifications are substantial, but beyond immediate monetary losses from downtime and remediation, breaches can lead to regulatory fines, legal liabilities, and a drastic erosion of customer trust.

Then, you’ve got an evolving threat landscape that now includes the weaponization of AI by threat actors, making robust application security more critical than ever. AI can be used to rapidly develop new threats, create new zero-day attack vectors, and generate a larger volume of cyberattacks, making traditional, static defenses less effective. An accelerated attack cadence means organizations must adopt proactive and intelligent security measures to identify and mitigate threats.

There’s also a growing concern about the theft of customer data through compromised third-party APIs^,which can have long-lasting negative impacts on a brand's reputation and customer loyalty – for both the breached organization and the third-party vendor. The widespread use of third-party APIs further complicates security, since businesses may not have sufficient visibility into the code used by these API developers, creating blind spots that attackers can exploit.

Here are a few key findings from Radware’s (News - Alert) report.

AI-Powered Cyberthreats are a Major Concern

The emergence of weaponized AI is a significant concern, leading to decreased confidence in existing application security measures and threatening a new wave of attacks. Organizations are particularly concerned about AI’s ability to rapidly develop new threats, inadequate technical protections against new threats, and shortened attack timelines. For example, 44% of organizations are highly concerned and 26% extremely concerned about hackers using AI tools to create and/or improve hacking attack tools. Frankly, it’s a little surprising that the remaining that the remaining 30% don’t see AI-driven attacks as a serious threat.

Additionally, 40% are highly concerned and 27% extremely concerned about hackers using AI tools to generate a larger volume of cyberattacks.

The combination of these two is notably relevant – more frequent AND more complex attacks should worry every organization. As the accessibility and sophistication of AI tools continue to grow, it becomes easier for malicious actors to craft advanced and evasive attacks.

Applications Under Relentless Attack

More than half of organizations already experience a range of attacks against their applications monthly or more frequently, led by bot, API, and application attacks. In fact, 15% of organizations face bot attacks daily, and it’s likely that AI usage by threat actors will cause that number to grow.

Across the five attack types surveyed (bot, API, application, API business logic, and DDoS), threat actors aim to disrupt normal application functioning, corrupt application safeguards, and exploit business logic for malicious purposes. This underscores the constant pressure businesses are under to secure their applications. Again, the emergence of AI as a threat tool doesn’t make things easier. Hopefully, AI built into cybersecurity solutions and development tools can help counter the use of AI by threat actors.

API Vulnerabilities Exploited by New Attacks

APIs are constantly changing, and only a few organizations maintain up-to-date documentation on their APIs. On average, only 6.1% of respondents have full documentation for all their APIs. This, of course, is a problem, especially considering the emergence of new threats against APIs, such as business logic attacks, which most respondents (86%) have seen during the past year. Given the pervasive integration of APIs in modern applications, these vulnerabilities represent a critical attack surface that businesses must address: 86% of organizations use 11 or more APIs per app.

Disruptive and Costly Application DDoS Attacks

Application DDoS protection failures and attacks are causing significant disruptions. On average, downtime due to an application DDoS attack costs $6,106 per minute – or $366,345 per hour. There is also significant concern about DDoS attacks that would make their web apps unavailable (69%). The financial implications alone make this a pressing issue for businesses, highlighting the need for robust DDoS mitigation strategies.

Insufficient Visibility into Third-Party Code

Nearly half of organizations (48%) lack sufficient visibility into the third-party code used by their web apps that may compromise customer data and activity. This includes not knowing what code is being used (51%), active threats (50%), the presence of malicious scripts and services (50%), and when third-party code is updated (44%). This lack of visibility is a fundamental problem that hinders proactive mitigation efforts. As supply chain attacks become more common, understanding and securing third-party code is paramount for maintaining overall application security.

What Businesses Can Do

To overcome these challenges and better protect their applications and, by extension, their entire business, including customers, businesses can look to several options (which are by no means mutually exclusive).

Not surprisingly, most organizations (81%) are embracing AI and have their sights set on AI-based cybersecurity solutions within the next year. This clearly a priority, considering these solutions can help detect and respond to evolving AI threats more effectively in the new AI vs. AI war. What’s interesting is that, as noted above, only 70% see AI as a serious threat in terms of creating or enhancing attack methods, so even some of those who don’t will be better prepared for that inevitability.

While AI will undoubtedly be a beneficial tool, we know there’s a human factor involved, too, and only 29% of organizations feel their security staff is highly trained and fully aware of how to identify and mitigate business logic attacks. So, it’s clear businesses need to invest in training their security teams – not just once, but on an ongoing basis – to ensure they are a weak point in their security postures. Automation tools can also be useful for improving response times and mitigating human error.

Other places companies can look for improving their application security include:

Strengthening API Security Posture: This should include prioritizing complete and up-to-date API documentation and implementing real-time protection measures for business logic attacks. So far, only 51% of companies have deployed runtime business logic protections – despite 81% saying it is very or extremely important to have such measures in place.
Improving visibility into third-party services: Businesses must gain better visibility into the third-party code and APIs embedded in their applications. This includes understanding what code is being used, active threats, and malicious scripts to prevent data compromise and theft of customer information. Naturally, this requires collaboration from the API developers, but that should be a common-sense exercise, as both parties are at risk from threats.
Investing in robust DDoS protection: Organizations need to enhance their defenses against application DDoS attacks to minimize downtime and disruption. Quantifying the financial impact of downtime can help prioritize these investments for decision-makers.
Prioritizing compliance: With an average of 54.3% of respondents expressing high or extreme concern about a range of regulations and the compliance posture at their organization, businesses should take care to ensure they are meeting compliance requirements to avoid penalties and build trust. Furthermore, by validating their compliance, they are also verifying their security mechanisms.

Here’s the thing: Digital trust is paramount, and a lapse in application security ill have far-reaching implications, well beyond just the balance sheet. It’s not a risk any business should be willing to take and, knowing their success today hinges on applications – and application security – investing in robust and comprehensive solutions and taking appropriate steps to mitigate risk is a no-brainer.

Edited by Erik Linask

Get stories like this delivered straight to your inbox. [Free eNews Subscription]

» Recent Table of Contents

FEATURED WHITEPAPER

TROUBLESHOOTING MICROSOFT 365 END-TO-END: Creating Actionable Insight Through User Experience and Service Monitoring

If your organization is among the 115M daily Microsoft Teams users or generally relies on the Microsoft 365 platform, it's safe to say that anytime a performance or service delivery issue arises, the impact on productivity and profitability is material. [DOWNLOAD NOW]