AI use drives APIs to become the main attack surface
A new report reveals that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks.
The survey from Wallarm, of 200 US-based enterprise leaders on AI and API security, finds over 53 percent report engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks.
It uncovers a massive 1,205 percent surge in AI vulnerabilities, with nearly all directly tied to APIs. Researchers tracked 439 AI-related CVEs and 99 percent of these are directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI’s reliance on high-performance binary APIs.
"Based on our findings, what is clear is that API security is no longer just a technical challenge -- it's now a business imperative," says Ivan Novikov, CEO and co-founder of Wallarm. "API related security flaws are fueled by the adoption of AI, as APIs are the critical interface between AI models and the applications they power. However, this rapid growth has exposed significant vulnerabilities. For instance, we found that 57 percent of AI-powered APIs were externally accessible, and 89 percent relied on insecure authentication mechanisms. Of particular concern is that only 11 percent had robust security measures in place, leaving most endpoints vulnerable. In today’s environment, organizations cannot afford to not secure their APIs. Failure to do so means they are exposing themselves to grave risks that can result in costly technical vulnerabilities and reputational and operational crises."
See also:
- Mobile intelligence APIs open up visibility into enterprise mobile security data
- Why GraphQL is a serious alternative to the REST API [Q&A]
- Newly launched APIs found by attackers in under 30 seconds
More than 50 percent of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30 percent increase from the year before, and this highlights the growing prevalence and criticality of API security in modern threat environments.
While legacy APIs such as those used in Digi Yatra and Optus incidents remain vulnerable due to outdated designs, modern RESTful APIs are equally at risk due to complex integration challenges and improper configurations.
The full report is available from the Wallarm site.
Image Credit: Alexandersikov/Dreamstime.com