Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs

by Amy Larsen DeCarlo, posted in Secure
Headshot of a woman with long blonde hair, wearing a black jacket over a beige sweater, smiling against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• APIs are an alluring target for threat actors now with the average number of daily API attacks soaring by 113% versus last year.

• More than 60% of the attacks in 2025 were affiliated with unauthorized workflows and activity that veered from the norm; indicators that are cybercriminals shifted from conventional web breaches to behavior-based incidents.

AI is changing the threat landscape, and it is doing so at lightning speed. Aggressive threat actors are putting the technology to work to expedite endpoint discovery and improve overall efficiencies. This has left enterprises flat-footed, often missing breaches until the real losses are finally discovered.

Recently published research from security, cloud and content delivery network (CDN) provider Akamai finds APIs are often the adversaries’ target of choice. Based on data from an internal tool to assess security events identified on the Akamai cloud, which is comprised of 340,000 servers in 4,000 locations on 1300 networks in 130 countries, the research showed incidents increasing in sophistication and affect.

APIs are an attractive target for adversaries because they provide access to sensitive and high value backend data, end user accounts, and IP. Too often, organizations deploy them quickly without taking adequate security measures to restrict access. Akamai reported that each enterprise client assessed in its research data had approximately 3,000 APIs with access to confidential data. Of those 12% had security vulnerabilities.

With respect to API-related incidents, the top five issues were security misconfigurations (just under 40%), Broken Object Property Level Authorization (35%), broken authentication (19%), Broken Function Level Authorization (4%), and improper inventory management (1%).

Web attacks of incidents involving API endpoints and web applications rose 73% in 2025 versus 2023. Organizations are clearly struggling to keep with the onslaught of incidents. To that end, Layer 7 Distributed Denial of Service (DDoS) attacks increased by 104% between 2023 and 2025, thanks in part to bad actors leveraging super botnet services such as Kimwolf to launch attacks.

The message is clear; enterprises need to reassess their security strategies in light of AI-driven attacks, taking particular care to evaluate where there may be significant gaps in API protections. One reason the API issue is bubbling up now is that AI relies on APIs for integration and data communications. So as organizations under pressure to deploy more AI-driven applications do so at a fast pace, often without taking enough time to make sure adequate API protections are in place. This opens the entire enterprise up to exposures that can result in identify theft, fraud, and regulatory non-compliance.

It bears repeating, security needs to be integral to every stage of the application lifecycle. If anything, AI is heightening the need to take a step back and ensure that this is foundational element before, during, and after an application is in production.

Leave a Reply