74% of security practitioners believe that AI sprawl will significantly exceed the risks associated with API sprawl.

82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.

In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.

In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.

In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.

In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.

In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.

In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.

In Q3 2025, authorization issues made up 28% of all API vulnerabilities.

79% of API keys found in open-source MCP server implementations are passed via simple environment variables.

53% of open-source Model Context Protocol (MCP) server implementations rely on insecure, long-lived static secrets, such as API keys and Personal Access Tokens (PATs).

23% of organizations plan to adopt GenAI within the next 6–12 months for API development.

39% of organizations adhere to the NIST Cybersecurity Framework for API development and deployment.

43% of fully API-first organizations generate more than 25% of total revenue from APIs.

23% of organizations identify leveraging AI/ML capabilities for business insights or automation as a main driver behind the use of APIs.

52% of organizations identify development efficiencies and/or standardization as a main driver behind the use of APIs.

42% of organizations reported managing 101–500 APIs.

26% of developers spend more than 20 hours a week on API-related tasks.

36% of developers lack trust in AI systems.

11% of organizations raised their API security budgets by 16–20%.