In 2025, 36% of AI-related KEVs involved an API attack surface.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
AI-related VulnerabilitiesAPI SecurityAI-related KEVsKEVsAPI Attack Surface
99% of API vulnerabilities are remotely exploitable.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityRemote ExploitationAPI VulnerabilitiesVulnerabilities
In 2025, 17% of 67,058 published vulnerabilities (11,053 vulnerabilities) were API-related.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityVulnerabilitiesAPI Vulnerabilities
In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityAPIsKEV
In 2025, 36% of AI-related vulnerabilities involved APIs (786 of 2,185 AI-related vulnerabilities).
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
AI-related VulnerabilitiesAPI SecurityAPIs
In 2025, 14% of published AI vulnerabilities were MCP-related (315 MCP-related vulnerabilities).
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
AI VulnerabilitiesModel Context ProtocolVulnerabilities
97% of API vulnerabilities can be exploited with a single request.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityExploitabilityAPI VulnerabilitiesVulnerabilities
MCP vulnerabilities grew 270% from Q2 to Q3 in 2025.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
AI SecurityModel Context ProtocolMCP VulnerabilitiesVulnerabilities
98% of API vulnerabilities are easy or trivial to exploit.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityExploitabilityVulnerabilities
59% of API vulnerabilities require no authentication.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
API SecurityAuthenticationAPI VulnerabilitiesVulnerabilities
In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches, tying software as the largest category in the dataset.
WallarmAPI ThreatStats Report 2026·Feb 17, 2026
Data BreachesAI PlatformsAPI Security