The infographic reports that in the first half of 2022, analysis of 20B+ transactions found APIs and bots are tightly linked, with 16.7B malicious transactions observed and shadow APIs the top attack vector: about 31% (roughly 5B) targeted unknown, unmanaged, unprotected APIs, driven by weak inventory and publication practices (OWASP API9). It expands beyond OWASP Top 10 to “API10+” abuse, where perfectly coded APIs are still exploited for outcomes like shopping bots (3B blocked requests), malicious gift card checks (290M), fake account creation (237M), and comment spam (37M). It also highlights ATO mitigation saving $193M by mitigating 1.17B attempts and protecting 11.7M accounts, plus partner-ecosystem credential stuffing with 50M+ malicious requests, arguing for continuous discovery, co

Join for free to read