In an interview this month, OpenAI CEO Sam Altman shared that one phrase has been stuck in his mind: “Every company is now an API company, whether it wants to be or not,” as AI agents transform software.
Craig Ridell, Field CISO, Wallarm commented, “Sam Altman’s statement…is framed as a technology milestone. It is more accurately a governance failure waiting to surface. APIs are no longer just how systems integrate. They are how modern businesses operate. Revenue flows through them, decisions are executed through them, and increasingly, AI agents act through them autonomously, at machine speed, and with minimal human oversight. From years of observing API abuse in production environments, one thing is clear: API security and AI or agent security are inseparable.“
Riddell observed that AI agents exploit APIs differently from human attackers.
“They authenticate correctly, follow documented workflows, and interact with trusted systems. The danger emerges over time, as agents chain actions, reuse access, and optimize outcomes in ways that quietly erode controls, expose sensitive data, or impact business operations. What looks acceptable in isolation becomes risky in aggregate,” he explained. “Traditional security approaches focus on individual requests, static schemas, and perimeter enforcement, controls designed for a world where humans were the primary actors. In an autonomous software environment, the unit of risk is behavioral patterns across sequences, identities, and systems.”
Wallarm’s newly released 2026 API ThreatStats Report shows just how much AI has impacted API risk. In fact, it found that APIs are the most exploited attack surface for businesses today.
The report emphasizes that AI security essentially equals API security. For instance, there were 2,185 AI-related vulnerabilities last year, with 786 overlapping API-related vulnerabilities. This stat shows that a whopping 36% of AI vulnerabilities involve APIs. The study also noted that in exploited vulnerabilities, the pattern persists: 36% of AI-related KEVs also involved an API attack surface.
The study explains that the API ThreatStats Top 10 indicates that bad actors lean most heavily on logic abuse, trust failures, and resource consumption over traditional code defects. In 2025, cross-site issues had the highest attack volume, while injections remained a high-impact, common threat, and broken access control kept enabling scalable exploitation.
Agentic AI also introduces a new control plane risk: model context protocol (MCP). MCP has clearly emerged as a top indicator of where API risk is going for organizations. Wallarm identified 315 MCP-related vulnerabilities in 2025, representing 14% of all published AI vulnerabilities.
The report found 97% of API vulnerabilities are exploited with just a single request, 98% are easy or trivial to exploit, and 99% are remotely exploitable. In more than half (59%) of cases, no authentication is required.
Wallarm’s breach analysis within the report supports the fact that the most damaging incidents aren’t driven by extremely sophisticated adversaries; they’re driven by common and repeatable methods.
Riddell advised, “For CISOs and security leaders, enabling AI safely requires rethinking where governance is applied. Identity alone is no longer sufficient. APIs are where these questions are answered, and the companies that succeed will treat them as living systems, governing outcomes, not just access, as AI agents become a core execution layer of the business.”
Join our LinkedIn group Information Security Community!
