AI-driven API vulnerabilities have skyrocketed by 1205% up to now yr.
The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has turn out to be the largest driver of API safety threats, with practically 99% of AI-related vulnerabilities tied to API flaws.
The research additionally discovered that 57% of AI-powered APIs had been accessible externally, whereas 89% lacked safe authentication. Solely 11% carried out strong safety measures.
Wallarm tracked 439 AI-related CVEs in 2024. Many of those stemmed from injection flaws, misconfigurations and a newly recognized class – Memory Corruption and Overflow – attributable to AI’s reliance on high-performance binary APIs.
APIs Dominate Cybersecurity Menace Panorama
For the primary time, over 50% of all recorded CISA exploited vulnerabilities had been API-related, a pointy rise from 20% in 2023. Of those, 33.5% focused trendy RESTful and GraphQL APIs, whereas 18.9% affected legacy techniques, similar to AJAX-based APIs and URL parameter vulnerabilities.
Read more on API security: New APIs Discovered by Attackers in Just 29 Seconds
Actual-world incidents underscore the dangers. The Dell API breach uncovered 49 million data in Could 2024, whereas Twilio’s Authy exploit compromised 33.4 million telephone numbers. In healthcare, Ascension Well being confronted a devastating API breach affecting 5.6 million patients in December.
Key Takeaways
Among the many key takeaways from the report, Wallarm discovered that:
- AI deployment is driving API vulnerabilities – 53% of enterprises reported partaking in a number of AI tasks
- Authentication flaws stay a important challenge – 89% of AI-powered APIs use insecure authentication
- Legacy and trendy APIs are equally in danger – Over 33% of CISA KEV vulnerabilities contain trendy API applied sciences
- Reminiscence corruption vulnerabilities emerge – AI’s high-performance computing reliance results in new safety challenges
- API breaches tripled in 2024 – Incidents rose from a number of per quarter to a number of per 30 days
With APIs changing into the spine of AI integration, Wallarm urges organizations to implement real-time safety controls to mitigate dangers. As API-related threats proceed to rise, enterprises should prioritize API safety to guard their operations, information and popularity.
