A new report from API and AI security solutions company Wallarm finds that of around 4,700 security issues analyzed in Agentic AI projects, 49 percent were API-related, underscoring the inseparable nature of agent and API security.
The report also finds that over 1,000 issues in Agentic AI repositories remain unaddressed. 22 percent of reported security issues remain open too, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.
“In the first quarter of 2025, overall API threats continued to increase across multiple industries, from healthcare to AI and beyond,” says Ivan Novikov, CEO and co-founder of Wallarm. “Our research shows that AI agent security risk largely stems from APIs. Agentic AI presents the same problems as any other type of code, but agentic AI exhibits a large percentage of API-related vulnerabilities. We can’t address agentic AI security without directly addressing APIs.”
The report also analyzed API breaches that occurred in the first quarter of 2025. No industry was immune, as highlighted by breaches impacting organizations such as Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, National Health Service (NHS) UK, Microsoft, BeyondTrust, and OmniGPT.
The top five API breaches found span cloud, AI, automotive, and healthcare sectors, showing industry-wide concerns and urgent relevance to cybersecurity worldwide. With 60 percent of the top vulnerabilities found to be access control-related, this is an issue that remains prevalent across APIs.
In order to protect themselves from these threats, organizations need to take proactive measures to ensure existing threat models account for the current environment and prioritize API security by updating API threat models and security workflows, creating Agentic AI security strategies, implementing real-time monitoring of API traffic, and updating both threat intelligence and API discovery methodology.
You can get the full report on the Wallarm site.
Image Credit: Alexandersikov/Dreamstime.com
