San Francisco, August 2025 – Wallarm, the unified platform for API and agentic AI security, today released its Q2 2025 API ThreatStats Report, revealing significant shifts in the API threat landscape. The report highlights a steep rise in logic-layer vulnerabilities and a new wave of exploits targeting AI development and orchestration environments.
AI-Powered APIs Under Fire
Wallarm researchers observed that this quarter marked a surge in AI-powered API vulnerabilities, underscoring the risks created by large language models (LLMs), agent-driven architectures, and their integrations. The report details real-world incidents ranging from SaaS collaboration platforms to cloud infrastructure services, where weak authentication, insecure defaults, and lack of runtime visibility allowed attackers to gain footholds.
“Attackers are no longer just scanning for outdated libraries, they’re exploiting the way APIs behave—especially those powering AI systems and automation,” said Ivan Novikov, CEO and Co-founder of Wallarm. “Security teams must expand their visibility to include runtime context and adopt testing approaches that match the complexity of today’s dynamic, interconnected APIs.”
Key Findings from Q2 2025
- API vulnerabilities are accelerating – A total of 639 API-related CVEs were disclosed in Q2 2025, continuing a quarter-over-quarter upward trend. Most were Critical or High Severity, reflecting their growing business impact.
- AI APIs are a prime attack surface – At least 34 vulnerabilities were tied to AI-related APIs, including LLM endpoints, orchestration layers, and agent frameworks. One publicly reported breach stemmed from an exploited AI agent vulnerability, marking a real-world example of these risks.
- Attackers are shifting tactics – Instead of relying solely on dependency flaws, adversaries are increasingly targeting logic-layer weaknesses and API workflows, which are harder to detect and mitigate with traditional tools.
The Bigger Picture
With APIs now central to digital transformation and AI integration, attackers are pivoting toward exploiting the runtime behavior of these systems. The Wallarm ThreatStats Report stresses the need for:
- Runtime-first API protection to detect behavioral anomalies.
- Continuous testing approaches that account for complex, interconnected API ecosystems.
- Visibility into AI-driven APIs, where data flows and agent behavior introduce new risks.
Wallarm positions its research and solutions as a roadmap for security leaders navigating this fast-moving landscape. By equipping organizations with real-time protection and insights into AI-specific threats, Wallarm aims to safeguard modern businesses against the evolving API threat cycle.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
