APIs made up 17% of 67,058 published vulnerabilities in 2025, a total of 11,053 API-related flaws. The overlap between APIs and AI is even more notable. More than a third (36%) of AI vulnerabilities (786 out of 2,185) were API-related.
Of the 245 vulnerabilities identified in the U.S. Cybersecurity and Infrastructure Security Agency’s 2025 Known Exploited Vulnerabilities list, 43% (106) were API-related. Unsurprisingly, 36% of AI-related exploits also corresponded to API vulnerabilities.
These were some of the findings of Wallarm’s API ThreatStats Report 2026, which draws on vulnerability and breach data from 2025.
The report describes AI as a risk multiplier that has been leveraging existing weaknesses in APIs and accelerating their exploitation. As companies continue to increase their dependence on APIs for their digital services, business logic, and AI, attackers are following the same trend.
It is clear that APIs are not peripheral components. They are the connective tissue of digital business, and increasingly, the primary vector of attack.
Identity Failures Drive Breaches
Perhaps the most troubling aspect of this report is the consistency with which breaches have originated from identity issues rather than sophisticated exploitation attacks.
Sixty-five percent of the breaches that were assessed originated from authentication issues. This included weak tokens, scope issues, reusing credentials, and a lack of runtime enforcement. Attackers are not necessarily finding new zero-day vulnerabilities; they are exploiting publicly accessible endpoints and poorly managed access controls.
AI platforms are vulnerable, too. The report showed that 15% of breaches involved AI vendors, the same rate as for enterprise software vendors. As AI is increasingly integrated into customer-facing applications and backend automation, its reliance on APIs makes it a compelling target.
Abuse over bugs: The 2025 API ThreatStats Top 10
The evolution of the API ThreatStats Top 10 mirrors a broader shift in adversaries’ strategy. Rather than focusing solely on traditional software bugs, they increasingly prioritize logic flaws and cross-site exploitation.
The top categories for 2025 were:
- Cross-Site Issues (up from #5 in 2024)
- Injections (down from #1)
- Broken Access Control (down from #2)
- Insecure Resource Consumption (up from #7)
- Authentication Flaws (down from #3)
- SSRF (up from #10)
- Memory Corruption/Overflows (up from #9)
- API Leaks (down from #4)
- Authorization Issues (down from #6)
- Weak Secrets/Cryptography (no change)
The appearance of cross-site problems in the number one spot indicates a trend in exploit chain attacks that rely on browser contexts, session manipulation, and token abuse. At the same time, injections and access control issues continue to pose a threat, indicating that basic API security is still being poorly managed. The technical characteristics of API vulnerabilities amplify the risk:
- 97% were exploitable via a single request
- 98% were classified as easy or trivial to exploit
- 99% were remotely exploitable
- 59% required no authentication
In practice, this means attacks can scale quickly, take minimal effort, and often bypass the need for compromised credentials.
The Rise of Model Context Protocol (MCP)
One of the most notable developments highlighted in the report is the rapid emergence of Model Context Protocol (MCP). Designed to enable agentic AI systems to interact with external tools and services, MCP-related vulnerabilities surged in 2025.
The report identified 315 MCP-related vulnerabilities, representing 14% of all AI vulnerabilities analyzed. Growth was described as explosive, with one high-profile breach involving exposed agentic APIs that enabled attackers to take over AI agents.
As AI systems increasingly operate autonomously (retrieving data, triggering workflows, and interacting with third-party services), the APIs underpinning these capabilities become mission-critical security boundaries. Poorly secured MCP servers, exposed endpoints, or overprivileged agents can turn automation into an attack amplifier.
High-profile Breaches Highlight the Risks
Major incidents in 2025 also stressed the importance of APIs in real-world attacks. Qantas was affected by the leak of 6 million records due to inadequate authentication mechanisms, while SwissBorg was targeted in a $41 million heist involving stolen credentials and API misuse.
In one of the Top 10 incidents, thousands of MCP servers were compromised due to a path-traversal vulnerability that allowed malefactors to access live production AI workflows. They didn’t employ any exotic AI-related attack methodologies, just good old API vulnerabilities such as weak authentication and insecure backend interactions.
The problem was that these APIs were doing more than just serving data; they were executing actions on behalf of AI agents.
Analysis of the industry showed that enterprise software and AI infrastructure were the most affected, each contributing 15% to the incidents. Cybersecurity companies accounted for 13% of the incidents, indicating that no industry is safe.
Exposure, Not Novelty, Drives Risk
One of the themes that runs through the report is that most API breaches are not the result of new vulnerabilities. Rather, they are the result of exposure: unknown endpoints, shadow APIs, weak tokens, too much privilege, and a lack of runtime controls.
The report indicates that businesses need to change their mindset about API security. Prevention is no longer enough. Discovery, inventory, and runtime enforcement are essential.
The recommendations of the report are based on three priorities:
- Secure identity controls: Protect token management, implement least privilege access, and verify authentication at runtime.
- Enforce at runtime: Identify and prevent abuse patterns in real time, not just during testing.
- Inventory all APIs: Uncover shadow and deprecated APIs before attackers do.
For AI-driven systems, the stakes are even higher. Agentic architectures, MCP integrations, and external tool connections all depend on secure API boundaries. Without them, AI can magnify operational risk at machine speed.
A Defining Year for API Security
There’s one inescapable finding in the report: APIs are now the primary front in the war on cyber threats. As digital transformation continues to accelerate and the adoption of AI increases, APIs are the entry points to valuable data, business logic, and AI-driven decision-making.
The reality facing security professionals is that bad actors are already taking advantage of this new normal on a massive scale.
To see how the new reality of API vulnerability is changing the cyber threat landscape and what security professionals can do next, download the full report.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.