Application programming interfaces (APIs) have become the most exploited attack surface, encompassing vulnerabilities, active exploits, and real-world breaches, according to a new report from application security company Wallarm Inc. The findings indicate that APIs are now a primary target for attackers, shifting from a secondary concern to the dominant element in the application security landscape, based on information published by Silicon Angle.The Wallarm 2026 API Threat Stats Report analyzed 67,058 vulnerabilities from 2025, CISA's Known Exploited Vulnerabilities (KEV) catalog, and 60 disclosed API breaches. It found 17% of published vulnerabilities and 43% of CISA's KEV list additions were API-related. The convergence of AI and APIs is accelerating this trend, with 36% of AI vulnerabilities and exploited vulnerabilities involving APIs, highlighting that "AI security is API security."API flaws are particularly dangerous, with 97% exploitable by a single request, 98% easy to exploit, and 99% remotely exploitable, often without authentication. Attack telemetry shows a rise in "Cross-Site Issues" and persistent threats like injection flaws, broken access control, and insecure resource consumption enabling large-scale abuse. The Model Context Protocol (MCP) also emerged as a growing risk, with 14% of AI vulnerabilities tied to MCP flaws.Source: Silicon Angle
Security Operations, API security, Application security, AI/ML

APIs emerge as top attack surface, accelerating AI security risks

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



