{“lastseen”:”2025-12-08T12:05:12″,”description”:”As the year draws to a close, it\u2019s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect. \\n\\nIf 2024 was about laying the groundwork (tracking API sessions to understand behavioral attacks), then 2025 was the year we built upon that foundation, turning insight into action and visibility into measurable business impact.\\n\\n## API Sessions: From Observation to Action\\n\\nWe started the API sessions journey with a simple observation. Attacks are not just isolated requests; they\u2019re patterns, behaviors, and sequences that we see unfold over time. In 2025, we took that insight further. We made sessions smarter, allowing teams to see not just the traffic, but also who was behind it. \\n\\nNow, sessions can be tied to specific users and roles, a great feature that makes it possible to detect subtle account takeover attempts. By understanding who is behind a session, security teams can root out anomalies that indicate account takeover attempts.\\n\\nWe also introduced new API Abuse detectors targeting IP rotations, session rotations, low-frequency credential stuffing, and unusual response times. This meant detecting not only the loud, obvious attacks but also the subtle, sophisticated campaigns that can slip through traditional defenses.\\n\\nDetection, however, is only half the battle. In the second half of 2025, we introduced the ability to block API sessions in real-time. IP-based blocking can be a blunt tool, often catching legitimate users in the crossfire. Blocking individual requests helps mitigate one-off attacks, but it falls short when threats span multiple interactions. \\n\\nSession-based blocking changes this by zeroing in on the malicious session itself. The result is that behavioral attacks are blocked, and legitimate traffic isn\u2019t.\\n\\n## Streamlined Visibility: Finding What Matters\\n\\nSecurity only works when you can see what\u2019s happening. This year, we gave the API Sessions interface a major upgrade. Sessions load faster, filters let you focus on what matters, columns can be sorted, and less-used details can be tucked away (but not lost). \\n\\nIntelligent linking also makes it easy to jump between related data. When attacks are detected, they\u2019re front and center, giving analysts the context they need to act without wasting time.\\n\\n## Account Takeover Detection: Smarter ML, Smarter Protection\\n\\nAccount takeover remains a persistent threat. To address this, we introduced two new machine learning detectors: IP rotation and session rotation. These detectors analyze patterns across multiple IPs or session identifiers, flagging anomalies that traditional defenses miss. \\n\\nBy correlating this intelligence with session data, security teams can identify automated attacks before they escalate.\\n\\n## Protecting Business: Sensitive Flows and Revenue\\n\\nSecurity doesn\u2019t exist in a vacuum; the objective is to protect the business. That\u2019s why this year we rolled out Sensitive Business Flow (SBF) Identification and Advanced User Attribution. Critical API endpoints (things like authentication, billing, and account management) can now be automatically tagged and monitored. \\n\\nSecurity teams can focus on the most critical things, protecting both the systems and the revenue those APIs drive. \\n\\nBuilding on that, 2025 also brought the industry\u2019s first API Revenue Protection. Security is essential, but equally so is understanding the business impact. By analyzing transactions in real-time, Wallarm can identify which revenue is at risk, detect fraud or abuse, and stop attacks before they hit a business\u2019s bottom line. \\n\\nThis is beneficial for CISOs, as they can now measure security decisions in terms of risk mitigation and dollars protected, representing a tangible shift from defense to business value.\\n\\n## Securing AI Agents: The Agentic AI Frontier\\n\\nThis year\u2019s news has been flooded with stories about how the rise of AI introduces a slew of new attack surfaces. Agentic AI Protection, which we released this year, defends autonomous systems from prompt injection, jailbreaks, and manipulation attempts. \\n\\nAI agents interact through APIs, and our research revealed that these are often exposed and vulnerable. By monitoring both incoming queries and outgoing responses, Wallarm protects AI-driven workflows in real time, giving businesses the confidence to innovate without worrying about exposing themselves to new threats.\\n\\nWe also debuted a penetration testing service for Agentic AI, helping teams proactively identify vulnerabilities in their autonomous systems. Between API Revenue Protection and AI agent security, 2025 puts us firmly in the intersection of cybersecurity and business outcomes.\\n\\n## Shift-Left Security: Schema-Based Testing for APIs\\n\\nSecurity starts earlier in the development lifecycle. Schema-Based Testing, part of the Wallarm Security Testing suite, adopts a shift left approach, enabling teams to integrate DAST for APIs directly into CI\/CD pipelines. \\n\\nFrom OWASP API Top 10 risks to business logic flaws like BOLA, testing is fast, automated, and context-aware. By catching issues before deployment, companies can limit the risk of expensive post-production fixes, a lesson highlighted in our API ThreatStats report, which noted that 20% more API vulnerabilities were identified in Q3 2025 alone.\\n\\n## 2026 and Beyond: Security with Context\\n\\nLooking ahead, the gap between security tools and how the business actually runs needs to close for good. In 2026, we\u2019re moving beyond just analyzing traffic. Security will actually understand what\u2019s happening, which APIs drive revenue, what users are trying to do, and which systems are truly critical in that moment.\\n\\nWe are building toward protection that naturally fits with what matters to businesses. We want to eliminate the tagging marathons and endless configurations with automatic mapping of APIs to revenue, understanding the workflows that build customer trust, and putting the right controls in the right places without the heavy lifting. \\n\\nAs AI agents begin to take on more work themselves, we\u2019re expanding protection to cover entire agentic workflows end-to-end, rather than isolated API calls. Threat actors are already picking at security\u2019s seams: the handoffs, the gaps, the trust boundaries between systems. We aim to stay a step ahead of them. \\n\\nThe bar is rising. Detect-and-block is not enough anymore. Security must keep the business moving, protect the revenue-generating assets, and provide leaders with clarity on risk in terms they actually care about. That\u2019s the standard we are setting. \\n\\nAPIs are the backbone of digital business, and AI is the engine. In 2026, Wallarm will be the context that ties these together, the intelligence that keeps them resilient, and the protection that lets businesses innovate with confidence.\\n\\nThe post 2025 in Review: A Year of Smarter, Context-Aware API Security appeared first on Wallarm.”,”published”:”2025-12-08T12:00:00″,”modified”:”2025-12-08T12:00:00″,”type”:”wallarmlab”,”title”:”2025 in Review: A Year of Smarter, Context-Aware API Security”,”source”:””,”references”:””,”id”:”WALLARMLAB:2167B703ADB21D8A42E10C14B3861A00″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/lab.wallarm.com\/2025-in-review-a-year-of-smarter-context-aware-api-security\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-08T12:05:12″,”description”:”As the year draws to a close, it\u2019s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,5,105],"class_list":["post-29290","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-wallarmlab"],"yoast_head":"\n