37% of reported security challenges in production APIs were due to vulnerabilities, such as injection attacks and Broken Object-Level Authorization (BOLA), 34% due to sensitive data exposure, and 29% due to API authentication weaknesses.