SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Reuben koh portrait 02
#
Firewalls
#
DDoS
#
Digital Transformation

Akamai warns of rising API attacks across APAC as AI spreads

Wed, 1st Apr 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Akamai has reported a rise in web application and API attacks across Asia-Pacific, with its latest research pointing to a widening security gap as organisations expand their use of AI.

In 2025, Akamai recorded nearly 65 billion web application and API attacks in the region, up 23% from a year earlier. Globally, 87% of surveyed organisations experienced an API-related security incident during the year, while daily API attacks rose at triple-digit rates.

APIs sit behind many digital services now being reshaped by AI, including customer support tools, financial systems and supply chain software. That has made them a central target for attackers, particularly in retail, financial services, telecommunications and high technology.

The figures also show a shift in the type of attacks hitting companies. In Asia-Pacific, 61% of API attacks in 2025 involved unauthorised workflows and abnormal activity, suggesting attackers are increasingly abusing the intended logic of applications rather than only exploiting technical flaws.

This includes automating transactions, scraping data and repeatedly triggering legitimate API calls in ways that disrupt services or drive up the use of AI tokens. AI-driven bots are also increasingly targeting APIs directly and imitating legitimate traffic to evade conventional security controls.

Attack trends

Layer 7 distributed denial of service attacks are also rising alongside the increase in API abuse, with such attacks up 104% globally over the past two years.

Unlike volumetric attacks that flood network bandwidth, Layer 7 attacks target the application processes that respond to user requests. Because APIs operate at the same layer, these attacks can directly disrupt digital transactions and online services used by businesses and consumers.

The regional picture is uneven. In more mature digital markets such as Singapore and Japan, companies often face a sprawling estate of APIs, making visibility and oversight harder as the number of endpoints grows. In faster-growing digital economies including Vietnam and Thailand, rapid adoption is outpacing local security resources and expertise.

A shortage of cyber security talent is one factor behind that imbalance. As more services move online and more businesses connect systems through APIs, smaller security teams can struggle to identify what is exposed and how it is being used.

AI pressure

The report also links AI-assisted software development to the expanding risk. Tools used to speed up coding and application creation can introduce misconfigurations or insecure default settings, which may reach live systems without sufficient human review.

That can leave organisations with more APIs in operation, greater complexity to manage and more openings for attackers. The issue is not limited to one type of market, but reflects a broader mismatch between the pace of digital development and the strength of security controls.

For industries with heavy API use, the risks are more immediate. Retailers and financial institutions rely on APIs for payments, account access and cross-border services, while telecommunications groups and technology companies are expanding connected digital products that create further points of exposure.

As a result, security teams are being pushed to monitor not only external attacks but also misuse of legitimate application behaviour. That is harder than blocking known malicious signatures because the traffic can resemble normal customer or system activity.

The consequences are already visible in financial and operational disruption reported by businesses in the region. The report argues that securing the API layer is becoming more important as AI systems take on a larger role in everyday business operations.

Reuben Koh, Director of Security Technology and Strategy, APJ, Akamai, said: "Across APAC, AI adoption is accelerating business transformation at an unprecedented pace. However, this speed has also caused a rapidly increasing governance gap, forcing organisations to rethink their overall risk landscape.

Organisations must prioritise stronger operational governance to allow innovation to continue at speed. They also need clearer visibility of their APIs, better management of AI bots and agents, real-time monitoring across the stack, and security built into applications from code to runtime. Failure to do so could result in widespread operational disruption, huge financial losses and erosion of customer trust. Today, APIs are no longer just connecting systems to data, but have become an essential part of the enterprise data fabric.

As autonomous AI systems become more deeply embedded in business operations, resilience at the API layer will determine how confidently companies can scale. Securing these foundations will become essential to sustaining long-term business growth for every organisation in the AI era."

Related stories
TCS expands Google Cloud tie-up with four AI offerings
Keeper launches Verify Mode to block phishing logins
TCS expands Google Cloud partnership for autonomous AI
KnowBe4 names APJ partner award winners in Singapore
Global real estate company strengthens MFA security with Inde

Top stories

ACI & Kinexys add payee checks to bank payment flows
Anthropic's Mythos sparks governance fears over cyber risk
Fortinet boosts AI security & sustainability efforts
Heligan launches new strategic advisory & risk unit
Fake CAPTCHA pages trigger SMS fraud, Infoblox warns