Application Security

API Threats Grow in Scale as AI Expands the Blast Radius

New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact.

Vulnerability

Application Programming Interfaces (APIs) remain an attacker-favored exploit route. Aggressors continuously target common failures in identity, access control and exposed interfaces – often at scale and machine speed. AI is increasing the threat surface.

In an analysis of more than 60,000 published vulnerabilities disclosed in 2025, Wallarm found more than 11,000 (17%) were API-related. A concurrent analysis of CISA KEV Catalog additions for 2025 found 43% of exploited vulnerabilities were API-related.

The report demonstrates the severity of the threat by including details of the top ten API-relevant breaches from 2025. The top three are 700Credit, Qantas, and Salesloft.

A standout element of the report is the continuing expansion of AI technologies and their effect on APIs and AI security. “API security is at the heart of any AI transformation,” comments Ivan Novikov, founder and CEO at Wallarm. “Every AI application or agent interaction is mediated through an API. API security is integral to successful AI adoption, and AI by its very nature has made the consequences of getting it wrong much larger and much more impactful.”

The rise of the Model Context Protocol (MCP) will inevitably play a major part in future AI/API issues. “MCP emerged as a leading indicator of where API risk is heading,” states the report. It describes that MCP is a control plane API for agents. If exposed or misconfigured, “Attackers gain leverage over autonomous workflows rather than single endpoints.”

Wallarm found 315 MCP-related vulnerabilities in 2025. The threat is already severe, and likely to grow. MCP is too new to yet make year on year comparisons, but the firm noted a 270% increase in MCP vulnerabilities between Q2 and Q3 2025: describing it as a ‘stunning momentum for a protocol that is still early in adoption’.

Advertisement. Scroll to continue reading.

The danger from MCP vulnerabilities is they consistently combine three failure modes: over-permissioned tools (with agents granted broad API access by default), direct API exposure (often containing the common API vulnerabilities), and lack of runtime enforcement (meaning policy violations are only visible after the damage occurs).

It is unlikely the MCP threat can be contained going forward. It is an open source standard that allows LLMs to connect to data sources and tools. Each user takes the open source and creates their own MCP server for their own use. “MCP servers are software, and we should expect the same risk patterns with it as with other software,” comments Tim Erlin, security strategist at Wallarm. “There will always be vulnerabilities. In some cases, they will be specific to one implementation, in other – likely fewer– cases, they might be inherent in the protocol itself.”

Basically, MCP users are likely to create or inherit vulnerabilities, while there is no original source to fix. “MCP can’t be ‘fixed’ at its source because there are multiple vendors participating in the MCP ecosystem,” continues Erin. “There isn’t one source to fix.”

Analyzing the weaknesses in APIs generally, Wallarm found that cross site issues rose from the fifth most frequent area of abuse in 2024, to number one in 2025, suggesting a change in attacker focus. 

Injections ranked one in 2024, and two in 2025. “It’s clear that despite years of industry education about injections, APIs continue to process vast volumes of untrusted input and pass it directly into downstream systems,” states the analysis.

Broken access control moved down from number two to number three, while insecure resource consumption rose from number seven to number four. These API weaknesses are the most commonly abused weaknesses; but the complete list needs to be fixed. Attackers always use the easiest route, and if some are closed, they’ll use the other weaknesses.

Analyzing its statistics, Wallarm comes to three conclusions. Firstly, attackers favor abuse over bugs, by targeting logic, trust and usage. Secondly, AI is amplifying existing weaknesses rather than introducing new ones. Thirdly, runtime behavior defines the API risk, not pre-production testing.

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes. The report finds 97% of API vulnerabilities can be exploited with a single request, 98% are easy or trivial to exploit, and 99% are remotely exploitable. In 59% of cases, no authentication is required.

Related: Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore

Related: Equixly Raises $11 Million for AI-Powered API Penetration Testing

Related: SesameOp Malware Abuses OpenAI API

Related: Claude AI APIs Can Be Abused for Data Exfiltration

Related Content

Artificial Intelligence

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they...

Artificial Intelligence

From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype.

Artificial Intelligence

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.

Artificial Intelligence

As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits.

Artificial Intelligence

Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine.

Cybersecurity Funding

The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks.

Artificial Intelligence

ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration.

Artificial Intelligence

The company says Sol matches competing systems like Mythos Preview while using only a third of the output tokens.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version