Security Operations, API security, Application security, AI/ML

APIs emerge as top attack surface, accelerating AI security risks

API Application Programming Interface Concept. A programmer types on a laptop, interacting with digital icons representing API development, security, and cloud computing. Application Software Tool,

Application programming interfaces (APIs) have become the most exploited attack surface, encompassing vulnerabilities, active exploits, and real-world breaches, according to a new report from application security company Wallarm Inc. The findings indicate that APIs are now a primary target for attackers, shifting from a secondary concern to the dominant element in the application security landscape, based on information published by Silicon Angle.

The Wallarm 2026 API Threat Stats Report analyzed 67,058 vulnerabilities from 2025, CISA's Known Exploited Vulnerabilities (KEV) catalog, and 60 disclosed API breaches. It found 17% of published vulnerabilities and 43% of CISA's KEV list additions were API-related. The convergence of AI and APIs is accelerating this trend, with 36% of AI vulnerabilities and exploited vulnerabilities involving APIs, highlighting that "AI security is API security."

API flaws are particularly dangerous, with 97% exploitable by a single request, 98% easy to exploit, and 99% remotely exploitable, often without authentication. Attack telemetry shows a rise in "Cross-Site Issues" and persistent threats like injection flaws, broken access control, and insecure resource consumption enabling large-scale abuse. The Model Context Protocol (MCP) also emerged as a growing risk, with 14% of AI vulnerabilities tied to MCP flaws.

Source: Silicon Angle

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds