There was an average of three API-related breaches per month in 2024, with some months seeing as many as five to seven.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
APIData BreachFrequencyRisk
Machine learning-based discovery tools often identify 31% more API endpoints than those reported by enterprises.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AIAPIVulnerabilityAuthentication
18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
APILegacy SystemsExploitsSecurity
Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AIAPIAuthenticationSecurity
Newly published API endpoints are discovered by attackers in a mere 29 seconds.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmAPIEndpointAttack DetectionSpeed
Traditional API security systems can take 5-10 minutes to detect and remediate threats.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmAPI SecurityThreat DetectionRemediation SpeedTraditional Systems
Wallarm tracked 439 AI-related CVEs in 2024.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AICVEAPIVulnerabilities
33.5% of the API-related exploits targeted modern APIs, like RESTful and GraphQL.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
APIExploitRESTfulGraphQL
21.5% of AI vulnerabilities are indirectly tied to APIs, including flaws in third-party integrations.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmAIVulnerabilityThird-party IntegrationsAPI
Kernel exploits accounted for 5.4% of the CISA KEV exploits.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmExploitsKernel ExploitsCISA KEVRisk
Mobile exploits accounted for 5.9% of the CISA KEV exploits.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmExploitsMobile ExploitsCISA KEVRisk
AI vulnerabilities increased by 1,025% from 2023 to 2024.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AIVulnerabilityAPIRisk
Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
APIVulnerabilityExploitsSecurity
35% of enterprises are just beginning their AI journey.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AIEnterpriseDeploymentSecurity readiness
63% of enterprise leaders believe AI increases API security risk.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
AIAPISecurity RiskEnterprise Leaders
77.4% of API-related vulnerabilities in AI products are directly API-related, such as weak API authentication, inadequate rate limiting, and broken access controls.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmAIAPIVulnerabilityAuthentication
Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks.
Wallarm2025 API ThreatStats Report·Jan 1, 2025
WallarmAPIData ExfiltrationAttack SpeedRisk
Only 1.1% of the vulnerabilities in AI products were entirely unrelated to APIs.