Wallarm’s Q1 2025 API Threat Report Highlights Significant Security Risks in Agentic AI and Other Industries

Wallarm’s Q1 2025 API Threat Report

In a groundbreaking announcement, Wallarm, a leader in API and AI security solutions, unveiled the findings of its Q1 2025 API ThreatStats report, titled The Rise of Agentic AI. This report reveals an alarming increase in API-related threats across various industries, exacerbated by the rise of agentic AI systems, expanding cloud-native infrastructures, and growing software supply chain vulnerabilities.

Key Findings

According to Wallarm CEO and Co-Founder Ivan Novikov, the issues linked with agentic AI security largely arise from APIs. Drawing from an extensive analysis of GitHub security issues dating back to 2019, Wallarm researchers discovered that a staggering 65% of the 2,869 security issues examined in Agentic AI projects were API-related. This statistic highlights an essential connection between the security of agentic AI and API management, suggesting that organizations cannot effectively tackle the threats posed by agentic AI without also addressing their API vulnerabilities.

The report provides an in-depth review of API breaches reported in Q1 2025, illustrating that no sector is immune. Notable breaches affected numerous high-profile organizations, including Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, the NHS in the UK, Microsoft, BeyondTrust, and OmniGPT, further stressing the urgent necessity for organizations to bolster their cybersecurity strategies.

A Closer Look at Vulnerabilities

Among the critical findings from the report, 25% of reported security issues remain unresolved, with some persisting for over 1,200 days. This significant time gap underscores a troubling delay between vulnerability detection and resolution. An even more pressing concern is that 60% of the top vulnerabilities identified were related to access control, emphasizing that many APIs are susceptible to unauthorized access.

Moreover, the data indicates that as APIs increasingly form the backbone of agent-centric workflows, they are not merely components of the attack surface; they comprise the attack surface itself. The evolution of APIs means they are attractive targets for attackers, who exploit both legacy and AI-specific vulnerabilities. The implications of these trends compel organizations to adopt proactive security measures immediately.

Recommendations for Enhanced Security

For organizations to effectively mitigate these threats, Wallarm advises taking proactive steps, such as:
1. Updating Threat Models: Organizations should revise their existing threat models to incorporate the current threat landscape and the unique risks associated with APIs.
2. Developing Security Strategies: Implementing targeted security strategies specifically for agentic AI systems is vital in addressing the tactile vulnerabilities that arise from merged AI and API functionalities.
3. Real-Time Monitoring: Continuous monitoring of API traffic aids in identifying anomalies that could signify a security breach, thus enabling timely responses.
4. Enhanced Discovery Methodologies: Updating threat intelligence and improving API discovery methods will further reinforce an organization’s defenses against API-related attacks.

In conclusion, the findings from Wallarm’s Q1 2025 API Threat Report present a sobering view of the evolving API landscape and its implications for cybersecurity. Stakeholders across industries must prioritize API security and integrate robust measures that address the vulnerabilities exposed by the rise of agentic AI.

To access the complete Q1 2025 API Threat Report and gain further insights, visit Wallarm’s official website.

About Wallarm

Wallarm is renowned for providing a unified platform for API and agentic AI security, effectively deployed in enterprise production environments. With their advanced approach, customers can swiftly defend against API attacks, capitalizing on real-time blocking and AI/ML-driven abuse detection. Headquartered in San Francisco, California, Wallarm enjoys backing from notable investors such as Toba Capital, Y Combinator, and Partech.