WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
HOME ACCOUNT PRODUCTS NEWS ARTICLES DIRECTORY CLASSIFIEDS FORUMS TOOLS
* Post a FREE Ad on WebsiteGear Classifieds !
  Home News Web Hosting Computer Hardware Sunday, May 11, 2025 
Add Press Release News | News Feeds Feeds | Email This News Email


Wallarm Releases 2025 API ThreatStats Report, Revealing that APIs are the Predominant Attack Surface
Thursday, February 6, 2025

Report finds a staggering 1,205% surge in AI vulnerabilities, with nearly all directly tied to APIs

SAN FRANCISCO, Jan. 29, 2025 /PRNewswire/ -- Wallarm, a global leader in API security, today released its 2025 API ThreatStats Report, revealing that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks. Wallarm's annual report bridges a critical gap between technical and strategic aspects of API security by sharing actionable insights tailored to the distinct responsibilities of CISOs and CIOs.

"Based on our findings, what is clear is that API security is no longer just a technical challenge - it's now a business imperative," said Ivan Novikov, CEO and Co-Founder of Wallarm. "API related security flaws are fueled by the adoption of AI, as APIs are the critical interface between AI models and the applications they power. However, this rapid growth has exposed significant vulnerabilities. For instance, we found that 57% of AI-powered APIs were externally accessible, and 89% relied on insecure authentication mechanisms. Of particular concern is that only 11% had robust security measures in place, leaving most endpoints vulnerable. In today's environment, organizations cannot afford to not secure their APIs. Failure to do so means they are exposing themselves to grave risks that can result in costly technical vulnerabilities and reputational and operational crises."

Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs. With the exponential rise in AI adoption and exploits, Wallarm introduced a new ThreatStats Top 10 category, Memory Corruption and Overflow. This new category addresses vulnerabilities that arise from improper memory handling and access, resulting in security breaches such as unauthorized data access, crashes, and arbitrary code execution, and was driven by Wallarm's analysis of how AI workloads interact with hardware, exposing APIs to issues like buffer overflows and integer overflows.

Additionally, more than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before, and this highlights the growing prevalence and criticality of API security in modern threat environments. API vulnerabilities surpass traditional exploit categories like kernel, browser, and supply chain vulnerabilities, underscoring their central role in cyberattacks.

Key insights and observations include:

    --  AI as a catalyst for new vulnerabilities: In Wallarm's survey of 200
        US-based enterprise leaders on AI and API security, over 53% reported
        engaging in multiple AI deployments. These deployments are primarily
        enabled by API technology, cementing APIs as the foundation of
        enterprise AI adoption. However, while AI integration drives rapid API
        adoption across industries, it also introduces unique risks. For
        instance, Wallarm's threat intelligence flagged significant
        vulnerabilities in AI tools like PaddlePaddle and MLflow, which underpin
        enterprise AI deployments. These tools were exploited at API endpoints,
        compromising training data, siphoning intellectual property, or
        injecting malicious payloads into machine learning pipelines.
        Additionally, APIs facilitating real-time data exchanges between AI
        models and applications often lack adequate security measures, making
        them susceptible to injection, abuse, and memory-related exploits.
    --  Legacy and modern APIs both under attack: While legacy APIs such as
        those used in Digi Yatra and Optus incidents remain vulnerable due to
        outdated designs, modern RESTful APIs are equally at risk due to complex
        integration challenges and improper configurations. APIs now represent
        the largest category of exploited vulnerabilities in CISA KEV, with
        modern APIs representing over 33%. Exploits include improper
        authentication, injection attacks, and API endpoint misconfigurations,
        targeting enterprise-grade platforms with prominent attacks, including
        Invanti and Palo Alto Networks. Legacy APIs in web applications
        represent over 18% of exploited vulnerabilities. These vulnerabilities
        arise in older APIs typically used within web applications for AJAX
        backends, URL parameters, or direct calls to .php files. Often
        integrated into devices like cameras or IoT systems, these APIs lack the
        robust security measures of their modern counterparts, with key exploit
        types including URL-based injection, CSRF attacks, and outdated session
        handling mechanisms.
    --  Growing exploitation of authentication and access control: The Twilio
        and Tech in Asia breaches demonstrated how attackers exploit weak
        authentication and access control mechanisms to gain unauthorized
        access. These issues are exacerbated by the decentralized nature of API
        management in large organizations, as API-related breaches escalate in
        frequency and severity. For instance, in last year's Wallarm Annual
        Report based on 2023 data, API-related breaches were significant but
        sparse, with only a few incidents reported each quarter. In 2024, this
        picture changed dramatically, with an average of three monthly
        incidents--and, at times, as many as five to seven breaches each month.
        The rise of API-driven systems in sectors like healthcare,
        transportation, technology, and financial services has led to a surge in
        vulnerabilities, placing APIs squarely at the center of the
        cybersecurity landscape.

