In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.

In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.

In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.

In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.

In Q3 2025, authorization issues made up 28% of all API vulnerabilities.

In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.

In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.

6% of organizations conduct threat modeling to assess the effectiveness of their API security measures.

25% of organizations said APIs are used to create new revenue streams.

A small but notable 6% of organizations indicated their API volume more than tripled (301%+) in just 12 months.

41% of organizations cited vulnerabilities as the most common API security problem.

42% of organizations identified reduced engineering overhead as a channel through which revenue comes from APIs.

39% of organizations adhere to the NIST Cybersecurity Framework for API development and deployment.

59% of human developers/applications are designed for humans.

2% of respondents expressed other security concerns about using Generative AI to develop APIs.

56% of respondents cited a lack of control over AI model security used for code generation.

35% of respondents cited difficulty ensuring quality and reliability of AI-generated code.

15% of organizations are very confident in detecting and responding to attacks leveraging Generative AI.

55% of organizations were somewhat confident in their ability to detect and respond to attacks leveraging Generative AI.

5% of organizations did not know about their ability to detect and respond to attacks leveraging Generative AI.