More than 150 billion Application Programming Interface (Api) Attacks were observed in the wild during 2023 and 2024, according to data released this week by cloud security specialist akamai, with the growth of artificial intelligence (ai) power (ai) AI-Enabled Attacks Compounding to create a steadily expanding attack surface.
In its latest State of Apps and API Security 2025 Report, Akamai also said it observed Volumes of Web-Based Cyber Attacks Up by a Tird Over the Course of 2024 to 311 billion all Told, A Pronounced Surge that appears to correlate to an exempans The Scope of Threats Arising from Ai.
“AI is transforming web and api security, enhancing threat detection but also creating new challenges,” said rupesh chokshi, Senior Vice-President and General Manager of Akamai ' Portfolio. “This report is a must read to understand what's driving the shift and how defenders can stay ahead with the right mitigation strategies.”
Akamai said the integration of ai tools with core platforms via Apis is “substandally” expanding the attack surface beCAuse the Vast Majority of Ai-Powered APIS ARNLIY PUMANSICE But tend to relay on inadequate protects, Lacking such things as authentication mechanisms, for example. This problem is now also compounded by a growing number of Ai-Driven Attacks.
For end-reans, this means that when security teams are able to enhance web application and api security by enhancing their defensive capabilities with ai-powered automation-for example, by examping to feed Threats, Predict Possible Breaches and Bringing Down Incident Response Times – AI also Helps Attacks Improve the Effectiveness of their Attacks by automating web scraping and brings Methodologies to bear.
Looking ahead, akamai said that although ai-driven api management would have doubtless continue to evolve to evolve, AI-Driven Attacks Today More Robust, defense-in-depth Security strategies.
Web Attacks
Turning to Web Attacks, Akamai said that it observed a dramaatic Rise in application layer (Aka Layer 7) Distribute-Denial-of-Service (DDOS) Attacks Targeting Both Web Apps and APIS, with Monthly Volumes Growing from Over 500 Billion at the start of 2023 to more than a trillion at the end of 2024-bad bots and the persona of the persona Attack Vector season to have driven this.
The technology sector was the most frequently targeted vertical for
Broken out by geography, emea was on the receiving end of 2.7 Trillion Layer 7 DDOS Attacks, 306 Billion Hitting Targets in the UK and 369 Billion in Germany.
Akamai said that safeguarding web apps and apis would continue to be an ever more essential need for organisations. It laid out a number of key actions that Security Leaders Shoulders Shoulder Taking:
- To lay down an api security plan if you want and devsecops techniques to integrate security from Initial API Design Through Post-PRODUCTION, Paying Particular Attention to Contentation to Content Discovery and Visibility, Authentication, Rate Limiting and Bot Mitigation;
- Implement more Robust Core Security Measures Such as Continuous Threat Monitoring and Response, And Use API Testing tools Such as Dynamic Application Security Testing (dast);
- Be Proactive Against Threats, Using Specialized DDOS Protection Tools, For Example, and Paying Attention to Patch Management, Access Control and Network Segmentation;
- Act Early to Mitigate API Vulnerabilites, Following Establed Guidelines, Such as Owasp's, to Help Ensure More Robust Security, and Address Risks Risks Assocated with Bad COTH COTH COD COD COD COD COTICE PRATICE Misconfigurations;
- Pay more Attention to Ransomware Threats, Taking Advantage of Zero-TRUST Architectures, MicroseGmentation, and The Mitre Att & CK Framework;
- Finally, prepare for ai with defense strategies that include bot defense, AI-Powered Cyber Tools, Specialist Firewalls and More Proactive Measures Such as Consuration and Zero Trust.