As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect.
If 2024 was about laying the groundwork (tracking API sessions to understand behavioral attacks), then 2025 was the year we built upon that foundation, turning insight into action and visibility into measurable business impact.
API Sessions: From Observation to Action
We started the API sessions journey with a simple observation. Attacks are not just isolated requests; they’re patterns, behaviors, and sequences that we see unfold over time. In 2025, we took that insight further. We made sessions smarter, allowing teams to see not just the traffic, but also who was behind it.
Now, sessions can be tied to specific users and roles, a great feature that makes it possible to detect subtle account takeover attempts. By understanding who is behind a session, security teams can root out anomalies that indicate account takeover attempts.
We also introduced new API Abuse detectors targeting IP rotations, session rotations, low-frequency credential stuffing, and unusual response times. This meant detecting not only the loud, obvious attacks but also the subtle, sophisticated campaigns that can slip through traditional defenses.
Detection, however, is only half the battle. In the second half of 2025, we introduced the ability to block API sessions in real-time. IP-based blocking can be a blunt tool, often catching legitimate users in the crossfire. Blocking individual requests helps mitigate one-off attacks, but it falls short when threats span multiple interactions.
Session-based blocking changes this by zeroing in on the malicious session itself. The result is that behavioral attacks are blocked, and legitimate traffic isn’t.
Streamlined Visibility: Finding What Matters
Security only works when you can see what’s happening. This year, we gave the API Sessions interface a major upgrade. Sessions load faster, filters let you focus on what matters, columns can be sorted, and less-used details can be tucked away (but not lost).
Intelligent linking also makes it easy to jump between related data. When attacks are detected, they’re front and center, giving analysts the context they need to act without wasting time.
Account Takeover Detection: Smarter ML, Smarter Protection
Account takeover remains a persistent threat. To address this, we introduced two new machine learning detectors: IP rotation and session rotation. These detectors analyze patterns across multiple IPs or session identifiers, flagging anomalies that traditional defenses miss.
By correlating this intelligence with session data, security teams can identify automated attacks before they escalate.
Protecting Business: Sensitive Flows and Revenue
Security doesn’t exist in a vacuum; the objective is to protect the business. That’s why this year we rolled out Sensitive Business Flow (SBF) Identification and Advanced User Attribution. Critical API endpoints (things like authentication, billing, and account management) can now be automatically tagged and monitored.
Security teams can focus on the most critical things, protecting both the systems and the revenue those APIs drive.
Building on that, 2025 also brought the industry’s first API Revenue Protection. Security is essential, but equally so is understanding the business impact. By analyzing transactions in real-time, Wallarm can identify which revenue is at risk, detect fraud or abuse, and stop attacks before they hit a business’s bottom line.
This is beneficial for CISOs, as they can now measure security decisions in terms of risk mitigation and dollars protected, representing a tangible shift from defense to business value.
Securing AI Agents: The Agentic AI Frontier
This year’s news has been flooded with stories about how the rise of AI introduces a slew of new attack surfaces. Agentic AI Protection, which we released this year, defends autonomous systems from prompt injection, jailbreaks, and manipulation attempts.
AI agents interact through APIs, and our research revealed that these are often exposed and vulnerable. By monitoring both incoming queries and outgoing responses, Wallarm protects AI-driven workflows in real time, giving businesses the confidence to innovate without worrying about exposing themselves to new threats.
We also debuted a penetration testing service for Agentic AI, helping teams proactively identify vulnerabilities in their autonomous systems. Between API Revenue Protection and AI agent security, 2025 puts us firmly in the intersection of cybersecurity and business outcomes.
Shift-Left Security: Schema-Based Testing for APIs
Security starts earlier in the development lifecycle. Schema-Based Testing, part of the Wallarm Security Testing suite, adopts a shift left approach, enabling teams to integrate DAST for APIs directly into CI/CD pipelines.
From OWASP API Top 10 risks to business logic flaws like BOLA, testing is fast, automated, and context-aware. By catching issues before deployment, companies can limit the risk of expensive post-production fixes, a lesson highlighted in our API ThreatStats report, which noted that 20% more API vulnerabilities were identified in Q3 2025 alone.
2026 and Beyond: Security with Context
Looking ahead, the gap between security tools and how the business actually runs needs to close for good. In 2026, we’re moving beyond just analyzing traffic. Security will actually understand what’s happening, which APIs drive revenue, what users are trying to do, and which systems are truly critical in that moment.
We are building toward protection that naturally fits with what matters to businesses. We want to eliminate the tagging marathons and endless configurations with automatic mapping of APIs to revenue, understanding the workflows that build customer trust, and putting the right controls in the right places without the heavy lifting.
As AI agents begin to take on more work themselves, we’re expanding protection to cover entire agentic workflows end-to-end, rather than isolated API calls. Threat actors are already picking at security’s seams: the handoffs, the gaps, the trust boundaries between systems. We aim to stay a step ahead of them.
The bar is rising. Detect-and-block is not enough anymore. Security must keep the business moving, protect the revenue-generating assets, and provide leaders with clarity on risk in terms they actually care about. That’s the standard we are setting.
APIs are the backbone of digital business, and AI is the engine. In 2026, Wallarm will be the context that ties these together, the intelligence that keeps them resilient, and the protection that lets businesses innovate with confidence.
The post 2025 in Review: A Year of Smarter, Context-Aware API Security appeared first on Wallarm.