Wallarm Report Finds MCP Risks Surging 270 Percent

API and AI security organization, Wallarm, recently released its Q3 2025 API ThreatStats Report, which found a significant rise in API vulnerabilities (20 percent) and a surge in Model Context Protocol (MCP) risks (270 percent).

Why API-related risks are now a significant business threat

According to Wallarm, the report’s findings reinforce the notion that API-related risks have evolved from a technical challenge into a systemic business threat, as threat actors increasingly exploit misconfigurations, authorization gaps, and AI integration flaws.

“The 270% rise in MCP-related vulnerabilities is a flashing red light,” said Ivan Novikov, CEO of Wallarm. “AI is deeply intertwined with APIs, and organizations aren’t yet prepared for how these AI interfaces expand the attack surface. Q3 data shows what we already know to be true, that AI security is API security.”

Among other key findings from the report are:

• 1,602 API-related vulnerabilities were disclosed in Q3, a 20 percent increase from Q2.
• AI-API vulnerabilities grew by 57 percent, driven by a significant increase in MCP vulnerabilities.
• Agentic AI vulnerabilities have risen 67 percent.
• Security misconfiguration (API8) accounted for 38 percent of all API flaws, up 33 percent from Q2.
• Authorization issues (API1 + API5) made up 28 percent of all API vulnerabilities.
• Sixteen percent of vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog were API-related.

“The trend toward increased AI-API vulnerabilities, and specifically MCP vulnerabilities, underscores the importance of applying traditional API security controls, such as authorization, authentication, and configuration hardening, to AI model-serving and inference endpoints,” the report states. “The preventative controls must be paired with effective discovery, as well as detection and blocking of attacks. As AI capabilities become more deeply embedded in enterprise architectures, the overlap between AI security and API security will continue to grow.”

Ongoing themes for Q3: API risk awareness growing faster than capabilities

Overall, the report states, Q3 “confirms that while awareness of API security risks is rising, consistent secure design and runtime enforcement remain elusive across industries.”

Among the main overall themes are:

• Security misconfigurations remain prevalent API weaknesses, underscoring gaps in secure deployment, hardening, and access control across exposed endpoints.
• High-severity CVSS scores highlight the potential for direct exploitation, particularly in production APIs that handle sensitive data or authenticate users.
• Authorization complexity will continue to challenge development teams, with both function-level and object-level access control errors contributing to systemic risk.
• Expansion from Q2 to Q3 highlights the growing visibility of APIs in security advisories and ongoing weaknesses in API governance and testing.

Business Logic Abuse (BLA) also shows growth

BLA attacks target flaws in how an application actually works, rather than exploiting flaws in code, such as more traditional injection or remote code execution.

The Q3 2025 API ThreatStats Report also highlights BLA as a growing cause of real-world API exploitation, cataloging attacks that target workflows, quotas, and state transitions instead of code-level flaws.

Rather than smuggling payloads, threat actors are manipulating workflows, states, roles, quotas, and lifecycles to attain privileged outcomes such as skipping steps, repeating one-time actions, or harvesting sensitive system signals.

In terms of where BLA is headed, these attacks are evolving rapidly as AI agents, shadow endpoints, and quota abuse turn logic into leverage.

• AI-assisted workflow abuse: Agentic tools will make it easier to discover edge-state transitions and orchestrate multi-step exploits at scale. The report suggests we can expect to see more CWOB and ALO against checkout, refunds, and coupon logic.
• Signal harvesting and data disclosure: Error codes, timing differences, and partial successes will be increasingly mined as ISD to plan precision fraud.
• Shadow endpoints and integrations: Legacy, mobile-only, and internal APIs will remain prime entry points. The AI-driven velocity of development worsens the problem over time.
• Quota economics: As consumption-priced APIs expand, threat actors will begin to target RQV directly. The report predicts that consumption pricing will soon become an attack vector that allows threat actors to directly impact the victim’s bottom line.

API security gaps and evolving AI-enabled threats are consistent threats to organizations and continue to grow as attack vectors widen. Learn more from Myriad360’s Field CISO on how partners can tackle these API security gaps.