18% of organizations cited brute forcing or credential stuffing as the most common API security problem.