As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats™ Report reveals critical trends and developments that are reshaping the security environment. Continuing from our Q1 findings, the surge in AI API vulnerabilities is not only persisting but intensifying, with an alarming increase in both the volume and severity of exploits. This quarter, we provide a deep dive into the most significant AI API exploits and examine the top API threat types that have emerged.
As we highlighted in last quarter’s API ThreatStats™ Report, the integration of AI into various applications has brought new risks, with API attacks on AI systems accelerating at an unprecedented rate. The Q2 report reveals a threefold increase in vulnerabilities within well-known AI systems, highlighting the urgent need for enhanced security measures in this space. The rapid growth of AI APIs in the digital ecosystem has exposed organizations to new, often overlooked, risks. This is a trend that we believe will continue.
One of the most surprising findings this quarter is the significant security risks introduced during mergers and acquisitions (M&A). The report details how ongoing M&A processes have exposed multiple organizations to considerable threats. Notable incidents include breaches at platforms like TestRail (Atlassian), HelloSign (Dropbox), Duo (Cisco), and Authy (Twilio). These cases underscore the critical importance of thorough security assessments and stringent protocols during M&A transitions.
Despite the widespread adoption of JWT for securing API communications, improper implementation continues to pose serious security challenges. This quarter, we identified several key issues, including:
These findings illustrate the ongoing difficulties in properly implementing JWT, even as its use becomes more prevalent across industries.
The Q2, 2024 API ThreatStats™ Report also highlights several critical vulnerabilities in well-regarded platforms:
Grafana: Despite its strong security focus, Grafana was found to have multiple critical vulnerabilities this quarter, including issues that allowed outside organizations to delete snapshots using its key, a directory traversal flaw in .csv files, and several OAuth-related vulnerabilities, such as account takeovers and token leaks.
AI API Exploits: The AnythingLLM API was found to have vulnerabilities allowing arbitrary file deletion due to path traversal in the logo photo feature, and remote code execution via environmental variables. Additionally, ZenML had a directory traversal vulnerability that permitted unauthorized access to sensitive files.
These cases highlight that even platforms with a robust security posture aren’t immune to flaws, reinforcing the need for continuous monitoring and proactive security practices.
To help organizations strengthen their API security programs, the Q2 ThreatStats™ Report also provides actionable insights and recommendations. From assessing API risks to prioritizing fixes, these steps are designed to mitigate the risks posed by emerging threats and vulnerabilities.
Stay ahead of the curve by staying informed about the latest developments in the API threat landscape. As these trends continue to evolve, so too must our approaches to security, ensuring that our digital ecosystems remain resilient against ever-changing threats.
Please take a look at the report and let us know what you think.
Your board wants AI. Your developers are building with it. Your budget committee is asking…
AI systems are no longer just isolated models responding to human prompts. In modern production…
Broken authorization is one of the most widely known API vulnerabilities. It features in the…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled…
API security has been a growing concern for years. However, while it was always seen…
It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his…