Adversaries have under-protected APIs in their sights

2026-04-02 · Source: Tech Monitor · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, quick

Summary

Akamai's recently published research indicates that APIs are increasingly becoming the primary target for cyber adversaries, with daily API attacks rising 113% in 2025 compared to the previous year. The study, based on data from Akamai's cloud network spanning 340,000 servers globally, found that over 60% of 2025 attacks involved unauthorized workflows, signaling a shift towards behavior-based incidents. Each enterprise client assessed had approximately 3,000 APIs accessing confidential data, with 12% exhibiting security vulnerabilities. Top API-related issues included security misconfigurations (nearly 40%), Broken Object Property Level Authorization (35%), and broken authentication (19%). Web attacks, including API endpoints, increased 73% in 2025 versus 2023, while Layer 7 DDoS attacks rose 104% in the same period, partly due to super botnet services.

Key takeaway

For CTOs and VPs of Engineering deploying AI-driven applications, you must reassess your cybersecurity strategies, specifically focusing on API protections. The rapid adoption of AI increases API exposures, leading to potential identity theft, fraud, and regulatory non-compliance. Ensure security is a foundational element integrated at every stage of the application lifecycle, from design through production, to mitigate these heightened risks.

Key insights

AI accelerates cyberattacks, making APIs a prime target due to their access to sensitive backend data.

Principles

• AI enhances both cyber defense and offense.
• APIs are critical attack vectors for data access.

In practice

• Implement robust API security measures.
• Integrate security throughout the application lifecycle.

Topics

• API Security
• AI-driven Attacks
• Cybersecurity Strategy
• Akamai Research
• DDoS Attacks

Best for: CTO, VP of Engineering/Data, AI Architect, AI Security Engineer, Security Engineer, IT Professional

Related on AIssential

• this is really bad... — AI significantly amplifies cyberattack capabilities, necessitating advanced AI-driven defenses and highlighting geopolitical risks.
• A Doomer’s Guide to Saving Cybersecurity — and the Internet — AI-driven threats necessitate autonomous AI defenders to achieve machine-speed cybersecurity and overcome human latency.
• Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck — Multiple cybersecurity incidents and privacy concerns highlight pervasive digital vulnerabilities and data exploitation across consumer and government sectors.
• Addressing Cybersecurity Risks in AI App Development in Dubai — Secure AI development requires a proactive, integrated approach across the entire AI lifecycle to mitigate diverse cyber threats.
• Cloud attacks are getting faster and deadlier - 4 ways to secure your business — AI accelerates cyberattacks, shifting focus to third-party software vulnerabilities and identity exploitation.
• New AI attack reality💥 — AI-powered worms signify a new era of rapid, high-volume attacks, making attempts to halt AI development futile.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Tech Monitor.