Bangalore, 12th March 2026 : Indusface, a globally trusted Application Security SaaS provider, released its State of Application Security 2026 Report. The report shows that Indusface blocked 9 billion+ malicious requests in India during 2025, representing a 27% increase over the previous year.The report highlights a fundamental shift in attacker behaviour in 2025. Instead of prolonged, noisy campaigns, attacks became shorter, more precise, LLM-tooling driven and closely tied to business processes and open vulnerabilities. This has materially increased the risk of business impact before manual response teams can intervene.
APIs emerged as the primary target of this new wave of attacks, facing significantly more intense pressure than traditional websites. API vulnerability exploitation rose by 3x, while APIs experienced 8x more DDoS attacks compared to websites. The impact was especially pronounced for smaller organisations with small and mid-sized businesses witnessing API attacks per host increase by 5x, while API-specific DDoS surged by 12x.
A defining characteristic of 2025 was the rise of short burst attacks. Attackers have abandoned long and noisy campaigns in favour of precise, high-intensity bursts that typically last between 2 and 3 minutes and originate from hundreds of thousands of IP addresses. More than 70% of Banking and Financial Services (BFS) and Fintech applications were affected by these bursts at least once a month.
Speaking about this, Ashish Tandon, Founder and CEO of Indusface, said, “Historically, many attacks were scattershot, with probes across multiple vectors to find any weak link. In 2025, we observed attackers becoming far more deliberate, focusing on the workflows that move money, authenticate users, and access data. With attacks completing in minutes, organizations need AI-powered, continuously tuned protection, including rapid exploit blocking and end-to-end API coverage.”
Sectoral analysis revealed sharp escalations across industries when comparing 2025 with 2024. Banking and Financial Services recorded 2.72 billion attacks, with a 2.5x increase in vulnerability-based attacksand a 2.7x spike in DDoS incidents that coincided with periods of geopolitical tension. Insurance saw overall attacks double, with vulnerability attacks increasing by 3x.Manufacturing recorded 1.55 billion attacks, a 2x rise year-on-year, accompanied by a near 3x surge in vulnerability attacks targeting proprietary data.
The report also quantifies the financial case for a managed WAAP approach. By optimising the manual effort required for false positive tuning, vulnerability remediation and real-time attack monitoring, AppTrana delivered total operational savings of $85,000–$214,000 per organization in India, underscoring the tangible return on investment that managed application security can deliver.
For more insights and to download the full State of Application Security 2026 Report, visit www.indusface.com
About Indusface
Indusface is a leading application security SaaS company, securing 6,500+ customers across 95 countries with its award-winning platform. Backed by leading institutional investors, Indusface is a category leader in cloud WAAP, with repeated recognition from top analysts and industry platforms including Gartner, Forrester, GigaOm, and G2.The industry’s only AI-powered, all-in-one AppSec platform helps businesses discover, detect, remediate vulnerabilities, and protect web applications and APIs at internet scale, backed by a 100% uptime guarantee.
