
API Attacks Surge as AI Expands the Blast Radius; Wallarm Flags MCP Risk
APIs now lead attack campaigns and AI-driven agents are widening the window for damage. Wallarm’s review of more than 60,000 disclosed flaws recorded roughly 11,000 API-related issues (about 17%), while CISA entries attributed 43% of exploited vulnerabilities in 2025 to APIs.
Exploitability metrics are stark: the vast majority of API flaws are trivial to weaponize, often with a single HTTP call and without credentials. High-profile incidents affecting 700Credit, Qantas, and Salesloft illustrate how exposed interfaces translate to large-scale data theft and operational impact.
A fast-growing vector is the control-plane concept known as the Model Context Protocol (MCP), which links language models to tools and data sources. Wallarm logged 315 MCP-related faults in 2025 and observed a 270% jump from Q2 to Q3, signaling rapid risk accumulation as adopters deploy bespoke MCP servers.
MCP weaknesses typically combine three conditions: agents given broad privileges, APIs exposed without sufficient hardening, and a lack of runtime policy enforcement. Those three failure modes let attackers control autonomous flows rather than only attacking isolated endpoints.
Beyond raw vulnerability counts, improvements in generative models and coordinating agents are shortening the gap between disclosure and practical exploitation. Programmatic reconnaissance and agentic toolchains let adversaries quickly stitch contextual information and craft multi-step attacks that abuse logic and trust rather than relying on subtle code defects.
The human attack surface is changing too: high-fidelity synthetic media and automated persona generation make credential theft and session hijacking more valuable, because forged artifacts and convincing lures can turn stolen access into persistent, high-quality footholds. Commodity AI toolkits lower the skill floor, enabling a larger pool of operators to execute sophisticated, adaptive playbooks.
This shift pushes defenders away from purely signature-based controls toward behavioral telemetry, cross-domain signal fusion (endpoint, identity, cloud, browser), and faster containment and validation workflows. Wallarm recommends prioritizing runtime enforcement, strict token and session governance, least-privilege for agents, and continuous API posture monitoring—controls that limit what an attacker can do even after initial access.
Operational controls gaining traction include agent identity attestation, human-in-the-loop gates for high-impact actions, and multi-party verification for sensitive data flows. Together these measures constrain autonomous workflows and reduce the value of weaponized synthetic content.
Regulatory pressure and incident disclosures are already changing incentives: faster breach disclosure and stiffer penalties increase the cost of lagging mitigation, while investment is flowing into resilient, verifiable automation and tools that enable deterministic recovery.
In short, APIs and emerging control-plane standards like MCP concentrate risk in configurable server implementations, and AI accelerates adversary operations—so organizations must couple behavioral detection with strict governance to blunt an expanding blast radius.
- Total disclosures analyzed: 60,000+
- API-related vulnerabilities: 11,000 (~17%)
- CISA KEV share attributed to APIs: 43%
- MCP-related vulnerabilities (2025): 315
- MCP Q2→Q3 growth: 270%
- Exploitability: 97% single-request, 98% easy/trivial, 99% remotely exploitable, 59% require no authentication
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
U.S. security roundup: AI-enabled attacks rise, 277 water systems flagged, Disney hit with $2.75M fine
Adversaries are increasingly integrating generative models and automated agents into fast-moving attack chains while federal disclosures and vendor research expose concrete infrastructure and supply‑chain gaps—from 277 vulnerable water utilities to a configuration flaw affecting about 200 airports. Regulators and vendors responded with fines, guidance and new attribution frameworks, but rapid exploit timelines and legacy OT constraints mean systemic exposures will persist without accelerated patching, stronger identity controls and tighter vendor oversight.
US and Global Outlook: AI Is Rewiring Malware Economics and Attack Paths for 2026
Advances in agentic and generative AI are accelerating attackers’ ability to discover vulnerabilities, craft tailored exploits, and scale precise intrusions, while high‑fidelity synthetic media amplifies social‑engineering at industrial scale. Organizations that rely solely on basic hygiene will be outpaced; defenders must combine rigorous fundamentals with identity‑first controls, behavioral detection, and governed AI playbooks to blunt this shift.

