January 29, 2025
Report finds a staggering 1,025% surge in AI vulnerabilities, with nearly all directly tied to APIs
SAN FRANCISCO, Jan. 29, 2025 /PRNewswire/ -- Wallarm, a global leader in API security, today released its 2025 API ThreatStats Report, revealing that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks. Wallarm's annual report bridges a critical gap between technical and strategic aspects of API security by sharing actionable insights tailored to the distinct responsibilities of CISOs and CIOs.
"Based on our findings, what is clear is that API security is no longer just a technical challenge – it's now a business imperative," said Ivan Novikov, CEO and Co-Founder of Wallarm. "API related security flaws are fueled by the adoption of AI, as APIs are the critical interface between AI models and the applications they power. However, this rapid growth has exposed significant vulnerabilities. For instance, we found that 57% of AI-powered APIs were externally accessible, and 89% relied on insecure authentication mechanisms. Of particular concern is that only 11% had robust security measures in place, leaving mostendpoints vulnerable. In today's environment, organizations cannot afford to not secure their APIs. Failure to do so means they are exposing themselves to grave risks that can result in costly technical vulnerabilities and reputational and operational crises."
Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs. With the exponential rise in AI adoption and exploits, Wallarm introduced a new ThreatStats Top 10 category, Memory Corruption and Overflow. This new category addresses vulnerabilities that arise from improper memory handling and access, resulting in security breaches such as unauthorized data access, crashes, and arbitrary code execution, and was driven by Wallarm's analysis of how AI workloads interact with hardware, exposing APIs to issues like buffer overflows and integer overflows.
Additionally, more than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before, and this highlights the growing prevalence and criticality of API security in modern threat environments. API vulnerabilities surpass traditional exploit categories like kernel, browser, and supply chain vulnerabilities, underscoring their central role in cyberattacks.
Key insights and observations include:
Underscoring the report's central findings is that AI security is API security. As APIs drive innovation, particularly in AI-enabled systems, organizations need real-time API controls to protect their business operations, customer trust, and long-term success. Looking ahead to 2025, organizations must prioritize API security to safeguard their systems and unlock the full potential of APIs as the key driver of business transformation.
To download the report, visit https://www.wallarm.com/resources/2025-api-threatstats-tm-report.
Methodology
The Wallarm API ThreatStats methodology represents a scientifically grounded and reproducible approach to analyzing and categorizing API-related vulnerabilities. Designed to achieve 99% coverage for API-related CVEs and bug bounty reports published in 2024, this methodology is rooted in rigorous statistical analysis, precise CWE mapping, and a carefully validated classification system. Wallarm's methodology ensures that the insights provided are actionable and objectively derived from empirical data.
Wallarm helps you develop fast and stay secure.