SecurityWeek’s Cyber Insights 2026 examines skilled opinions on the anticipated evolution of greater than a dozen areas of cybersecurity curiosity over the subsequent 12 months. We spoke to a whole bunch of particular person consultants to achieve their skilled opinions. Right here we discover securing Software programming interfaces (APIs), with the aim of evaluating what is occurring now and getting ready cybersecurity groups for what lies forward in 2026 and past.
Software programming interfaces (APIs) are important to the operation of a related cyberworld. “APIs have grow to be the connective tissue of recent expertise and are a part of our complete digital world,” explains Chrissa Constantine, senior cybersecurity answer architect at Black Duck. “Some latest estimates present that roughly 83% of web site visitors flows by means of APIs, which displays how APIs are deeply related in our digital lives.”
Chrissa Constantine, Senior Cybersecurity Answer Architect at Black Duck.
Randolph Barr, CISO at Cequence Safety, provides, “In some ways, 2026 will mark a part by which APIs transfer from ‘only a supply mechanism’ to the operational spine of digital enterprise, particularly in a world more and more dominated by agentic AI and monetization imperatives.”
Something so ubiquitous and necessary will appeal to cyberattacks. In July 2024, Akamai monitored 26 billion assaults concentrating on APIs in June 2024 alone, a part of a 49% progress from Q1 2023 to Q1 2024.
Right here’s the rub. It’s going to get a lot worse in 2026 – and largely due to agentic AI.
The increasing API assault floor
The first motive for the rise in API assaults might be a brand new surge within the variety of APIs, and the place and the way they’re used. “We’re now coming into a brand new API growth. The earlier wave was pushed by cloud adoption, cell apps, and microservices. Now, the rise of AI brokers is fueling a speedy proliferation of APIs, as these methods generate huge, dynamic, and unpredictable requests throughout enterprise functions and cloud providers,” feedback Jacob Ideskog, CTO at Curity.
The growth in enterprise use of agentic AI is creating a good larger growth within the proliferation of APIs.
Neil Roseman, CEO at Invicti, provides, “The rise of agentic AI – AI methods able to autonomous reasoning and process execution – is multiplying the variety of APIs in use. Every agent requires APIs to entry information, set off workflows, and work together throughout functions. This introduces new challenges: dynamically generated APIs which might be tough to stock, hidden AI-to-AI communications, and elevated danger of delicate information publicity by means of mannequin integrations. The result’s a good bigger, extra unstable assault floor that conventional safety instruments can’t sustain with.”Commercial. Scroll to proceed studying.
Enterprises are speeding to harness the autonomous energy of AI, typically with an excessive amount of haste and never sufficient understanding.
Randolph Barr, CISO at Cequence Safety
Barr explains in additional element: “The enterprise push for APIs is intensifying. Conventional human-mediated interactions – for instance, name facilities, department visits, guide workflows – are being changed by automated, always-on providers, as retailers, banks, and different industries race to monetize AI-enabled experiences. Meaning APIs aren’t simply inner glues anymore; they’re worth streamed, with the enterprise logic layer uncovered, scaled, and monetized.”
The rising use of agentic AI methods and the best way they act autonomously, making selections and triggering workflows, is ballooning the variety of APIs in play. “It isn’t simply ‘I expose one billing API’,” he continues, “now there are dozens of APIs that feed information to LLMs or AI brokers, settle for selections from AI brokers, facilitate orchestration between providers and micro-apps, and probably expose ‘agentic’ endpoints (by way of autonomous scheduling, procurement, and product configuration).”
Every AI agent implicitly introduces new APIs (instruments, providers, and information connectors) and multiplies the assault floor. “Briefly,” he says, “APIs are rising horizontally (extra endpoints), vertically (extra essential enterprise logic), and contextually (embedded into AI/agent flows).”
The impact of this speedy enhance in numbers and complexity, suggests Paul Nguyen, co-founder and co-CEO at Permiso, is that organizations will lose stock management. “By 2026, most enterprises might be unable to reply primary questions. What number of API endpoints exist? What number of API credentials are in use? What permissions does every credential have? When had been they final rotated? This visibility hole turns into a major safety danger.”
Attacking APIs in 2026
“APIs are probably the most direct hyperlink between customers and enterprise logic. Attackers know that weak authentication, enterprise logic flaws, and misconfigurations can open paths straight to delicate information,” warns Roseman. “In the meantime, shadow APIs – undocumented, forgotten, or misconfigured endpoints – proceed to develop, leaving organizations blind to giant parts of their assault floor. Because of this, APIs at the moment are the highest goal for web-based assaults.”
Barr provides that within the rush to deploy AI quicker, cheaper and AI-first, the adversary benefit grows and is made worse by legacy assumptions. “Many organizations assume their current internet utility firewall (WAF), content material supply community (CDN), or API gateway is adequate. However API safety, particularly when APIs embody enterprise logic or autonomous agent workflows, requires deeper behavioral and context-aware controls.”
