Akamai: AI-Based API Attacks Ramp Up, APAC Firms Could Suffer Substantial Losses

The cybersecurity company Akamai Technologies has revealed that attacks on application programming interfaces (APIs) related to artificial intelligence (AI) technologies are becoming more prevalent in the Asia-Pacific (APAC) region. As a result, companies in the region face substantial losses, averaging more than $1 million per incident. The findings are published in the APAC edition of the ‘API Security Impact Study’ by Akamai. In the study, 81 percent of respondents reported experiencing an API security incident in the last 12 months. The average loss per incident amounted to more than $1 million (about IDR 17 billion), a significant rise from the previous year’s $580,000. Akamai notes that incidents involving APIs connected to AI technologies—including AI applications, AI agents, and large language models (LLMs)—are among the most common. Some 43 percent of respondents described these attacks as the threats they face most often. Meanwhile, Japan recorded the largest average loss per incident, at $1.59 million, followed by Singapore at $1.33 million. Despite rapid AI adoption, the report highlights that API security readiness remains behind. Only 22 percent of respondents had a complete API inventory and knew which APIs handled sensitive data. This situation indicates a gap between digital transformation ambitions and security readiness. Companies are racing to launch AI-based services, but the APIs that underpin them are becoming harder to monitor and secure. Reuben Koh, Director of Security Technology & Strategy for Asia Pacific and Japan at Akamai, said that weak API security could have broader impacts, not only technically. ‘As APIs supporting AI-powered applications continue to grow and become blind spots, the impact goes beyond increased technical risk. It can also trigger major service disruptions, high recovery costs, and a loss of trust,’ Koh said in an official statement received by KompasTekno on Tuesday (19 May 2026). The report also reveals that 72 percent of companies say they are increasing attention to API security. However, only 19 percent have fully integrated security testing across the entire software development lifecycle. Moreover, there are differences in perspective between management and technical teams. 56 percent of senior executives feel prepared to face the threat, while only 44 percent of application security teams share the same confidence. Yet, implementation remains limited. Only 63 percent include APIs in risk assessments, and 40 percent include them in reporting. Akamai notes that a lack of API visibility is now not only a security issue but also a compliance challenge in the AI era. Without a clear understanding of which APIs are used and the data they manage, companies risk difficulties in meeting increasingly stringent regulatory demands. Therefore, Akamai recommends firms enhance API visibility and governance, and integrate security testing from the early stages of development. This step is seen as essential to ensuring AI systems can operate safely and reliably amid rising cyber threats. KOMPAS.com remains committed to delivering clear, reliable, and balanced facts. Support the sustainability of clear journalism and enjoy ad-free reading by joining KOMPAS.com Plus today.