Akamai: API Attacks in Asia-Pacific Rise Significantly, Driven by AI Trends

Cybersecurity firm Akamai Technologies has revealed a sharp rise in attacks on applications and APIs in the Asia-Pacific (APAC) region. According to Akamai, the number of such attacks reached nearly 65 billion throughout 2025. This figure represents a 23% increase compared to the previous year. In its “State of the Internet (SOTI) 2026” report, Akamai states that the rise in attacks is partly due to the artificial intelligence (AI) trend. Currently, many companies are adopting an AI-first strategy by embedding AI features into their products. However, this strategy is built on Application Programming Interfaces (APIs) that are vulnerable to cyberattacks. APIs themselves serve as connectors between digital systems, such as applications, customer services, and financial transactions. As the number of APIs grows rapidly, the potential security gaps also widen. Akamai notes that 87% of organisations globally experienced API-related security incidents throughout 2025. Indeed, the number of daily API attacks has grown into three digits. Additionally, Layer 7 DDoS attacks targeting application-level processes have increased by 104% over the past two years. Unlike traditional attacks that flood networks, this type directly targets systems handling user requests, including APIs. In the APAC region, around 61% of API attacks involve unauthorised activities that exploit application workflows. This means attackers are no longer just exploiting technical vulnerabilities but also manipulating how applications work. These attacks are increasingly difficult to detect because they use AI bots that can mimic genuine user behaviour. The retail and financial services sectors are primary targets due to their heavy reliance on APIs to support digital transactions. Meanwhile, the telecommunications and technology sectors are also under pressure as API-based services grow. Akamai assesses that the acceleration of AI-based innovation has not been matched by adequate security system readiness. In developing countries like Vietnam and Thailand, digitalisation is often not accompanied by sufficient security resources. The use of AI-based development technologies like low-code also speeds up the creation of applications and APIs, but this risks introducing weak security configurations. Akamai also recommends that companies improve visibility into APIs, manage bots and AI agents, and implement real-time monitoring. Additionally, security aspects must be integrated from the development stage through to operations.