AI Amplifies Existing API Security Weaknesses Posted in Security Bill Doerrfeld April 14, 2026 New data underscores what many of us have known all along: APIs are now the most common doorway for attackers. But while the reigning API security risks may not look all that new, the new technology around agentic AI, like Model Context Protocol (MCP), seems to be disproportionately exacerbating classic API- and application-level security gaps. Security company Wallarm recently released a new API ThreatStats Report, The New API Risk Multiplier. The report analyzes 67,058 security bulletins from 2025 and finds that classic application-level vulnerabilities like cross-site vulnerabilities, injection, and broken access control are the leading behaviors involved in API attacks. However, now with AI-assisted tooling, attackers are conducting quicker reconnaissance on APIs, and quickly targeting business logic, trust gaps, and usage patterns that they can exploit. And 36% of published AI vulnerabilities involve APIs. This means that API security and AI security often are intrinsically tied. API Vulnerabilities: Easy to Exploit, and Critical APIs now represent the dominant path into AI systems and applications and make up the largest share of reported vulnerabilities. From the entire ThreatStats data set, nearly one in five of all vulnerabilities are API-related. And, APIs make up 43% of all the known exploited vulnerabilities (KEVs) that were cataloged in 2025. These API vulnerabilities are often easy or trivial to exploit remotely. Case in point: 97% of API vulnerabilities can be exploited with a single request. And the majority of them (59%) don’t require any authentication at all. With 67% of API vulnerabilities ranked high or critical, many critical systems are easily exploitable. AI-Related Vulnerabilities Undermine API Access The report also found a steep rise in AI-related vulnerabilities in 2025, logging a 398% increase in AI vulnerabilities year over year. Of these, MCP-related vulnerabilities account for 14% of all AI vulnerabilities. According to the report, this represents a disproportional share given how new MCP is on the scene. MCP security best practices are still maturing, and there’s often a lack of runtime enforcement. When exploiting an MCP server, hackers often take advantage of broad access and over-permissioned tools, many of which result in a direct API exposure. The report found that 36% of AI-related exploited vulnerabilities also expose an API attack surface. This aligns with a recent report from Zuplo that found that 58% of MCP servers wrap existing APIs. A Closer Look at Top API Threats in 2025 To understand exact API threat mechanics, Wallarm’s API ThreatStats Top 10 list ranks these vulnerabilities, which are based on actual attack activity data from 2025. Here’s where the top ten API risks stand as of 2025: Cross-site issues Injections Broken access control Insecure resource consumption Authentication flaws SSRF Memory corruption and overflows API leaks Authorization issues Weak secrets and cryptography API threats are increasingly common in enterprise AI platforms and tooling, cybersecurity platforms, and SaaS vendors. Some top examples include breaches or exposures at 700Credit, Qantas, Salesloft, SwissBorg, Claude, and a number of others. According to the report, identity failures were the primary breach accelerant across incidents. Year over year API data from ThreatStats Cross-Site Issues Cross-site issues took the lead in 2025, moving from fifth place in the year prior. Cross-site issues can exploit browser trust between browsers, sessions, and APIs. In an API context, cross-site scripting (XSS), may occur when an attacker sends malicious input into an API. API attackers might exploit cross-site request forgery (CSRF) for APIs that share session data. Other vulnerabilities are related to issues with cross-origin resource sharing (CORS), the browser security mechanism designed to prevent illegitimate requests. Injections Injections took the second-highest slot. This is when APIs accept untrusted input and pass it to systems, which can corrupt them. As we’ve covered before, types of API injection range from JSON injection, to GraphQL resolver abuse, to header injection, and beyond. Broken Access Control Broken access control also remains a pervasive API security risk. Either intentionally or not, access control is routinely left nonexistent or easily hackable. This aligns with other reports. For instance, data from 200 recent API vulnerabilities found that broken authentication- and authorization-related risks are the most common across breaches and exploits, according to 42Crunch. Familiar API Attack Patterns Resurface Beyond these top three vectors, API attackers are exploiting other areas, like insecure resource consumption, authentication flaws, and server-side request forgery (SSRF). API leaks and authorization issues, while lower on this list, are still prevalent and can wreak havoc. With unauthenticated access or authenticated access, business logic can be abused. This can be challenging to decipher since it often looks like legitimate traffic. Lastly, one unique emerging area has to do with memory corruption and overflows, in which attackers exploit GPU workloads. Since more and more enterprises are investing in high-performance computing for AI inference, this form of compute-jacking is anticipated to climb. Agentic AI Security Hinges on API Security All in all, APIs are the most dominant exploited attack surface. And this year’s ThreatStats Top 10 shifts reflect shifts in attacker focus and changing priorities and techniques using AI. The list differs slightly when compared to the 2023 OWASP top ten API risks as it represents more up-to-date, real-world attack behavior. In the AI age, what can be automated will be automated. As such, the report shares that techniques such as scraping, enumeration, and denial-of-service-style attacks are growing as attacker tooling becomes increasingly automated and AI-assisted. When AI systems are comprimised, APIs are often the doorway to critical systems and sensitive data. Since the data shows many vulnerabilities are both AI and API-related, security for the two paradigms really goes hand in hand. As the report describes, “Securing agentic AI starts with securing the APIs that give agents their context, tools, and authority.” As such, focusing on the guardrails around API access will be important to plug many of the aforementioned gaps. AI Summary This article examines how AI and agentic systems are amplifying familiar API security weaknesses, using data from Wallarm’s 2026 API ThreatStats Report to show why API security and AI security are now closely connected. APIs remain a leading attack surface, accounting for nearly one in five published vulnerabilities in 2025 and 43% of known exploited vulnerabilities in the CISA KEV catalog. Classic API risks still dominate real-world attacks, with cross-site issues, injections, and broken access control topping Wallarm’s observed threat rankings. Many API vulnerabilities are easy to exploit: 97% can be triggered with a single request, 59% require no authentication, and 67% are rated high or critical. AI-related vulnerabilities grew sharply in 2025, and 36% of published AI vulnerabilities also involve APIs, reinforcing that AI systems often inherit API-level exposure. Model Context Protocol (MCP) is emerging as a concentrated source of API risk in agentic AI environments, where weak runtime enforcement, direct API exposure, and over-permissioned tools can expand the blast radius. Intended for API architects, security engineers, platform teams, and developers evaluating API security risks in AI-powered and agentic systems. The latest API insights straight to your inbox
