A brand new report out today from application security company Wallarm Inc. warns that application programming interfaces have turn into the only most exploited attack surface across vulnerabilities, energetic exploits and real-world breaches.
The Wallarm 2026 API Threat Stats Report — the Latest API Risk Multiplier is predicated on evaluation of 67,058 published vulnerabilities in 2025, the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog and 60 publicly disclosed API-related breaches. It found that APIs aren’t any longer just a part of the applying security conversation but at the moment are the dominant surface attackers goal.
Wallarm found that 11,053 vulnerabilities published in 2025 — 17% of the entire — were API-related. Of the 245 vulnerabilities added to CISA’s KEV list in the course of the 12 months, 43% were API-related. Within the latter, APIs were the only most typical exploited surface within the dataset.
Not surprisingly, the convergence of artificial intelligence and APIs was found to be accelerating the issue.
The corporate identified 2,185 AI-related vulnerabilities in 2025, with 786 overlapping API vulnerabilities, meaning 36% of AI flaws involved APIs. The identical 36% overlap appeared in exploited AI vulnerabilities, reinforcing the concept that “AI security is API security” in practice, not only theory.
The report details how the characteristics of API flaws make them particularly dangerous, with 97% of API vulnerabilities capable of be exploited with a single request, 98% rated easy or trivial to use, and 99% remotely exploitable. Furthermore, in 59% of cases, no authentication is required.
The result, in response to the report, is an attack surface optimized for speed, automation and scale somewhat than sophisticated, multistep intrusion.
Attack telemetry was also found to indicate a shift in attacker behavior. In Wallarm’s ThreatStats Top 10, “Cross-Site Issues” rose to the highest category by observed attack volume in 2025, overtaking injection flaws, which nevertheless remained a persistent high-impact threat. Broken access control and insecure resource consumption continued to enable large-scale abuse.
Other findings within the report include that the Model Context Protocol has quickly emerged as a growing risk, with Wallarm identifying 315 MCP-related vulnerabilities in 2025 — 14% of all AI vulnerabilities. MCP-related flaws were also tied to a Top 10 API breach involving hundreds of exposed MCP servers, highlighting how APIs that act on behalf of autonomous agents can amplify the blast radius of a single control failure.
“API security is at the center of any AI transformation,” said Ivan Novikov, founder and chief executive officer of Wallarm. “Every AI application or agent interaction is mediated through an API. API security is integral to successful AI adoption and AI by its very nature has made the results of getting it improper much larger and rather more impactful.”
The report concludes by noting that for security leaders, the takeaway is direct: Improving API security just isn’t about chasing latest attack classes. It’s about systematically addressing identity, exposure and abuse before automation and scale turn familiar weaknesses into material business risk.
Image: SiliconANGLE/Ideogram
Support our mission to maintain content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with greater than 11,400 tech and business leaders shaping the long run through a singular trusted-based network.
About SiliconANGLE Media
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our latest proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to assist technology firms make data-driven decisions and stay on the forefront of industry conversations.