Key Findings
In 2024, there was an average of three monthly API-related breach incidents—and, at times, as many as five to seven breaches each month.
Wallarm's researchers tracked 439 AI-related CVEs, a 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs.
Legacy APIs in web applications represent over 18% of exploited vulnerabilities.
57% of AI-powered APIs were externally accessible, and 89% relied on insecure authentication mechanisms.
Over 53% of enterprise leaders surveyed reported engaging in multiple AI deployments.
More than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before.
Only 11% of AI-powered APIs had robust security measures in place, leaving most endpoints vulnerable.
Modern APIs represent over 33% of exploited vulnerabilities in CISA KEV.