MCP vulnerabilities increased by 270% from Q2 to Q3 (lab.wallarm.com)

Wallarm’s Q3 2025 API ThreatStats shows API risk accelerating: researchers found 1,602 API vulnerabilities (up 20% QoQ) with an average CVSS of 7.4. Security misconfiguration led with 605 cases (+33%), broken authorization accounted for ~28% of flaws, and broken authentication rose sharply. AI-related APIs jumped 57% (77→121), while Model Context Protocol (MCP) flaws—targeting model-serving and inference pipelines—spiked 270%, indicating attackers rapidly learning to exploit ML endpoints. Real-world impact is clear: 8 of 51 new CISA KEV entries were API-related, and eight major breaches (including the Salesloft/Drift OAuth cascade, a $41M SwissBorg loss, BOLA at RBI, and exposed HR chatbot data at McDonald’s via Paradox.ai) show attackers chaining token theft, logic flaws, and partner integrations to escalate damage. For the AI/ML community this shifts the threat model: AI-API integrations expose not only data but business logic, workflows, and trust chains, making traditional WAFs and static scanners insufficient. Wallarm urges treating API security as first-class—inventory and telemetry in executive dashboards, unified AppSec governance, behavior-aware monitoring for business logic abuse (OWASP BLA Top 10), active discovery of shadow APIs, CI/CD abuse simulations, and instrumenting model endpoints and agentic systems like privileged services. In short: AI security is now API security—protect inference and orchestration layers before attackers turn models into an entry point for cascadeable breaches.