Cyber Security News

API Threats Grow in Scale as AI Expands the Blast Radius

CybersecurityNews
API Threats Grow in Scale as AI Expands the Blast Radius

APIs remain a primary attacker-favored route — Wallarm found 17% of 2025 vulnerabilities were API-related and 43% of exploited CISA KEV entries in 2025 were tied to APIs, contributing to major breaches at 700Credit, Qantas, and Salesloft. The rapid growth of AI and the Model Context Protocol (MCP) is amplifying API risk by enabling over-permissioned agents, exposed control-plane APIs, and failures only visible at runtime, while most API flaws are remotely and trivially exploitable. #MCP #700Credit

Keypoints

  • 17% of published 2025 vulnerabilities were API-related, and 43% of exploited CISA KEV additions were tied to APIs.
  • Top API-relevant breaches in 2025 included 700Credit, Qantas, and Salesloft.
  • MCP vulnerabilities surged in 2025 (315 found) with a 270% increase between Q2 and Q3, creating control-plane risks for AI agents.
  • Attackers favor logic and trust abuses; 97% of API vulnerabilities can be exploited with a single request and 99% are remotely exploitable.
  • Runtime behavior, not pre-production testing, defines API risk, driven by over-permissioned tools, direct API exposure, and lack of runtime enforcement.

Read More: https://www.securityweek.com/api-threats-grow-in-scale-as-ai-expands-the-blast-radius/