Akamai Research Finds APIs Emerge as Primary Attack Surface for AI Transformation

Got story updates? Submit your updates here. ›

Akamai's 2026 Apps, APIs, and DDoS State of the Internet (SOTI) report reveals a decisive shift in the threat landscape, with attackers industrializing their methods and targeting the infrastructure that fuels business growth and AI transformation. As organizations accelerate AI adoption, APIs have become the primary attack surface, with attacks evolving into coordinated campaigns that blend API abuse, web application attacks, and Layer 7 DDoS activity.

Why it matters

The report highlights how cybercriminals are following enterprise AI investment, exploiting APIs as the fastest path to scale, disruption, and profit. This underscores the critical need for organizations to secure APIs as the foundation of their AI transformation efforts.

The details

The report data shows a surge in Layer 7 DDoS attacks (104% over the past two years), API-related security incidents (87% of surveyed organizations reported experiencing one in 2025), and web application attacks (73% increase between 2023 and 2025). The average number of daily API attacks also rose 113% year over year. Attackers are increasingly focused on degrading performance, driving up infrastructure costs, and exploiting AI-driven automation at scale.

• The 2026 Apps, APIs, and DDoS SOTI report covers trends observed over the past two years.
• The report was released on March 17, 2026.

What they’re saying

What’s next

The report includes a deep dive on regional attack trends, expert insight into the economics of modern internet attacks, and a guest column that explores defenses against emerging agentic AI threats, along with practical mitigation strategies.