Wallarm today announced the findings of The Rise of Agentic AI, the API ThreatStats report for Q1 2025. The report found that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their defenses.
While APIs are central to all Agentic workflows, cybersecurity standards such as CVE and CISA KEV are trailing indicators of API and overall security risks presented by Agentic AI. In order to gain insights into current and future trends, Wallarm researchers took a deep dive into GitHub security issues for Agentic repositories. Of the approximate 4,700 security issues analyzed in Agentic AI projects, they found that half were API-related (49%), underscoring the inseparability of agent and API security.
The report also analyzed API breaches that occurred in Q1 2025. No industry was immune, as highlighted by breaches impacting organizations such as Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, National Health Service (NHS) UK, Microsoft, BeyondTrust, and OmniGPT.
Key findings include:
- Nearly half of all security issues in Agentic AI repositories (49%) are API-related and over 1,000 issues remain unaddressed.
- 22% of reported security issues remain open, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.
- The top five API breaches span cloud, AI, automotive, and healthcare, underscoring industry-wide concerns and urgent relevance to cybersecurity worldwide.
- With 60% of top vulnerabilities found to be access control-related, access control remains prevalent across APIs.
APIs are not just part of the attack surface — they are the attack surface. From legacy system exposures to AI-native risks, attackers are increasingly targeting APIs as both the entry point and objective. In order to protect themselves from these threats, organizations need to take proactive measures to ensure existing threat models account for the current environment and prioritize API security by updating API threat models and security workflows, creating Agentic AI security strategies, implementing real-time monitoring of API traffic, and updating both threat intelligence and API discovery methodology.
To download the full Q1 2025 API Threat Report, visit http://www.wallarm.com/press-releases/wallarm-unveils-findings-from-q1-2025-api-threat-report-uncovering-evolving-api-threats-across-multiple-industries
Like this:
Like Loading...
Related
This entry was posted on April 24, 2025 at 8:00 am and is filed under Commentary with tags Wallarm. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Wallarm Unveils Findings from Q1 2025 API Threat Report, Uncovering Evolving API Threats Across Multiple Industries
Wallarm today announced the findings of The Rise of Agentic AI, the API ThreatStats report for Q1 2025. The report found that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their defenses.
While APIs are central to all Agentic workflows, cybersecurity standards such as CVE and CISA KEV are trailing indicators of API and overall security risks presented by Agentic AI. In order to gain insights into current and future trends, Wallarm researchers took a deep dive into GitHub security issues for Agentic repositories. Of the approximate 4,700 security issues analyzed in Agentic AI projects, they found that half were API-related (49%), underscoring the inseparability of agent and API security.
The report also analyzed API breaches that occurred in Q1 2025. No industry was immune, as highlighted by breaches impacting organizations such as Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, National Health Service (NHS) UK, Microsoft, BeyondTrust, and OmniGPT.
Key findings include:
APIs are not just part of the attack surface — they are the attack surface. From legacy system exposures to AI-native risks, attackers are increasingly targeting APIs as both the entry point and objective. In order to protect themselves from these threats, organizations need to take proactive measures to ensure existing threat models account for the current environment and prioritize API security by updating API threat models and security workflows, creating Agentic AI security strategies, implementing real-time monitoring of API traffic, and updating both threat intelligence and API discovery methodology.
To download the full Q1 2025 API Threat Report, visit http://www.wallarm.com/press-releases/wallarm-unveils-findings-from-q1-2025-api-threat-report-uncovering-evolving-api-threats-across-multiple-industries
Share this:
Like this:
Related
This entry was posted on April 24, 2025 at 8:00 am and is filed under Commentary with tags Wallarm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.