API Vulnerabilities Surge 1,025%, Threatening AI Security (PDF)
Wallarm’s 2025 API ThreatStats Report exposes a startling rise in AI-focused attacks, with researchers tracking 439 AI-related CVEs in 2024—a 1,025% jump over the previous year.
Almost all of these exploits 99% involve weak or poorly configured APIs. Injection flaws, misconfigurations, and the sudden prominence of memory corruption vulnerabilities underscore how AI’s rapid growth is outpacing typical security measures.
Enterprises are embracing AI at breakneck speed. More than half of surveyed organizations report multiple AI-driven projects, relying heavily on API endpoints to transmit data, power machine learning models, and integrate AI-based features.
API Security Threats
Yet 57% of these AI-enabled APIs are publicly accessible, and only 11% use solid authentication methods. Attackers exploit these gaps to inject malicious payloads, steal or poison training data, and manipulate AI pipelines.
Wallarm’s report highlights “Memory Corruption & Overflows” as a newly categorized threat. AI workloads depend on high-performance binary APIs that push the limits of underlying hardware.
This makes flaws like buffer overflows and integer overflows more common, allowing attackers to crash systems, leak sensitive data, or run arbitrary code.
The Twilio and Tech in Asia breaches show how easily misconfigured or poorly protected APIs open a direct route for attackers to compromise critical infrastructure.
API exploitation now surpasses more traditional vectors, such as kernel or supply-chain attacks. More than half of CISA’s widely exploited vulnerabilities fall into API-based threats.
Legacy endpoints like .php backends and AJAX calls persist in many production systems, particularly in finance, healthcare, and government, compounding overall risk with outdated session handling and authentication approaches.
Wallarm researchers analyzed 99% of all API-centric CVEs and bug bounty disclosures published in 2024, mapping these findings to CWE categories for direct insights. Results confirm that as AI evolves, API security must become a top priority.
Strong real-time detection, robust authentication, and memory-safety checks are critical to protect high-value data and maintain system integrity. Download the PDFreport.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
