State of Application Security – H1 2025

Overview:

Cyberattacks against websites and APIs surged in the first half of 2025, with attackers shifting from broad automation to highly targeted exploits. Powered by AI and LLMs, attackers are focusing more on vulnerabilities and APIs, leaving organizations with mounting risks.

The State of Application Security – H1 2025 report, analyzing 1,400+ applications across diverse industries worldwide, highlights the sharp rise in attacks and evolving tactics that are reshaping today’s cyber threat landscape.

Key Takeaways :

4.8 billion attacks witnessed across 1400 sites
3.48 million attacks witnessed per application
API attacks grew 104% in H1 2025 vs H1 2024
APIs are highly targeted for DDoS
Website vulnerability attacks grew 27%, with custom rule mitigations up 47%
64 million bot attacks as 90% of sites witnessed a bot attack
US per app ROI: $5.1M–$14.32M per app (including $56K–$57K in operational savings)

Web apps, APIs, and AI systems. Protected from day one. Autonomously.

OWASP Top 10 protection from day one. Zero false positives, guaranteed. Vulnerabilities discovered and patched at the edge. Experts verify enforcement before policies go live. 24x7 managed services included.

✓ Gartner Customers' Choice 4 years running 100% customer recommendation rate

No credit card required

State of Application Security – H1 2025

Overview:

Key Takeaways :

Web apps, APIs, and AI systems. Protected from day one. Autonomously.