An analysis of 67,058 published vulnerabilities from 2025 finds 11,053, or 17%, are related to application programming interfaces (APIs).

Conducted by Wallarm, the 2026 API ThreatStats Report also notes that 43% of the additions made in 2025 to the Known Exploited Vulnerabilities (KEV) catalog maintained by the Cybersecurity and Infrastructure Security Agency (CISA) involved APIs.

More concerning still, the report also highlights 2,185 AI-related vulnerabilities in 2025, with well over 36% (786) overlapping with API vulnerabilities. In total, AI platforms and tooling accounted for 15% of API-related breaches in 2025.

Wallarm also identified 315 vulnerabilities in 2025 that involved the Model Context Protocol (MCP) that provides a standard mechanism for enabling AI applications and agents to access data, representing 14% of all published AI vulnerabilities.

Unfortunately, the report also notes those APIs remain relatively easy to exploit. A full 97% of API vulnerabilities discovered can be exploited with a single request, with nearly all (99%) being remotely exploitable. In 59% of those instances, no authentication is required.

Tim Erlin, vice president of product for Wallarm, said the analysis makes it clear that the rise of AI is exposing fundamental weaknesses in API security that have existed for many years. In effect, AI cannot be made secure without first securing the APIs used to access data and AI models, he added. Eventually, application and API security will also need to become one in the same because the former cannot be achieved without the latter, he added.

It’s not clear how much organizations are investing in API security in the age of AI, but a recent Futurum Group survey finds well over a third of respondents expect their organization to increase spending on application programming interface (API) security (36%) over the next 12 to 18 months. Overall, about 35% said they also plan to make some type of investment in application security.

Hopefully, as more attention is paid to AI security more funding will be allocated to securing APIs. Historically, API security has been something of an afterthought, with many cybersecurity teams assuming that the application developers who build them are also assuming responsibility for securing them. In reality, most application developers lack the expertise required to secure them and may not even tell anyone outside of their application development team that an API exists. As a result, it’s not uncommon for cybersecurity teams to only discover an API exists until after it’s been involved in a cybersecurity incident.

Cybersecurity teams, ultimately, should by now just assume that the number of API endpoints exposed to the Internet are considerably higher than what has been reported. Savvy cybersecurity teams now routinely scan for APIs through which adversaries can exfiltrate data or, worse yet, compromise business logic.

In the meantime, cybersecurity teams should assume that there will be many incidents involving AI and APIs in the months ahead. After all, many cybercriminals are already adept at exploiting APIs. The only difference now is those APIs now provide access to a much richer set of AI targets that could have much more catastrophic consequences for all concerned.