PRESS RELEASE

Futurum Research Finds API and AI Risks Top Application Security Concerns

Austin, Texas, USA, April 23, 2026

Organizations Grapple with a Broad Spectrum of Application Threats as Innovation Outpaces Traditional Security Frameworks

New research from Futurum Intelligence reveals that while artificial intelligence (AI) is a critical priority for modern enterprises, the challenges facing application security teams are increasingly diverse. Findings from the 2H 2025 Cybersecurity Decision Maker Survey indicate that security leaders are balancing the need to secure emerging AI workloads with long-standing requirements for API governance and the complexities of cloud-native environments.

The study highlights that API security and governance remain the most significant hurdles, followed closely by the management of risks associated with Generative AI and agentic flows. This suggests that as organizations decentralize their application architectures, the interfaces connecting them have become primary points of vulnerability.

Figure 1: Top 5 Key Challenges in Application Security

Futurum Research Finds API and AI Risks Top Application Security Concerns

Beyond the AI Hype: The Breadth of Modern AppSec

The data underscores a strategic tension for security organizations. While the rapid adoption of AI and machine learning (ML) has introduced numerous complex threat vectors, such as data poisoning, manipulation of generative outputs, and significant concerns about agentic workloads, foundational issues, such as vulnerability prioritization at scale, continue to strain limited staff resources. Organizations are finding that traditional security tools often lack the visibility needed to effectively secure containerized applications and automated CI/CD pipelines.

Balancing Innovation with Operational Oversight

The focus on API governance reflects the growing complexity of the modern digital ecosystem. As the “feel” of security becomes an operational priority, leaders are moving toward architectures that offer better integration and transparency. The research indicates that for application security to be effective, it cannot exist in a silo; it must be seamlessly integrated into the development lifecycle without creating friction for engineering teams.

“These responses indicate the immense breadth of the challenge facing organizations today, extending well above and beyond the immediate concerns of AI,” stated Fernando Montenegro, Vice President and Practice Lead at Futurum. “While we may legitimately look to AI to help automate defenses and prioritize vulnerabilities, security leaders shouldn’t lose sight of the big picture. Effective application security requires a holistic approach that addresses the entire lifecycle, from the APIs that connect our services to the automated pipelines that deploy them.”

About Futurum Intelligence for Market Leaders

Futurum Intelligence’s Cybersecurity and Resilience IQ service provides actionable insight from analysts, reports, and interactive visualization datasets, helping leaders drive their organizations through transformation and business growth. Subscribers can log into the platform at https://app.futurumgroup.com/, and non-subscribers can find additional information at Futurum Intelligence.

Follow news and updates from Futurum on X and LinkedIn using #Futurum. Visit the Futurum Newsroom for more information and insights.

Other Insights from Futurum:

Anthropic Glasswing: AI Vulnerability Detection Has Crossed a Threshold

RSAC 2026: The AI ‘Tragedy of the Commons’ and the Future of Agentic Security

Futurum Research Finds Threats and Skills Shortages Dominate SOC Challenges

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.