IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape.
While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals a troubling pattern: APIs and integrations are often the real entry point, and they’re frequently under-secured.
At Wallarm, we’ve been banging this drum for a while. AI security is API security, and organizations must wake up to that fact to avoid disaster.
Weak API Access Controls Are the Fastest Path into AI Systems
Among AI-related breaches, an overwhelming 97% lacked proper access controls. The most common attack vector was through the AI supply chain – compromised apps, APIs, or plug-ins – leading to data compromise in 60% of cases and operational disruption in 31%.
This mirrors our own findings in the 2025 Wallarm ThreatStats report:
- 98.9% of AI-related vulnerabilities we tracked were API-related
- 89% used weak authentication, like static keys
An exposed API can be the shortest path into your AI environment. If access controls are weak, attackers don’t need to target the AI model itself – they can compromise the interfaces that feed it data or deliver its output. This misalignment creates serious vulnerabilities, and organizations deploy APIs without adequate testing or monitoring.
Tightening authentication and authorization at integration points is a faster, cheaper, and more reliable way to reduce risk than hardening the model alone.
Governance Gaps Leave AI Deployments Unprotected
Unsurprisingly, 63% of breached organizations had no AI governance policy or were still developing one. Even among those with policies, less than half had approval processes for AI deployments, and 61% lacked AI governance technologies.
This is a clear example of why it’s important not to view governance as bureaucracy.
Governance makes the difference between knowing exactly how an AI system is exposed and having no idea which APIs, integrations, or datasets it touched. Without governance, organizations deploy AI into production without a security baseline, threat model, or lifecycle management plan.
Ultimately, AI and API governance should be tightly linked. Every AI deployment should trigger an API inventory and review process before it goes live, ensuring consistent authentication, logging, and monitoring from day one.
Shadow AI Significantly Increases Breach Costs
According to IBM, 20% of organizations suffered breaches tied to shadow AI – AI models or applications deployed without security review. In these cases, average breach costs were $670,000 higher, and the customer was compromised more often (65% vs 53%).
Shadow AI is a significant technical blind spot. These deployments often involve undocumented or untested APIs that are reachable from the internet, lack authentication, and sit entirely outside of logging and monitoring pipelines. Once breached, the damage is harder to contain because no one has mapped the system’s dependencies or data flows.
To protect your environment, it’s crucial to treat discovery as an automated and continuous process. It’s the only way to surface untracked APIs before they become breach entry points.
AI Supply Chain Compromises Are Slow and Costly to Resolve
30% of AI breaches stemmed from supply chain compromise, often through third-party APIs. These incidents had the longest average lifecycle of 267 days from identification to containment.
AI systems typically rely on external APIs for training data, enrichment, or integration into business workflows. When a partner’s API is compromised, you inherit that risk – and because it’s someone else’s system, detection and remediation drag on. 267 days gives attackers ample time to quietly harvest data or manipulate outputs.
It’s worth mentioning that Wallarm’s 2025 ThreatStats Report tracked similar supply chain breaches – including Dell, Twilio, and Internet Archive – all tied to API flaws in third-party integrations.
Detection Speeds Still Measured in Months, Attackers Work in Seconds
The IBM report found the overall average breach lifecycle to be 241 days from detection to containment. Even with AI and automation tools, most breaches still took months to resolve.
And the fact is that attackers don’t work on these timelines. In Wallarm’s Honeypot Report, our researchers discovered new APIs in 29 seconds and exploited them within 6 seconds. Leaving them unsecured is the equivalent of leaving your front door open and expecting a burglar to wait eight months before walking in.
Automation and AI Can Cut Breach Costs by Millions
That said, although breach lifecycles remained excessively long, they did decrease for organizations that used AI and automation extensively. In fact, timelines fell by 80 days, and, crucially, costs fell by $1.9 million on average.
It’s clear, then, that automation is necessary for survival. For APIs, that means automated discovery to eliminate blind spots, continuous traffic monitoring to catch anomalies, and real-time blocking to stop exploitation before damage is done.
Key Takeaways for Security Teams
For organizations looking to secure themselves against AI and API-related threats, these findings point us towards five key priorities:
- Implement strong API access controls: Weak or missing controls were present in almost all API-related breaches.
- Establish governance before deployment: Review AI systems and their APIs for security compliance prior to launch.
- Identify and secure all assets: Maintain an accurate inventory to address shadow AI and shadow APIs.
- Assess third-party integrations: Include API security testing in vendor and supply chain risk management.
- Automate monitoring and response: Use continuous monitoring and automated blocking to reduce breach detection and containment times.
The key takeaway? We’ll say it again: AI security is API security. And only the organizations that recognize that fact will be able to protect themselves in the years to come. While AI-related breach numbers are low now, if security teams don’t act, that will change.
With Wallarm, you can implement all of these measures from a single platform. Schedule a demo to find out how we can help secure your APIs and protect against AI-related threats.
The post IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security appeared first on Wallarm.
