
Wallarm’s latest findings show AI has become the top driver of surging API vulnerabilities. Researchers identified 439 AI-related CVEs in 2024—a 1,025% leap from the previous year—with nearly all of them exploiting insecure APIs. Injection flaws, misconfigurations, and newly prevalent memory corruption threats are leading culprits.
Wallarm’s data points to AI’s hungry demand for high-performance binary APIs. Buffer overflows and integer overflows spike when AI workloads push hardware limits. The newly added Memory Corruption & Overflows category reveals how these vulnerabilities often let attackers steal data, crash systems, or run arbitrary code.
Enterprises are rushing to integrate AI. Over 57% of surveyed AI-powered APIs are publicly exposed, yet 89% have weak authentication measures and only 11% apply strong protections. Hackers target these endpoints for malicious payload injection or unauthorized access. Attacks on companies like Twilio and Tech in Asia highlight how easy it is to bypass insufficient API controls and gain inside access.
API-based exploits now account for more than half of CISA’s widely exploited vulnerabilities, surpassing kernel and supply chain attacks. Attackers are also capitalizing on older APIs—such as .php backends and AJAX calls—found in legacy systems across healthcare, finance, and government agencies. These endpoints often miss even basic safeguards.
Wallarm surveyed CVEs and bug bounty data to produce a near-99% coverage of API-focused security flaws, mapping them to CWE categories. Every sign points to increased AI adoption fueling growth in API risks—especially memory corruption. Rapid detection, real-time security controls, and strong authentication have become must-haves.
Download the Full Report: https://www.wallarm.com/resources/2025-api-threatstats-report-ai-security-at-raise