{“lastseen”:”2025-08-28T11:02:23″,”description”:”API security has never been more crucial. Vulnerabilities are growing in volume and severity. AI integrations are a burgeoning attack vector. Increasing GraphQL adoption presents hidden dangers. To protect your organization, you must secure your APIs. \\n\\nKeep reading for our key takeaways from the Wallarm Q2 2025 API ThreatStats report \u2013 and find out what you need to do to protect yourself. \\n\\n## The Hidden Risk of GraphQL\\n\\n70% of organizations now use GraphQL. And yet, there were no GraphQL-specific breaches reported in Q2 2025. If that sounds suspicious, it\u2019s because it is. \\n\\nGraphQL slashes payload sizes by up to 99% and offers clients powerful, flexible control over data. However, that same flexibility opens the door to excessive data exposure, denial of service from nested queries, and resolver-level authorization bypasses. \\n\\nGraphQL Risks\\n\\nWhat\u2019s more, considering that its single dynamic endpoint obscures visibility for traditional security controls, it\u2019s safe to assume that attackers are already exploiting introspection, deep nesting, and injection flaws in poorly secured GraphQL deployments. \\n\\nSo why were there no GraphQL breaches in Q2 2025? \\n\\nIt\u2019s not because GraphQL is safe; it\u2019s likely because organizations are failing to accurately detect and attribute breaches. Traditional API security tools often fail to support GraphQL, and, as such, organizations should treat it as a unique class of API architecture requiring specialized protections. That includes: \\n\\n * Disabling or secure introspection in production. \\n * Enforcing query cost analysis and depth limiting. \\n * Authenticating and authorizing at the field and resolver level. \\n * Monitoring query patterns for abnormal complexity or access attempts\\n\\n\\n\\n## API Flaws are Rising Fast \u2013 And Attackers are Exploiting Them\\n\\nAPIs security is growing more important by the day. In the second quarter of 2025, we saw a 9.8% increase in API-related CVEs compared to Q1, with 639 vulnerabilities disclosed between April and June up from 582 in Q1. \\n\\nOf course, we can attribute much of this rise to the increasing volume of APIs in production, but the real story is that attackers are becoming more aware of their inherent vulnerabilities – particularly in the way they integrate with tools and AI systems. \\n\\nAI-specific API vulnerabilities rocketed again from Q1 to Q2: we identified 34 CVEs tied directly to AI APIs this quarter, up from just 19 in Q1. It\u2019s a drum we\u2019ve been banging for a while now, but the key takeaway here is that **AI security is API security****.**\\n\\n\\n\\nBut it\u2019s not just that API vulnerabilities are more becoming more common, they\u2019re also becoming more severe: \\n\\n * Roughly one-third of all CVEs were Critical, typically enabling remote code execution, token leakage, or insecure deserialization.\\n * Another one-third were classified as High, involving issues like authorization bypass and sensitive data exposure.\\n * The remaining vulnerabilities were Medium or Low severity but still pose risk when combined in chained exploits or business logic abuse scenarios.\\n\\n\\n\\nAnd, although the total number of API-related Known Exploited Vulnerabilities (KEVs) fell from Q1 to Q2 2025, they proportionally increased from 20% to 22% of all confirmed in-the-wild exploits in the quarter. But how are attackers exploiting these vulnerabilities? \\n\\n## The API Flaws Attackers Can\u2019t Stop Exploiting\\n\\nThe most exploited API flaws in Q2 reveal a familiar pattern of weak access controls, token mishandling, and injection risks: \\n\\n * **Unauthenticated Access Points:** Several API vulnerabilities exploited in the wild allowed access without requiring credentials highlighting the risks of exposed endpoints and default configurations.\\n * **Broken Authorization:** A majority of API-related KEVs exploited BOLA (Broken Object Level Authorization), where APIs validated identity but failed to restrict object-level access.\\n * **Token Abuse and Session Hijacking:** Some APIs exposed token mechanisms that could be reused or escalated to higher privileges.\\n * **Injection and Execution Flaws:** KEVs involving GraphQL resolvers and shell-exposed endpoints revealed command injection or insufficient query sanitization.\\n\\n\\n\\nWhat, then, should organizations do to protect themselves? \\n\\n## Key Takeaways for Security Leaders \\n\\nIn light of these findings, organizations should take the following steps to secure their APIs:\\n\\n### Get Complete API Visibility\\n\\nYou can\u2019t defend blind spots. Continuously uncover every API \u2013 internal, external, AI-drivem, or shadow \u2013 and pair discovery with schema ownership and real-time usage monitoring. \\n\\n### Lock Down Your AI Stack\\n\\nSecure every stage of your AI pipeline, from ingestion to inference. Disable default endpoints, enforce fine-grained access controls, and keep orchestration pipelines under watch. \\n\\n### Strengthen Auth at Every Layer \\n\\nGranular access policies aren\u2019t optional. Many of Q2\u2019s biggest breaches happened because exposed APIs lacked proper authentication or authorization. \\n\\n### Test Beyond the Schema\\n\\nStatic checks like schema validation are no longer sufficient. You must simulate misuse to catch logic flaws, sequence abuse, and role escalation through behavior-based testing. \\n\\n## Protect the Full API Lifecycle\\n\\nSecurity doesn\u2019t work if it\u2019s bolted on. Integrate testing early in development and pair it with real-time runtime protection to safeguard APIs from code to production. \\n\\n\\nThe post The API Security Reality Check: Key Takeaways from Q2 2025 API ThreatStats Report appeared first on Wallarm.”,”published”:”2025-08-28T11:00:00″,”modified”:”2025-08-28T11:00:00″,”type”:”wallarmlab”,”title”:”The API Security Reality Check: Key Takeaways from Q2 2025 API ThreatStats Report”,”source”:””,”references”:””,”id”:”WALLARMLAB:B062E0F312B9C144C7C1F8156096ACBB”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/lab.wallarm.com\/api-security-reality-check-key-takeaways-from-q2-2025-api-threatstats-report\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-28T11:02:23″,”description”:”API security has never been more crucial. Vulnerabilities are growing in volume and severity. AI integrations are a burgeoning attack vector. Increasing GraphQL adoption presents…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,5,105],"class_list":["post-14686","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-wallarmlab"],"yoast_head":"\n