AI streamlining attacks on the application layer, researchers say

Threat actors are thriving with attacks against developers on the application layer and upstream in the supply chain, according to researchers from Contrast Security.

The researchers cited internal figures from API monitoring tools along with external studies in concluding that network defenders face unprecedented levels of attacks at the application and API level, including upstream and supply chain attacks.

On average, applications contain 30 serious vulnerabilities, according to the "Software Under Siege 2025" report, with developer teams remediating six of the 17 new vulnerabilities per month. In the meantime, attackers exploit new vulnerabilities in just five days, while it takes 84 days on average to patch flaws. AI is also making it easier to execute the few attack techniques that make up most of the risk to applications.

“We are seeing a fundamental shift in how applications are being attacked,” said Contrast Security founder and CTO Jeff Williams.

“AI is making it easier than ever for adversaries to launch targeted, viable attacks at scale, while traditional tools like WAFs, SAST, and EDR remain blind to what’s happening inside the application while it’s running.”

According to figures from Constant Security’s monitoring tools, the average enterprise application is hit with an exploit attempt once ever three minutes, adding up to an average of more than 14,000 attack attempts per month.

For the most part, those attempts are mere probes. It is estimated that around 75% of breach attempts are the result of bots and threat actors seeking out soft spots in an application.

On average, the actual attack traffic is a small fraction of the total volume. In addition to the 75% of traffic considered to be probing attempts, roughly 24.7% can only be classified by researchers as "suspicious" traffic connections that cannot be directly attributed to exploit attempts but also cannot be ruled out as benign activity.

That leaves a 0.6% of traffic into applications that can be directly assessed as malicious exploit payloads. While the percentage seems small, over a large scale that adds up to a scary amount of direct attacks against applications and APIs.

“Viable attacks are the most dangerous category we track,” according to the report. “These are confirmed exploitation attempts that successfully reach and activate real vulnerabilities in the application.”

AI streamlining the attack process

The increased use of AI tools to automate exploit attempts is making things worse. The Contrast team said automating the fuzzing process with AI agents allows attackers to streamline the process of finding vulnerabilities in applications and API packages.

“Defenders who are responsible for protecting today’s applications from attack face relentless pressure on two fronts: a surge in targeted attack activity from determined adversaries, and a growing backlog of serious vulnerabilities,” said Williams.

“Both trends are exacerbated by the widespread use of AI for software development and generating attacks.”