Report: APIs, Not Models, Are the Biggest AI Security Risk

Writer: Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

Editor: Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

Reviewer: Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
2.7k
1k

“If an attacker could control only one part of your infrastructure, they would pick your APIs.”

This is the first sentence of this year’s Wallarm’s API ThreatStat™ Report, which was released in mid-February. It’s a smart opener — it captures the attention, yes, but it also speaks to an extremely apparent trend.

Wallarm found that 36% of AI vulnerabilities involve APIs and 36% of AI-related exploited vulnerabilities also involve APIs.

3D pie chart titled “KEV Distribution” showing API-related vulnerabilities at 43%, AI-related vulnerabilities at 24%, and a 36% overlap between API and AI categories
API-related vulnerabilities account for 43% of known exploited flaws, with a 36% overlap between API and AI-related incidents. Source: Wallarm

The company says this is no coincidence, noting that “AI-related weaknesses do not become less API-centric as attacks progress. They become more operationally visible through APIs.”

So, if AI has a weakness, odds are it runs through an API. Add to that the finding that 15% of all API breaches in 2025 involved AI platforms, and one thing is clear.

AI has been long accused of “creating” new attack surfaces, but this report tells us that’s not the case. It just amplified the ones that already existed.

Know Your APIs and AIs

AI systems are, to put it simply, gigantic API consumers. Tools like your favorite GPT model, model-serving endpoints, integrations, and management UIs are all delivered via APIs. So when APIs and AI are so interconnected, security around AI has to include APIs,and vice versa.

The discrepancy between authentication required and how often APIs are vulnerablized is a fast reality check on how weak identity controls still are. Source: Wallarm

Because data constantly tells us that treating them as separate risk categories is becoming unrealistic. We at HostingAdvice have reported extensively on API security and its weak points, especially involving AI, but according to Wallarm alone:

  • 97% of API vulnerabilities can be exploited with a single request
  • 98% are “easy” or “trivial” to exploit
  • 99% are remotely exploitable
  • And yet, 59% require no authentication at all

If more than half of API vulnerabilities don’t even require credentials, how are they “protected”?

It’s as the report said: “Most API vulnerabilities are ‘fast, remote, and trivial to exploit,’” suggesting that we may be building things faster than we can secure them.

Abuse of Trust > Depending on Bugs

Historically, cyberattackers have always moved to where the least amount of attention is focusing.

Wallarm notes that, for a long time, cybersecurity focused on things like injections, memory corruptions, and cross-site issues as major vulnerabilities. But attackers have always been more interested in the most exploitable part of the system, which is often the area that goes unchecked the most.

Still, according to its research, injections and cross-site issues remain near the top, but other categories — like insecure resource consumption and SSRF — are skyrocketing as well.

Cross-site issues now lead the API risk rankings in 2025, with several other threats moving year over year. Source: Wallarm

And since AI systems are usually API-first, every single time information is shared between a site or system and that tool opens a new endpoint. According to the report, attackers are now:

That last one has been a big problem lately. Somewhere around 70% more control panel API vulnerabilities have grown over the past year.

Loose Permissions, Big Consequences

When we talk about control panels in this context, we’re really pointing to the Model Context Protocol (MCP).

Though similar in orchestration to a hosting control panel, it basically functions as a control layer for AI agents, deciding which tools they can use and the actions they’re allowed to do.

Wallarm referenced a real MCP AI vulnerability in which a simple API flaw exposed more than 3,000 MCP servers powering AI tools. The how must be embarrassing for that company because it wasn’t overly sophisticated. They just set their API permissions too loosely.

Despite its recency, MCP is fast-becoming a new API attack surface. Source: Wallarm

So while APIs may “just” connect infrastructure to applications, they, in reality, act like keys. And that’s tough news for hosting providers because it’s yet another responsibility of security that will have to rest on their shoulders.

But Wallarm does have some advice for providers.

To secure your AI, you absolutely have to secure the API giving those agents their tools and context. That sounds obvious, but apparently it’s not.

Not every request should be treated as normal just because it has a token. Identity is the key to the sauce here, so hosts may want to consider smaller tokens and rate limiting, especially when the same IP is requesting at the same endpoint over and over.

And a good rule of thumb is if something looks automated, it probably is. It’s as the report says: “As automation increases, control failures delegate power to attackers.”

About the Author

Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

« BACK TO: BLOG

Meet the Experts

Our team of experts with a combined 50+ years of experience in web hosting serve insight and advice to more than 20 million users!

We Know Hosting

$

4

8

,

2

8

3

spent annually on web hosting!