Securing Agentic AI and Beyond — API Security

We recently released The Rise of Agentic AI, our API ThreatStats report for Q1 2025, finding that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their defenses. Keep reading to find out more. 

Agentic AI is the technology of the moment. It is the newest and most exciting AI frontier, able not just to answer queries but to actually act autonomously on behalf of human users. But, contrary to what one might expect, it shares the same security risks as many other types of code.

It’s important to understand that APIs are fundamental to Agentic AI workflows. 65% of the 2869 Agentic AI security issues we found during our GitHub analysis were API-related. This means that agent security and API security are inseparable. 

We see further evidence of this when categorizing agentic security issues by Common Weakness Enumeration (CWE). While use of Unmaintained 3^rd Party Components (CWE-937) came out on top, mirroring security issues in software more broadly, second and third place drive home the intrinsic link between agentic and API security – Improper Input Validation (CWE-20) and Uncontrolled Resource Consumption (CWE-400) are both prevalent API security risks. 

The takeaway here is that although the security issues are broadly the same, agentic AI does bring new, more significant risks. Because agents automate decision-making and can trigger high-privileged API calls at machine speed, every legacy flaw scales from a single incident to a self-driving breach. Agentic AI may invent a few new problems, but it certainly turbocharges old ones. 

As part of our ThreatStats report series, we analyze all the API-related breaches that occurred within the given quarter, and this quarter was no different. Here’s the top five from Q1 2025:

• Oracle Cloud (6M records): Attackers claimed to exploit an unpatched CVE-2021-35587 vulnerability in legacy login infrastructure – further proof that old, unpatched CVEs still present a threat. 
• Deepseek Database Leak (1M+ records): A publicly exposed database revealed API keys – a reminder that no authentication means no security, regardless of how novel the workload is. 
• Common Crawl Secrets Exposure (11,908 live secrets): A dataset used to train LLMs was found to contain thousands of live API secrets, calling attention to data risks in the software supply chain. 
• Volkswagen JWT Weakness (800K records): A weak JWT implementation opened a back door to user and vehicle data – a reminder that misconfigurations can cause havoc in even mature security environments.
• NHS UK Unauthenticated Endpoint: An unauthenticated API revealed reams of patient data – aging infrastructure and legacy APIs are still a recipe for disaster. 

The key takeaway? Breaches tied to misconfiguration, hardcoded secrets, and unauthenticated API access dominated this quarter – particularly in AI and healthcare sectors.

You might have noticed that four of this quarter’s top five breaches were essentially access control failures in disguise. What’s more, three of the leading agentic AI security issues –  CWE-285 (Improper Authorization), CWE-284 (Improper Access Control), and CWE-287 (Improper Authentication) – are access control-related, while 209 CVEs fell into API5: Broken Access Control, making up the largest slice of Wallarm’s API Top 10 API CVEs. 

So, what can organizations do to protect themselves? Here are our top tips: 

• Refresh API Threat Models Every Quarter: This is important for keeping your risk picture aligned with evolutions in the cloud, third-party services, and AI integrations. 
• Monitor API Traffic in Real Time and Block Anomalies: Immediate detection and response is crucial for keeping pace with shrinking exploitation windows. 
• Enrich Threat Intelligence Feeds with API-Specific Data: Incorporating CISA KEV updates, third-party disclosures, and Wallarm ThreatStats can help spot weaponized CVEs early. 
• Evolve API Discovery Methods to Include AI Endpoints: Agentic AI plugins and shadow services can appear overnight; inventory is step one for securing them.
• Craft a Dedicated Strategy for Agentic AI: Autonomous agents are useful, but dangerous. They need tailored guardrails.
• Prioritize API Security Investments: It’s essential to allocate budget to tools and training for real-time blocking, automated testing, secret-scanning, and schema enforcement. 
• Establish and Enforce Clear API Security Policies: Standardize authentication, authorization, data protection, and deployment guidelines across all development teams.

The bottom line? Both CISOs and practitioners must double down on visibility and proactive control to ensure that emerging, AI-driven risks don’t outpace classic best practices. 

‍The stark reality is this: APIs are the new attack surface. Forget perimeter-centric thinking. From exposing legacy systems to the burgeoning risks of Agentic AI, attackers are relentlessly targeting APIs—as both the gateway and the price. Organizations need to come to terms with this reality and act accordingly.To download the full Q1 2025 API Threat Report, click here.