Application programming interfaces (APIs) have become the primary target for cyberattacks, fueling breaches at machine speed in the AI era. A new report from application security firm Wallarm highlights that APIs are now the single most exploited attack surface across vulnerabilities and real-world breaches.
Analysis of 2025 data, including cybersecurity agency catalogs and publicly disclosed breaches, found that 17% of published vulnerabilities and 43% of critical exploited vulnerabilities were API-related. The convergence of artificial intelligence and APIs significantly accelerates these threats. Of AI-related vulnerabilities, 36% involved APIs, indicating that "AI security is API security" in practice.
API flaws are particularly dangerous: 97% can be exploited with a single request, 98% are easy to exploit, and 99% are remotely exploitable. In nearly 60% of cases, no authentication is required, creating an attack surface optimized for speed and scale.
Wallarm CEO Ivan Novikov stated, "API security is at the heart of any AI transformation. Every AI application or agent interaction is mediated through an API. API security is integral to successful AI adoption and AI by its very nature has made the consequences of getting it wrong much larger and much more impactful."
Security leaders are advised to prioritize API security by addressing identity, exposure, and abuse to mitigate material business risks.