AI-driven API vulnerabilities have skyrocketed by 1205% prior to now 12 months.
The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has change into the most important driver of API safety threats, with almost 99% of AI-related vulnerabilities tied to API flaws.
The examine additionally discovered that 57% of AI-powered APIs have been accessible externally, whereas 89% lacked safe authentication. Solely 11% carried out strong safety measures.
Wallarm tracked 439 AI-related CVEs in 2024. Many of those stemmed from injection flaws, misconfigurations and a newly recognized class – Reminiscence Corruption and Overflow – attributable to AI’s reliance on high-performance binary APIs.
APIs Dominate Cybersecurity Menace Panorama
For the primary time, over 50% of all recorded CISA exploited vulnerabilities have been API-related, a pointy rise from 20% in 2023. Of those, 33.5% focused fashionable RESTful and GraphQL APIs, whereas 18.9% affected legacy methods, akin to AJAX-based APIs and URL parameter vulnerabilities.
Learn extra on API safety: New APIs Found by Attackers in Simply 29 Seconds
Actual-world incidents underscore the dangers. The Dell API breach uncovered 49 million data in Might 2024, whereas Twilio’s Authy exploit compromised 33.4 million telephone numbers. In healthcare, Ascension Well being confronted a devastating API breach affecting 5.6 million sufferers in December.
Key Takeaways
Among the many key takeaways from the report, Wallarm discovered that:
- AI deployment is driving API vulnerabilities – 53% of enterprises reported partaking in a number of AI tasks
- Authentication flaws stay a crucial difficulty – 89% of AI-powered APIs use insecure authentication
- Legacy and fashionable APIs are equally in danger – Over 33% of CISA KEV vulnerabilities contain fashionable API applied sciences
- Reminiscence corruption vulnerabilities emerge – AI’s high-performance computing reliance results in new safety challenges
- API breaches tripled in 2024 – Incidents rose from a number of per quarter to a number of per thirty days
With APIs turning into the spine of AI integration, Wallarm urges organizations to implement real-time safety controls to mitigate dangers. As API-related threats proceed to rise, enterprises should prioritize API safety to guard their operations, information and popularity.
