In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.

In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.

In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.

In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.

In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.

In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.

In Q3 2025, authorization issues made up 28% of all API vulnerabilities.

65% of organizations generate revenue from their API programs.

89% of developers use AI.

13% of developers design APIs equally for humans and AI agents.

7% of developers primarily design APIs for AI agents/machine consumption.

14% of organizations that generate API revenue derive between 51% to 75% of their total revenue from APIs.

50% of teams adopt Webhooks as an API pattern.

35% of teams adopt WebSockets as an API pattern.

33% of teams adopt GraphQL as an API pattern.

69% of organizations use one API gateway.

9% of organizations were unsure about their API security budget increase.

Nearly a quarter (25%) of organizations that generate API revenue derive more than half their total revenue from API programs.

2% of respondents identified 'Other' as their biggest concern about their company’s overall API program.

15% of organizations were not very confident in their ability to detect and respond to attacks leveraging Generative AI.