API Threats Rise with AI-Driven Attacks: Expanding the Attack Surface
The Growing Threat of API Exploits: How AI is Expanding the Attack Surface
The increasing reliance on Application Programming Interfaces (APIs) has created a vast attack surface that threat actors are eager to exploit.
According to a recent analysis of over 60,000 published vulnerabilities, more than 17% were API-related, with 43% of exploited vulnerabilities in the CISA KEV Catalog being API-related.
This trend is expected to continue, with the rise of Artificial Intelligence (AI) technologies amplifying existing weaknesses and creating new ones.
Top API-Relevant Breaches of 2025
The report highlights the top ten API-relevant breaches of 2025, with 700Credit, Qantas, and Salesloft being among the most notable.
The Increasing Use of AI in API Security
The increasing use of AI in various applications has made API security a critical concern, as every AI interaction is mediated through an API.
“API security is at the heart of any AI transformation” and “the consequences of getting it wrong are much larger and much more impactful” due to the nature of AI.
– Ivan Novikov, founder and CEO at Wallarm
The Emergence of the Model Context Protocol (MCP)
The emergence of the Model Context Protocol (MCP) is also expected to play a significant role in future API security issues.
MCP is a control plane API for agents, and if exposed or misconfigured, attackers can gain leverage over autonomous workflows rather than single endpoints.
Wallarm found 315 MCP-related vulnerabilities in 2025, with a 270% increase in MCP vulnerabilities between Q2 and Q3 2025.
The Danger Posed by MCP Vulnerabilities
The danger posed by MCP vulnerabilities lies in their ability to combine three failure modes: over-permissioned tools, direct API exposure, and lack of runtime enforcement.
This can result in policy violations being visible only after the damage has occurred.
As MCP is an open-source standard, users are likely to create or inherit vulnerabilities, with no single source to fix them.
Common API Weaknesses
The analysis also reveals that cross-site issues have become the most frequent area of abuse, rising from fifth in 2024 to number one in 2025.
Injections ranked second, while broken access control and insecure resource consumption also remain significant weaknesses.
These API weaknesses are the most commonly abused, and attackers will continue to exploit them if not addressed.
Conclusion
The report concludes that attackers favor targeting logic, trust, and usage over exploiting bugs, and that AI is amplifying existing weaknesses rather than introducing new ones.
Runtime behavior defines API risk, not pre-production testing, and most API vulnerabilities are fast, remote, and easy to exploit.
In 59% of cases, no authentication is required, making it easier for attackers to take advantage of these vulnerabilities.
Recommendations
The findings emphasize the need for robust API security measures to prevent the exploitation of these weaknesses.
As AI continues to expand the attack surface, it is essential to prioritize API security to prevent severe consequences.
About Author
English