Treblle published the Anatomy of an API: 2025 Edition, an annual benchmark examining how organizations build, operate, and secure APIs. Drawing on analysis of more than one billion API requests worldwide, the report highlights a growing “Governance Paradox,” where enterprises are becoming faster and more AI-ready while lagging on core security and governance practices.
According to the Anatomy of an API 2025 report, average API load times improved by 53% year over year, yet 42% of API traffic remains unencrypted (HTTP) and 47% of APIs process requests without authentication. It is a dangerous tradeoff, because APIs are no longer just integration points. They are how AI and the business actually get work done.
“We are essentially driving a Ferrari engine in a go-kart chassis,” said Vedran Cindrić, founder and CEO of Treblle. “The data shows the performance is there, and production AI is here. But security and governance have not kept pace, and that gap is now a board-level risk.”
“In 2026, the winners will not be the teams that ship the fastest. They will be the teams who can see their API landscape clearly and secure it consistently.”
Five trends defining the 2025 API landscape
- AI moves from experimentation to production integration
After explosive growth in 2024, AI-related API traffic stabilized at 42% growth in 2025, signaling a shift toward reliability, repeatability, and operational maturity. - Speed becomes the baseline requirement
Average API load times have dropped from 695ms (2024) to 322ms (2025). This drop is driven by increasing demand for AI-driven experiences that require near-instant context. - The Governance Paradox intensifies
Speed improved, but governance did not keep up. With 42% of traffic still unencrypted and 46% lacking formal versioning, teams operate with more uncertainty than a Zero Trust posture can afford. - APIs shift from “reading” data to “doing” work
POST requests nearly doubled to 43% of the total traffic. It’s a sign that APIs are being used less to fetch data and more to trigger work, from transactions to automation to AI-driven actions. - The Mega-API emerges as services consolidate
APIs with 100+ endpoints grew 10x, from 4% in 2024 to 38% in 2025. Fewer services can mean less sprawl, but it also means that each API carries more complexity and demands tighter governance.
“Today, every business is a digital business, and every digital business runs on APIs,” Cindrić added. “The next step is simple: manage your APIs as products, and not just code. Use run-time visibility to enforce security and governance consistently at scale.”
For a detailed look at the Anatomy of an API 2025 findings and the 2026 execution roadmap, download the report at the website here.
Related News:
Salt Security Debuts First AI Agent API Solution with Real-Time Protection
Unmask Hidden API Vulnerabilities with Salt Surface from Salt Security
