HomeRisk ManagementsThe Rise of API Vulnerabilities Soars by 1,205% Due to AI Advancements

The Rise of API Vulnerabilities Soars by 1,205% Due to AI Advancements

Published on

spot_img

The rise of AI-driven API vulnerabilities has been staggering, with a whopping 1205% increase in the past year alone. This alarming trend has been highlighted in the latest 2025 API ThreatStats Report by Wallarm, which has shed light on how AI has become the primary instigator of API security threats. Nearly 99% of AI-related vulnerabilities are directly linked to flaws in APIs, indicating a pressing need for heightened security measures in this sector.

According to the report, a significant portion of AI-powered APIs – 57% to be exact – are accessible externally, leaving them vulnerable to malicious attacks. Furthermore, a staggering 89% of these APIs lack secure authentication protocols, making them easy targets for cybercriminals. Only a mere 11% of AI-powered APIs have robust security measures in place, indicating a critical gap in API security practices across industries.

Wallarm’s research uncovered a total of 439 AI-related Common Vulnerabilities and Exposures (CVEs) in 2024. Many of these vulnerabilities stemmed from injection flaws, misconfigurations, and a newly identified category known as Memory Corruption and Overflow, which were caused by AI’s reliance on high-performance binary APIs.

A notable revelation from the report is the dominance of APIs in the cybersecurity threat landscape. For the first time, over 50% of all recorded CISA exploited vulnerabilities were API-related, marking a significant increase from just 20% in 2023. Among these vulnerabilities, 33.5% targeted modern RESTful and GraphQL APIs, while 18.9% affected legacy systems like AJAX-based APIs and URL parameter vulnerabilities.

Real-world incidents have further underscored the risks associated with API vulnerabilities. The Dell API breach in May 2024 exposed 49 million records, while Twilio’s Authy exploit compromised 33.4 million phone numbers. In the healthcare sector, Ascension Health faced a devastating API breach affecting 5.6 million patients in December of the same year.

Key takeaways from the report include the revelation that the deployment of AI is a major driver of API vulnerabilities, with 53% of enterprises engaged in multiple AI projects. Additionally, authentication flaws remain a critical issue, as 89% of AI-powered APIs use insecure authentication methods. Legacy and modern APIs are equally at risk, with over 33% of CISA KEV vulnerabilities involving modern API technologies.

Moreover, the emergence of memory corruption vulnerabilities due to AI’s reliance on high-performance computing poses new challenges for API security. The report also notes that API breaches tripled in 2024, with incidents escalating from a few per quarter to multiple per month.

In light of these findings, Wallarm urges organizations to prioritize API security by implementing real-time security controls to mitigate risks. As API-related threats continue to rise, it is imperative for enterprises to safeguard their operations, data, and reputation by bolstering their API security measures.

Source link

Latest articles

Delhi Police Includes Cyber Fraud Alert in Valentine’s Day Message: ‘Love Should Be…’

In an innovative move, the Delhi Police used the occasion of 'Propose Day' to...

Hewlett Packard notifies employees of data breach by Russian hackers

Hewlett Packard Enterprise (HPE) has recently disclosed a cyberattack that took place in May...

Attackers conceal malicious code within Hugging Face AI model Pickle files

In the realm of machine learning (ML) models, Pickle stands out as a popular...

Ghidra 11.3 release includes new features, performance enhancements, and bug fixes

The NSA's Research Directorate recently announced the release of Ghidra 11.3, the latest version...

More like this

Delhi Police Includes Cyber Fraud Alert in Valentine’s Day Message: ‘Love Should Be…’

In an innovative move, the Delhi Police used the occasion of 'Propose Day' to...

Hewlett Packard notifies employees of data breach by Russian hackers

Hewlett Packard Enterprise (HPE) has recently disclosed a cyberattack that took place in May...

Attackers conceal malicious code within Hugging Face AI model Pickle files

In the realm of machine learning (ML) models, Pickle stands out as a popular...