Key Findings
API-related data breaches tripled in 2024.
There was an average of three API-related breaches per month in 2024, with some months seeing as many as five to seven.
Machine learning-based discovery tools often identify 31% more API endpoints than those reported by enterprises.
18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.
Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.
Newly published API endpoints are discovered by attackers in a mere 29 seconds.
Traditional API security systems can take 5-10 minutes to detect and remediate threats.
Wallarm tracked 439 AI-related CVEs in 2024.
33.5% of the API-related exploits targeted modern APIs, like RESTful and GraphQL.
21.5% of AI vulnerabilities are indirectly tied to APIs, including flaws in third-party integrations.
Kernel exploits accounted for 5.4% of the CISA KEV exploits.
Mobile exploits accounted for 5.9% of the CISA KEV exploits.
AI vulnerabilities increased by 1,025% from 2023 to 2024.
Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.
35% of enterprises are just beginning their AI journey.
63% of enterprise leaders believe AI increases API security risk.
77.4% of API-related vulnerabilities in AI products are directly API-related, such as weak API authentication, inadequate rate limiting, and broken access controls.
Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks.
Only 1.1% of the vulnerabilities in AI products were entirely unrelated to APIs.
Browser exploits accounted for 9.2% of the CISA KEV exploits.
12% of enterprises are waiting for security controls to be ready before deploying AI.
54% of enterprises report engaging in multiple AI deployments.
57% of AI-powered APIs were externally accessible.
89% of AI-powered APIs relied on insecure authentication mechanisms, like static keys.
34% of enterprises admit their security controls are lagging behind AI's rapid deployment.
Supply chain exploits accounted for 1.1% of the CISA KEV exploits.
48% of enterprises report implementing specific security controls for AI deployments.
98.9% of AI vulnerabilities are API related.