MCP vulnerabilities increased by 270% from Q2 to Q3
lab.wallarm.comSome other data:
The OWASP Business Logic Abuse Top 10, released this year, formalizes this growing class of attacks. And with 82% of businesses now describing themselves as API-first, the logic layer has become a lucrative new target.
Security Misconfiguration (API8) once again topped the list with 605 cases, up 33% quarter over quarter.
Broken Authorization (API5, API1) accounted for roughly 28% of all API vulnerabilities.
Broken Authentication (API2) climbed sharply, driven by weak credential enforcement in REST and SOAP APIs.