54% of attacks observed related to security misconfigurations (API8), while 27% related to broken object-level authorization (API1). In contrast, vulnerabilities such as broken user authentication (API2) and security monitoring and logging failures (API7) only relate to 1% of attacks.