Underscoring the report's central findings is that AI security is API security. As APIs drive innovation, particularly in AI-enabled systems, organizations need real-time API controls to protect their business operations, customer trust, and long-term success. Looking ahead to 2025, organizations must prioritize API security to safeguard their systems and unlock the full potential of APIs as the key driver of business transformation.

To download the report, visit https://www.wallarm.com/resources/2025-api-threatstats-tm-report.

Methodology
The Wallarm API ThreatStats methodology represents a scientifically grounded and reproducible approach to analyzing and categorizing API-related vulnerabilities. Designed to achieve 99% coverage for API-related CVEs and bug bounty reports published in 2024, this methodology is rooted in rigorous statistical analysis, precise CWE mapping, and a carefully validated classification system. Wallarm's methodology ensures that the insights provided are actionable and objectively derived from empirical data.

About Wallarm
Wallarm, the integrated API Security company, provides robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Wallarm is the preferred choice of hundreds of Security and DevOps teams for comprehensive discovery of web apps and API endpoints, protection against emerging threats throughout their API portfolio, and automated incident response to enhance risk management. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y ?ombinator, Partech, and other investors.

Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
kearney@hi-touchpr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/wallarm-releases-2025-api-threatstats-report-revealing-that-apis-are-the-predominant-attack-surface-302357760.html

SOURCE Wallarm



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav 4BY4 to Showcase AI Video Solution 'PIXELL' at NAB 2025 with 8K Association | Mar 28, 2025
Nav Halfpricesoft.com Launches ez1095 ACA Software: Streamline 1095 Efiling | Mar 28, 2025
Nav SonicWall's Zero Trust Network Access (ZTNA) Solutions Driving Success Tackling 2025's Biggest Cybersecurity Challenges | Mar 28, 2025
Nav Innovative Control Systems Introduces New AI-Powered License-Plate Recognition Solution | Mar 28, 2025
Nav AI Demand Fuels Server and Storage Component Revenues to Record $244 Billion in 2024, According to Dell'Oro Group | Mar 28, 2025
Nav TerraMaster Launches D4-320U Ultra-Short 4-Bay Rackmount USB3.2 10Gbps Expansion Enclosure, Enabling Easy Expansion for NAS and Servers | Mar 28, 2025
Nav QuickLogic Announces the Amendment and Extension of Credit Facility | Mar 28, 2025
Nav Crypto4A Technologies Submits PQC-Capable QASM for FIPS 140-3 Level 3 Certification | Mar 28, 2025
Nav 365 Retail Markets Unveils Refreshed 365Pay App, Enhancing User Experience and Streamlining Operations | Mar 28, 2025
Nav Introducing PDW SIM, a Next-Generation Flight Simulator for Tactical Small Unmanned Aircraft Systems | Mar 28, 2025
NEWS SEARCH
Survey Software
Survey Software
Click Tracking Software
Click Tracking
Poll Software
Poll Software
Rating Software
Rating Software
FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News
Copyright © 2003-2025 WebsiteGear Inc. All rights reserved. WEBSITEGEAR® is a registered trademark of WebsiteGear Inc.