APIs allow an organization’s developers to build with efficiency, in a profession where speed is nonnegotiable. However, while APIs  are developer-friendly — and key for the interoperability of software and data assets — API security has not kept pace with the speed of innovation. Eighty-four percent of organizations have experienced an API security incident in the past 12 months, up from 78% in 2023.1 In part, this is because APIs also provide efficiency for attackers.Many APIs are built with misconfigurations, coding errors, and a lack of authentication controls. As a result, an API attack can be quite simple to conduct and a direct way to steal data. And when it comes to data, only 27% of enterprises with full API inventories know which APIs return sensitive data, from customer data to intellectual property — down from 40% in 2023.2 With attacks up and visibility down, enterprises need a way to assess and improve their API security posture.