The AI assault floor spans three distinct layers, every requiring specialised defenses, explains Eleanor Watson, IEEE member and AI ethics engineer. “On the information/mannequin layer: adversaries poison coaching datasets, inject backdoors into retrieval corpora, and compromise mannequin integrity. On the immediate / tooling layer: attackers deploy jailbreaks, execute oblique immediate injections by means of paperwork and web sites, and manipulate tool-use chains.”
And, “On the API / methods layer: threats embody mannequin extraction, coverage cloning, API abuse by means of chained software invocations, and polymorphic malware era utilizing code fashions.”
The Mannequin Context Protocol (MCP) launched by Anthropic in 2024, is inflicting specific concern. “Since launching MCP in November 2024, adoption has been speedy: the neighborhood has constructed 1000’s of MCP servers, SDKs can be found for all main programming languages, and the trade has adopted MCP because the de-facto customary for connecting brokers to instruments and information,” enthused Anthropic on November 4, 2025.
However whereas MCP has offered productiveness benefits, it additionally impacts API safety points, aggravated by the rising incidence of shadow MCP – that’s, MCP servers deployed by staff with out the oversight, formal approval and even data of the IT or safety groups.
“In 2026, repositories internet hosting MCP servers, A2A endpoints, and functionality plug-ins will grow to be prime targets. Simply as NPM, PyPI, and Docker Hub had been exploited to ship poisoned packages, MCP registries and agent marketplaces might be infiltrated with trojanized service manifests and malicious context suppliers,” warns Pascal Geenens, VP of cyber risk intelligence at Radware.
Ariel Parnes, COO at Mitiga and former IDF 8200 cyber unit colonel, warns: “The subsequent main cloud-scale breach received’t begin in a misconfigured bucket – it’ll begin in an MCP API. As organizations plug AI assistants into enterprise information, these new API layers will expose delicate methods in unpredictable methods. MCP abuse will emerge in 2026 because the central assault vector connecting SaaS, AI, and information exfiltration campaigns. Most enterprises nonetheless lack the visibility and management challenges wanted to safe this rising layer of integration.”
Gianpietro Cutolo, Cloud Menace Researcher at Netskope.
Attackers exploited OAuth and Third-party app tokens within the Salesforce and Salesloft incidents. “The identical risk sample is now rising in AI ecosystems. As AI brokers and MCP-based methods more and more combine with Third-party APIs and cloud providers, they inherit OAuth weakest hyperlinks: over-permissive scopes, unclear revocation insurance policies, and hidden data-sharing paths,” warns Gianpietro Cutolo, a Cloud Menace Researcher at Netskope.
“These integrations will grow to be prime targets for supply-chain and data-exfiltration assaults, the place compromised connectors or poisoned instruments enable adversaries to silently pivot throughout trusted AI platforms and enterprise environments.”
Briefly, “Agentic AI brings new dangers in API sprawl – too many unmanaged or shadow API endpoints, not sufficient governance – immediate injection and context poisoning (attackers manipulate AI inputs by way of APIs), and chained API exploits (exploit an AI agent and pivot to focus on interconnected APIs and methods),” says Black Duck’s Constantine.
George Gerchow, CSO at Bedrock Information and school at IANS Analysis recommends changing MCP Servers with safety posture administration (SPM) servers. “SPM and MCP servers serve two essentially totally different however complementary functions in AI safety,” he explains. “MCP servers are parts of the AI system that allow capabilities, whereas SPM is the overarching safety technique that screens and protects the complete system, together with the MCP Servers.”
AI might be harnessed to assault APIs in 2026
APIs have been a serious assault floor for years – the issue is ongoing. Beginning in 2025 and accelerating by means of 2026 and past, the speedy escalation of enterprise agentic AI deployments will multiply the variety of APIs and enhance the assault floor. That alone means that assaults in opposition to APIs will develop in 2026.
However the assaults themselves will scale and be more practical by means of adversaries’ use of their very own agentic AI. Barr explains: “Agentic AI implies that dangerous actors can automate reconnaissance, probe API endpoints, chain API calls, check business-logic abuse, and execute campaigns at machine scale. Possession of an API endpoint, significantly a self-service, unconstrained one, turns into a profitable goal. And AI can generate payloads, iterate rapidly, bypass easy heuristics, and map dependencies between APIs.”
Moreover, he continues, “Since APIs help AI / agent flows, attackers could goal the agent-API junction; for instance, by telling an AI agent to name a weak API in unintended methods or tricking the agent into exposing privileged API entry.”
