Wallarm’s 2025 API ThreatStats Report exposes a startling rise in AI-focused attacks, with researchers tracking 439 AI-related CVEs in 2024—a 1,025% jump over the previous year.
Almost all of these exploits 99% involve weak or poorly configured APIs. Injection flaws, misconfigurations, and the sudden prominence of memory corruption vulnerabilities underscore how AI’s rapid growth is outpacing typical security measures.
Enterprises are embracing AI at breakneck speed. More than half of surveyed organizations report multiple AI-driven projects, relying heavily on API endpoints to transmit data, power machine learning models, and integrate AI-based features.
Yet 57% of these AI-enabled APIs are publicly accessible, and only 11% use solid authentication methods. Attackers exploit these gaps to inject malicious payloads, steal or poison training data, and manipulate AI pipelines.
Wallarm’s report highlights “Memory Corruption & Overflows” as a newly categorized threat. AI workloads depend on high-performance binary APIs that push the limits of underlying hardware.
This makes flaws like buffer overflows and integer overflows more common, allowing attackers to crash systems, leak sensitive data, or run arbitrary code.
The Twilio and Tech in Asia breaches show how easily misconfigured or poorly protected APIs open a direct route for attackers to compromise critical infrastructure.
API exploitation now surpasses more traditional vectors, such as kernel or supply-chain attacks. More than half of CISA’s widely exploited vulnerabilities fall into API-based threats.
Legacy endpoints like .php backends and AJAX calls persist in many production systems, particularly in finance, healthcare, and government, compounding overall risk with outdated session handling and authentication approaches.
Wallarm researchers analyzed 99% of all API-centric CVEs and bug bounty disclosures published in 2024, mapping these findings to CWE categories for direct insights. Results confirm that as AI evolves, API security must become a top priority.
Strong real-time detection, robust authentication, and memory-safety checks are critical to protect high-value data and maintain system integrity. Download the PDF report.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck into…
According to IBM Security annual research, "Cost of a Data Breach Report 2024", an average…
A critical security flaw in NVIDIA's Riva framework, an AI-powered speech and translation service, has…
CISA officially added a significant security flaw affecting Broadcom’s Brocade Fabric OS to its authoritative…
A critical vulnerability in Apple’s AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active…
A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to…