Report finds a staggering 1,205% surge in AI vulnerabilities, with nearly all directly tied to APIs
SAN FRANCISCO, Jan. 29, 2025 -- Wallarm, a global leader in API security, today released its 2025 API ThreatStats Report, revealing that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks. Wallarm's annual report bridges a critical gap between technical and strategic aspects of API security by sharing actionable insights tailored to the distinct responsibilities of CISOs and CIOs.
"Based on our findings, what is clear is that API security is no longer just a technical challenge – it's now a business imperative," said Ivan Novikov, CEO and Co-Founder of Wallarm. "API related security flaws are fueled by the adoption of AI, as APIs are the critical interface between AI models and the applications they power. However, this rapid growth has exposed significant vulnerabilities. For instance, we found that 57% of AI-powered APIs were externally accessible, and 89% relied on insecure authentication mechanisms. Of particular concern is that only 11% had robust security measures in place, leaving most endpoints vulnerable. In today's environment, organizations cannot afford to not secure their APIs. Failure to do so means they are exposing themselves to grave risks that can result in costly technical vulnerabilities and reputational and operational crises."
Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs. With the exponential rise in AI adoption and exploits, Wallarm introduced a new ThreatStats Top 10 category, Memory Corruption and Overflow. This new category addresses vulnerabilities that arise from improper memory handling and access, resulting in security breaches such as unauthorized data access, crashes, and arbitrary code execution, and was driven by Wallarm's analysis of how AI workloads interact with hardware, exposing APIs to issues like buffer overflows and integer overflows.
Additionally, more than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before, and this highlights the growing prevalence and criticality of API security in modern threat environments. API vulnerabilities surpass traditional exploit categories like kernel, browser, and supply chain vulnerabilities, underscoring their central role in cyberattacks.
Key insights and observations include:
- AI as a catalyst for new vulnerabilities: In Wallarm's survey of 200 US-based enterprise leaders on AI and API security, over 53% reported engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks. For instance, Wallarm's threat intelligence flagged significant vulnerabilities in AI tools like PaddlePaddle and MLflow, which underpin enterprise AI deployments. These tools were exploited at API endpoints, compromising training data, siphoning intellectual property, or injecting malicious payloads into machine learning pipelines. Additionally, APIs facilitating real-time data exchanges between AI models and applications often lack adequate security measures, making them susceptible to injection, abuse, and memory-related exploits.
- Legacy and modern APIs both under attack: While legacy APIs such as those used in Digi Yatra and Optus incidents remain vulnerable due to outdated designs, modern RESTful APIs are equally at risk due to complex integration challenges and improper configurations. APIs now represent the largest category of exploited vulnerabilities in CISA KEV, with modern APIs representing over 33%. Exploits include improper authentication, injection attacks, and API endpoint misconfigurations, targeting enterprise-grade platforms with prominent attacks, including Invanti and Palo Alto Networks. Legacy APIs in web applications represent over 18% of exploited vulnerabilities. These vulnerabilities arise in older APIs typically used within web applications for AJAX backends, URL parameters, or direct calls to .php files. Often integrated into devices like cameras or IoT systems, these APIs lack the robust security measures of their modern counterparts, with key exploit types including URL-based injection, CSRF attacks, and outdated session handling mechanisms.
- Growing exploitation of authentication and access control: The Twilio and Tech in Asia breaches demonstrated how attackers exploit weak authentication and access control mechanisms to gain unauthorized access. These issues are exacerbated by the decentralized nature of API management in large organizations, as API-related breaches escalate in frequency and severity. For instance, in last year's Wallarm Annual Report based on 2023 data, API-related breaches were significant but sparse, with only a few incidents reported each quarter. In 2024, this picture changed dramatically, with an average of three monthly incidents—and, at times, as many as five to seven breaches each month. The rise of API-driven systems in sectors like healthcare, transportation, technology, and financial services has led to a surge in vulnerabilities, placing APIs squarely at the center of the cybersecurity landscape.
Underscoring the report's central findings is that AI security is API security. As APIs drive innovation, particularly in AI-enabled systems, organizations need real-time API controls to protect their business operations, customer trust, and long-term success. Looking ahead to 2025, organizations must prioritize API security to safeguard their systems and unlock the full potential of APIs as the key driver of business transformation.
To download the report, visit https://www.wallarm.com/resources/2025-api-threatstats-tm-report.
Methodology
The Wallarm API ThreatStats methodology represents a scientifically grounded and reproducible approach to analyzing and categorizing API-related vulnerabilities. Designed to achieve 99% coverage for API-related CVEs and bug bounty reports published in 2024, this methodology is rooted in rigorous statistical analysis, precise CWE mapping, and a carefully validated classification system. Wallarm's methodology ensures that the insights provided are actionable and objectively derived from empirical data.
About Wallarm
Wallarm, the integrated API Security company, provides robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Wallarm is the preferred choice of hundreds of Security and DevOps teams for comprehensive discovery of web apps and API endpoints, protection against emerging threats throughout their API portfolio, and automated incident response to enhance risk management. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.
This News is brought to you by Qube Mark, your trusted source for the latest updates and insights in marketing technology. Stay tuned for more groundbreaking innovations in the world of technology.
