#United States #San Francisco #API Security #Wallarm #MCP Risks

Wallarm Releases Q3 2025 API ThreatStats Report

On October 30, 2025, Wallarm, a pioneer in API and AI security, revealed alarming trends in its Q3 2025 API ThreatStats Report. According to the report, API-related vulnerabilities experienced a substantial 20% increase quarter-over-quarter, while vulnerabilities related to the Model Context Protocol (MCP) surged by an astonishing 270%. The implications are profound, marking a significant escalation in the exposure of businesses to API-associated AI risks.

The Shift from Technical Issues to Systemic Threats

The findings of the report highlight a critical transformation in the API security landscape. No longer merely a technical issue, API risks have evolved into a systemic business threat. Cybercriminals are increasingly exploiting misconfigurations, gaps in authorization, and flaws in AI integrations within modern digital ecosystems. As the report underscores, the interplay between API security and AI security is more crucial than ever.

Ivan Novikov, CEO of Wallarm, articulated the urgency of the situation, stating, "The 270% rise in MCP-related vulnerabilities is a flashing red light. AI is deeply intertwined with APIs, and organizations aren't yet prepared for how those AI interfaces expand the attack surface. Q3 data shows what we already know to be true, that AI security is API security." This sentiment is echoed throughout various industries as enterprises grapple with a continuously evolving digital threat landscape.

Key Findings from the Q3 2025 API ThreatStats Report

The report presents several striking statistics:

• - 1,602 API-related vulnerabilities were disclosed in Q3, marking a 20% increase from Q2.
• - Vulnerabilities associated with AI-APIs grew 57%, driven primarily by the explosive rise in MCP vulnerabilities (+270%).
• - Agentic AI vulnerabilities saw an increase of 67%, indicating emergent risks tied to autonomous orchestration technologies.
• - The most prevalent category of flaws, security misconfiguration (API8), constituted 38% of all API vulnerabilities and rose 33% from the previous quarter.
• - Issues related to authorization (API1 + API5) comprised 28% of the API vulnerabilities documented.
• - Notably, 16% of the vulnerabilities added to the CISA's Known Exploited Vulnerabilities (KEV) catalog were linked to APIs.

The Convergence of MCP, AI, and API Risks

This report introduces the significant expansion of Model Context Protocol (MCP) vulnerabilities, which serve as a new layer connecting AI agents and backend systems. MCP vulnerability incidents increased dramatically, highlighting their crucial role in expanding the attack surface as they facilitate interactions between AI agents and APIs. This connection needs to be addressed proactively by organizations to avoid severe ramifications in the future.

Rise of Business Logic Abuse

Additionally, the report emphasizes the growing trend of Business Logic Abuse (BLA), which is now a primary cause of real-world API exploitation. Attackers are shifting their focus from exploiting flaws at the code level to manipulating workflows, quotas, and state transitions, which allows them to evade detection. Incidents of BLA showcase how a single vulnerability can lead to significant cross-platform compromise.

Conclusion

The full Q3 2025 API ThreatStats Report is now available for public access at Wallarm's Website. Given the explosive growth of API vulnerabilities and emerging risks, it is imperative for organizations to bolster their API security strategies. Wallarm remains committed to protecting enterprises from these evolving threats, providing robust solutions that integrate API and AI security for comprehensive protection.

About Wallarm: Wallarm is the only platform that delivers unified solutions for API and agentic AI security, seamlessly deployed in enterprise settings. Wallarm is trusted by organizations to shield their API and AI agents with real-time blocking and innovative AI/ML-based detection mechanisms. Headquartered in San Francisco, California, Wallarm is supported by prominent investors, including Toba Capital, Y Combinator, and Partech.