Application Security report: 2024 update

Cloudflare's 2024 Application Security Report documents rising application-layer threats: mitigated traffic averaged ~6.8% with DDoS the top attack vector (including record hyper‑volumetric HTTP/2 attacks), CVEs are being weaponized extremely quickly (exploits observed within minutes of PoC), bot traffic comprises roughly one-third of traffic with 93% unverified, APIs now account for 60% of traffic with many "shadow" endpoints, and client-side third‑party scripts create additional supply‑chain risks.