FireTail API Security Report: 2023 On Track for Record Year Of API Breaches

Research uncovers critical insights on the root causes of API breaches and incidents, bolstering FireTail’s approach to securing the APIs that enable our digital lives


McLean, Va. May 10, 2023FireTail Inc., a disruptor in API security, today published The State of APIs and API Security in 2023, a comprehensive analysis of significant API breaches and incidents over the last decade. The report underscores how API breaches increasingly impact the digital security of individuals and organizations on a massive scale.

As the world becomes increasingly interconnected, the demand for secure and reliable APIs has never been greater. Over 83% of internet traffic today is API calls, and that percentage is expected to increase over the coming years. Take for example the common use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant, the coordination of delivery and processing of payments, this multi-party transaction includes at least four third-party providers and a high volume of sensitive data shared between them. As seen in FireTail’s research, the proliferation of APIs offers malicious actors a variety of attack vectors.


Key findings of the report include: 

  • The top two highest-impact breach vectors for API breaches are authorization (135 million records, 28% of all records breached) and authentication (105 million records, 22% of all records breached).
  • 2023 is on track to be a record year of API breaches, with disclosures in the first two months of the year alone having a potential impact of 49 million records.
  • Over 500 million records have been exposed or are at-risk from APIs.
  • Most API breaches involve two or more problems/missteps by an organization, meaning it’s usually not just a configuration issue that causes a breach.


To help organizations address these growing threats and secure their APIs, FireTail offers a unique hybrid approach to API security. The open-source library gives any developer, anywhere, free and unfettered access to the FireTail code library for enforcing API security at runtime. While the SaaS platform bridges the gap between application teams and security teams by offering real-time visibility, high-fidelity detections, and integrations with key SecOps tools.

In response to the challenge of protecting APIs that can be directly exposed to the internet, behind firewalls or web application firewalls (WAFs), API gateways, proxies or a combination of those tools, FireTail’s unique logging capabilities provide auditability, observability and monitoring in a single package.

“FireTail is the only API security company with an application layer technology to block and track the top API attack vectors in real-time. Our capabilities to analyze call and response data in API logs also provides much clearer breach analysis, leading to stronger preventative security and more rapid and accurate incident response,” said Jeremy Snyder, Founder and CEO of FireTail. “We are pleased to continue differentiating our approach to securing APIs, and to officially release our API security research. Our digital lives are only secure if our APIs are secure, and breaches from the past 10 years show us a clear problem set that needs to be addressed.”

Most recently, FireTail added three new programming languages to their platform’s open-source application library: JavaScript, Ruby, and Go Language (GoLang). Designed to support the most common frameworks used to build modern, API-first applications, FireTail’s enhanced coverage for programming languages offers developers more flexibility for their workloads across diverse API environments. Additionally, FireTail now provides centralized API logging with support for both on-premises and cloud-based APIs.

For more information about FireTail’s API security platform, and to request early access for upcoming feature launches including API authorization and permission validation services, please visit FireTail will also be at Infosecurity Europe in London from June 20-22, 2023. Meet the team at Stand U57 for a demo, or attend FireTail’s talk, “APIs: The threat vector that connects us all, and where traditional security fails.”


About FireTail

FireTail engineered a hybrid approach to API security: an open-source library that protects programmable interfaces with inline API call evaluation and blocking, cloud-based API security posture management, centralized audit trail, and detection and response capabilities. FireTail is the only company offering these capabilities together, ultimately helping organizations eliminate API vulnerabilities from their applications and providing runtime API protection.

FireTail is headquartered in Washington, DC, with additional offices in Dublin, Ireland and Helsinki, Finland. FireTail is backed by leading investors, including Paladin Capital, Zscaler, General Advance and SecureOctane.