In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.

February 22, 2026

In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset. — This cybersecurity statistic was published by Wallarm in February 2026. It covers topics including API Security, APIs, KEV. The original data appears in API ThreatStats Report 2026. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 2/17/2026

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset. This data was published by Wallarm and covers API Security, APIs, KEV.

Where does this data come from?

This statistic comes from API ThreatStats Report 2026, published by Wallarm on February 22, 2026. You can view the original report at https://www.wallarm.com/reports/2026-wallarm-api-threatstats-report.

What cybersecurity topics does this cover?

This statistic relates to API Security, APIs, KEV. Browse more statistics on API Security or from Wallarm.

CYBERSTATS

In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.

Source

Share or Copy this stat

Frequently Asked Questions

Want More Statistics Like This?

Related Statistics

In 2025, 36% of AI-related KEVs involved an API attack surface.

99% of API vulnerabilities are remotely exploitable.

In 2025, 17% of 67,058 published vulnerabilities (11,053 vulnerabilities) were API-related.

88% of CISOs and AppSec executives are willing to replace API security solutions.

Malicious web application and API transactions rose 128% year over year.

98% of API vulnerabilities are easy or trivial to exploit.

Browse by Topic

Stay Ahead of Cyber Threats