API Attacks Surge as AI Expands the Blast Radius; Wallarm Flags MCP Risk

APIs now lead attack campaigns and AI-driven agents are widening the window for damage. Wallarm’s review of more than 60,000 disclosed flaws recorded roughly 11,000 API-related issues (about 17%), while CISA entries attributed 43% of exploited vulnerabilities in 2025 to APIs.

Exploitability metrics are stark: the vast majority of API flaws are trivial to weaponize, often with a single HTTP call and without credentials. High-profile incidents affecting 700Credit, Qantas, and Salesloft illustrate how exposed interfaces translate to large-scale data theft and operational impact.

A fast-growing vector is the control-plane concept known as the Model Context Protocol (MCP), which links language models to tools and data sources. Wallarm logged 315 MCP-related faults in 2025 and observed a 270% jump from Q2 to Q3, signaling rapid risk accumulation as adopters deploy bespoke MCP servers.

MCP weaknesses typically combine three conditions: agents given broad privileges, APIs exposed without sufficient hardening, and a lack of runtime policy enforcement. Those three failure modes let attackers control autonomous flows rather than only attacking isolated endpoints.

Beyond raw vulnerability counts, improvements in generative models and coordinating agents are shortening the gap between disclosure and practical exploitation. Programmatic reconnaissance and agentic toolchains let adversaries quickly stitch contextual information and craft multi-step attacks that abuse logic and trust rather than relying on subtle code defects.

The human attack surface is changing too: high-fidelity synthetic media and automated persona generation make credential theft and session hijacking more valuable, because forged artifacts and convincing lures can turn stolen access into persistent, high-quality footholds. Commodity AI toolkits lower the skill floor, enabling a larger pool of operators to execute sophisticated, adaptive playbooks.

This shift pushes defenders away from purely signature-based controls toward behavioral telemetry, cross-domain signal fusion (endpoint, identity, cloud, browser), and faster containment and validation workflows. Wallarm recommends prioritizing runtime enforcement, strict token and session governance, least-privilege for agents, and continuous API posture monitoring—controls that limit what an attacker can do even after initial access.

Operational controls gaining traction include agent identity attestation, human-in-the-loop gates for high-impact actions, and multi-party verification for sensitive data flows. Together these measures constrain autonomous workflows and reduce the value of weaponized synthetic content.

Regulatory pressure and incident disclosures are already changing incentives: faster breach disclosure and stiffer penalties increase the cost of lagging mitigation, while investment is flowing into resilient, verifiable automation and tools that enable deterministic recovery.

In short, APIs and emerging control-plane standards like MCP concentrate risk in configurable server implementations, and AI accelerates adversary operations—so organizations must couple behavioral detection with strict governance to blunt an expanding blast radius.

• Total disclosures analyzed: 60,000+
• API-related vulnerabilities: 11,000 (~17%)
• CISA KEV share attributed to APIs: 43%
• MCP-related vulnerabilities (2025): 315
• MCP Q2→Q3 growth: 270%
• Exploitability: 97% single-request, 98% easy/trivial, 99% remotely exploitable, 59% require no authentication