In 2025, 36% of AI-related KEVs involved an API attack surface.

99% of API vulnerabilities are remotely exploitable.

In 2025, 17% of 67,058 published vulnerabilities (11,053 vulnerabilities) were API-related.

88% of CISOs and AppSec executives are willing to replace API security solutions.

Malicious web application and API transactions rose 128% year over year.

In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.

In 2025, 36% of AI-related vulnerabilities involved APIs (786 of 2,185 AI-related vulnerabilities).

97% of API vulnerabilities can be exploited with a single request.

98% of API vulnerabilities are easy or trivial to exploit.

59% of API vulnerabilities require no authentication.

In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches, tying software as the largest category in the dataset.

44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.

API attacks increased by 41% due to the rise of agentic AI relying heavily on APIs.

50% of security leaders have slowed a new application rollout due to API security concerns.

Traditional API security systems can take 5-10 minutes to detect and remediate threats.