56% of organisations concerned with over-privileged API access.

Financial services, healthcare, and e-commerce are the most affected sectors by sophisticated bot attacks targeting APIs

API-related data breaches tripled in 2024.

There was an average of three API-related breaches per month in 2024, with some months seeing as many as five to seven.

Machine learning-based discovery tools often identify 31% more API endpoints than those reported by enterprises.

18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.

Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.

Newly published API endpoints are discovered by attackers in a mere 29 seconds.

Wallarm tracked 439 AI-related CVEs in 2024.

33.5% of the API-related exploits targeted modern APIs, like RESTful and GraphQL.

21.5% of AI vulnerabilities are indirectly tied to APIs, including flaws in third-party integrations.

AI vulnerabilities increased by 1,025% from 2023 to 2024.

Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.

63% of enterprise leaders believe AI increases API security risk.

77.4% of API-related vulnerabilities in AI products are directly API-related, such as weak API authentication, inadequate rate limiting, and broken access controls.

Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks.

57% of AI-powered APIs were externally accessible.

89% of AI-powered APIs relied on insecure authentication mechanisms, like static keys.

34% of enterprises admit their security controls are lagging behind AI's rapid deployment.

98.9% of AI vulnerabilities are API related.