- Have a .gov email address? You can get Perplexity Pro free for a year - here's now
- Mistral AI says its Small 3 model is a local, open-source alternative to GPT-4o mini
- Timeline of HPE’s $14 billion bid for Juniper
- DeepSeek Locked Down Public Database Access That Exposed Chat History
- Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A
AI Surge Drives Record 1,205% Increase in API Vulnerabilities
AI-driven API vulnerabilities have skyrocketed by 1205% in the past year.
The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has become the biggest driver of API security threats, with nearly 99% of AI-related vulnerabilities tied to API flaws.
The study also found that 57% of AI-powered APIs were accessible externally, while 89% lacked secure authentication. Only 11% implemented robust security measures.
Wallarm tracked 439 AI-related CVEs in 2024. Many of these stemmed from injection flaws, misconfigurations and a newly identified category – Memory Corruption and Overflow – caused by AI’s reliance on high-performance binary APIs.
APIs Dominate Cybersecurity Threat Landscape
For the first time, over 50% of all recorded CISA exploited vulnerabilities were API-related, a sharp rise from 20% in 2023. Of these, 33.5% targeted modern RESTful and GraphQL APIs, while 18.9% affected legacy systems, such as AJAX-based APIs and URL parameter vulnerabilities.
Read more on API security: New APIs Discovered by Attackers in Just 29 Seconds
Real-world incidents underscore the risks. The Dell API breach exposed 49 million records in May 2024, while Twilio’s Authy exploit compromised 33.4 million phone numbers. In healthcare, Ascension Health faced a devastating API breach affecting 5.6 million patients in December.
Key Takeaways
Among the key takeaways from the report, Wallarm found that:
- AI deployment is driving API vulnerabilities – 53% of enterprises reported engaging in multiple AI projects
- Authentication flaws remain a critical issue – 89% of AI-powered APIs use insecure authentication
- Legacy and modern APIs are equally at risk – Over 33% of CISA KEV vulnerabilities involve modern API technologies
- Memory corruption vulnerabilities emerge – AI’s high-performance computing reliance leads to new security challenges
- API breaches tripled in 2024 – Incidents rose from a few per quarter to multiple per month
With APIs becoming the backbone of AI integration, Wallarm urges organizations to implement real-time security controls to mitigate risks. As API-related threats continue to rise, enterprises must prioritize API security to protect their operations, data and reputation.
