APPLICATION SECURITY API Threats Grow in Scale as AI Expands the Blast Radius New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact. By Kevin Townsend | February 17, 2026 (9:00 AM ET) Flipboard Reddit Whatsapp Email Application Programming Interfaces (APIs) remain an attacker-favored exploit route. Aggressors continuously target common failures in identity, access control and exposed interfaces – often at scale and machine speed. AI is increasing the threat surface. In an analysis of more than 60,000 published vulnerabilities disclosed in 2025, Wallarm found more than 11,000 (17%) were API-related. A concurrent analysis of CISA KEV Catalog additions for 2025 found 43% of exploited vulnerabilities were API-related. The report demonstrates the severity of the threat by including details of the top ten API-relevant breaches from 2025. The top three are 700Credit, Qantas, and Salesloft. A standout element of the report is the continuing expansion of AI technologies and their effect on APIs and AI security. “API security is at the heart of any AI transformation,” comments Ivan Novikov, founder and CEO at Wallarm. “Every AI application or agent interaction is mediated through an API. API security is integral to successful AI adoption, and AI by its very nature has made the consequences of getting it wrong much larger and much more impactful.” MCP-related vulnerabilities The rise of the Model Context Protocol (MCP) will inevitably play a major part in future AI/API issues. “MCP emerged as a leading indicator of where API risk is heading,” states the report. It describes that MCP is a control plane API for agents. If exposed or misconfigured, “Attackers gain leverage over autonomous workflows rather than single endpoints.” Wallarm found 315 MCP-related vulnerabilities in 2025. The threat is already severe, and likely to grow. MCP is too new to yet make year on year comparisons, but the firm noted a 270% increase in MCP vulnerabilities between Q2 and Q3 2025: describing it as a ‘stunning momentum for a protocol that is still early in adoption’. ADVERTISEMENT. SCROLL TO CONTINUE READING. The danger from MCP vulnerabilities is they consistently combine three failure modes: over-permissioned tools (with agents granted broad API access by default), direct API exposure (often containing the common API vulnerabilities), and lack of runtime enforcement (meaning policy violations are only visible after the damage occurs). It is unlikely the MCP threat can be contained going forward. It is an open source standard that allows LLMs to connect to data sources and tools. Each user takes the open source and creates their own MCP server for their own use. “MCP servers are software, and we should expect the same risk patterns with it as with other software,” comments Tim Erlin, security strategist at Wallarm. “There will always be vulnerabilities. In some cases, they will be specific to one implementation, in other – likely fewer– cases, they might be inherent in the protocol itself.” Basically, MCP users are likely to create or inherit vulnerabilities, while there is no original source to fix. “MCP can’t be ‘fixed’ at its source because there are multiple vendors participating in the MCP ecosystem,” continues Erin. “There isn’t one source to fix.” Analyzing the weaknesses in APIs generally, Wallarm found that cross site issues rose from the fifth most frequent area of abuse in 2024, to number one in 2025, suggesting a change in attacker focus. Injections ranked one in 2024, and two in 2025. “It’s clear that despite years of industry education about injections, APIs continue to process vast volumes of untrusted input and pass it directly into downstream systems,” states the analysis. Broken access control moved down from number two to number three, while insecure resource consumption rose from number seven to number four. These API weaknesses are the most commonly abused weaknesses; but the complete list needs to be fixed. Attackers always use the easiest route, and if some are closed, they’ll use the other weaknesses. Analyzing its statistics, Wallarm comes to three conclusions. Firstly, attackers favor abuse over bugs, by targeting logic, trust and usage. Secondly, AI is amplifying existing weaknesses rather than introducing new ones. Thirdly, runtime behavior defines the API risk, not pre-production testing. Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes. The report finds 97% of API vulnerabilities can be exploited with a single request, 98% are easy or trivial to exploit, and 99% are remotely exploitable. In 59% of cases, no authentication is required. Related: Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore Related: Equixly Raises $11 Million for AI-Powered API Penetration Testing Related: SesameOp Malware Abuses OpenAI API Related: Claude AI APIs Can Be Abused for Data Exfiltration WRITTEN BY Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend Hacker Conversations: Professional Hacker Douglas Day RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign Cyber Insights 2026: Cyberwar and Rising Nation State Threats Cyber Insights 2026: Malware and Cyberattacks in the Age of AI Aisy Launches Out of Stealth to Transform Vulnerability Management Latest News Man Linked to Phobos Ransomware Arrested in Poland 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos Password Managers Vulnerable to Vault Compromise Under Malicious Server Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security CISA Navigates DHS Shutdown With Reduced Staff Microsoft Warns of ClickFix Attack Abusing DNS Lookups Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash TRENDING Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit PEOPLE ON THE MOVE Robert Carvajal has been appointed as CISO of BayCare Health System. KnowBe4 announced the appointment of Kelly Morgan as Chief Customer Officer. CrowdStrike has named Jonathon Dixon as vice president and managing director for the JAPAC region. More People On The Move EXPERT INSIGHTS How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Flipboard Reddit Whatsapp Email