Up to now, determining which pathways an API would use to entry consumer information required appreciable guesswork by the attackers. Now, explains Inti De Ceukelaire, chief hacker officer at Intigriti, “AIs are significantly good at predicting how APIs and their parameters will look. Now, these pathways can doubtless be found inside minutes.”
“Offense use instances,” continues Constantine, “embody adversaries weaponizing AI to automate API enumeration, fuzzing, and credential stuffing at scale. Generative fashions can craft sensible API requests to bypass filters and imitate legit consumer conduct.”
Moiz Virani, CTO and Co-Founder at Momentum,
“New API points are rising,” provides Moiz Virani, CTO and co-founder at Momentum, “significantly round safety, akin to agent-to-agent (A2A) communication vulnerabilities, the place a compromised agent might use its entry to assault different brokers or methods by way of the APIs. Moreover, the sheer quantity and pace of API calls generated by autonomous brokers make charge limiting, abuse detection, and detailed logging / auditing extra advanced to handle successfully.”
The API battlefield in 2026 might be intense. Adversarial use of AI will goal all enterprise APIs, whether or not conventional or newly launched MCP / agentic APIs. Within the latter case, the impact of a profitable breach may very well be dramatic.
Securing APIs within the age of AI
With the rising risk to safety by means of assaults in opposition to APIs within the coming years, we’re prone to see elevated efforts in securing them. API safety just isn’t not possible, however we now have not been profitable but. In 2026, the deployment of enterprise agentic AI functions will each enhance the adversaries’ assault floor and make exploitation extra dramatic.
“There are numerous methods to guard APIs in opposition to assaults and abuse. As functions evolve to be extra advanced, holding them safe does require a major funding. I wouldn’t be so certain that they are going to be higher secured sooner or later, as opening them as much as be primarily utilized by an organization’s AI agent could shift the accountability of safety to the agent somewhat than the API itself,” warns De Ceukelaire.
“APIs can completely be secured, however not by means of legacy instruments designed for internet functions. The subsequent era of API safety should mix steady visibility, behavioral analytics, context-driven entry, clever automation, and developer-native testing,” says Cequence Safety’s Barr. “Attackers now mix legit API calls with malicious sequences that exploit enterprise logic or abuse agentic workflows. Defenders should make use of real-time behavioral analytics that profile regular API utilization and detect deviations, akin to when an AI agent instantly makes repetitive data-exfiltration calls, or a session token is reused throughout unrelated transactions. These runtime analytics can enable defenders to identify delicate misuse earlier than it escalates right into a breach.”
“APIs will be secured, however success begins with visibility. You may’t shield what you don’t know exists.” provides Invicti’s Roseman. “A contemporary AppSec testing platform gives a multilayered strategy to API discovery and vulnerability testing. Discovery is achieved by layering runtime scanning, API administration integration, supply code repository mining, and manufacturing community site visitors evaluation throughout internet-facing proxy applied sciences like F5, NGINX, and Cloudflare.
“As soon as found,” he continues, “dynamic utility safety testing (DAST) engines validate reachable, exploitable vulnerabilities – overlaying OWASP High 10 API dangers, frequent API enterprise logic flaws like BOLA and BFLA, leaking secrets and techniques with weak authentication, and conventional internet app weaknesses like SQL injection or immediate injection.”
It’s advanced, however doable by means of multi-layered protection. “APIs will be secured by means of id governance, however not by means of technical hardening,” suggests Permiso’s Nguyen. “The safety mannequin requires complete discovery of all API credentials in use, permission rightsizing (every credential has solely the permissions it really wants), behavioral monitoring (alerting when credentials are used anomalously), and speedy response functionality (revoking compromised credentials).”
Ultimate ideas
API safety is doable however hasn’t but been finished. This downside will escalate in 2026. “APIs will grow to be probably the most useful and weak ingredient of digital infrastructure,” warns Radware’s Geenens. “As AI brokers start exchanging information and performing actions independently, API site visitors will surge past human oversight, exposing new pathways for exploitation. This growth will push API administration into the middle of safety technique.”
The issue isn’t distinctive to APIs – it’s a part of the nice conundrum of the Age of Synthetic Intelligence. Enterprise develops and deploys AI for elevated enterprise effectivity, whereas attackers develop and deploy (typically the identical) AI for elevated assault effectivity. Each are efficient – so cybersecurity defenders are pressured to develop and deploy further AI to defend enterprise AI from dangerous actor AI whereas concurrently additional rising the assault floor.
It’s a part of the endless cycle of assault and protection. Plus ça change, plus c’est la même selected.
Associated: SesameOp Malware Abuses OpenAI API
Associated: Claude AI APIs Can Be Abused for Information Exfiltration
Associated: Uncovered Docker APIs Possible Exploited to Construct Botnet
Associated: Insurance coverage Agency Lemonade Says API Glitch Uncovered Some Drivers’ License Numbers
