Organisations across Asia‑Pacific are rapidly embedding AI into core business operations, but new research from Akamai warns that this transformation is exposing a critical and increasingly targeted layer of the digital stack: APIs. According to fresh APAC insights from Akamai’s 2026 Apps, APIs and DDoS State of the Internet (SOTI) report, the region’s AI‑driven momentum is outpacing API security maturity, widening a governance gap with material financial and operational consequences.
In 2025, APAC recorded nearly 65 billion web application and API attacks, a 23% year‑over‑year increase. Globally, Akamai reports triple‑digit growth in daily API attacks, while 87% of surveyed organisations experienced at least one API‑related security incident last year. Layer 7 DDoS attacks which target application processes rather than bandwidth have risen 104% globally over two years, posing direct risk to API‑driven services and AI‑powered applications.
“AI is accelerating innovation across APAC, but that same speed is widening the governance gap and APIs are now the fault line.”
— Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai
Attack patterns are also shifting. In APAC, 61% of API attacks involved unauthorised workflows and abnormal behavioural patterns, signalling an increase in business logic abuse. This includes automated transactions, data scraping, and repeatedly triggering legitimate API calls to degrade performance or consume expensive AI inference tokens. AI‑powered bots are increasingly mimicking normal user behaviour, making detection far more complex.
Sectors with high API reliance retail, financial services, telecommunications, and high‑tech remain primary targets.
Innovation Rising Faster Than Security
Akamai’s report reveals stark differences in API security readiness across APAC. Mature markets like Singapore and Japan face sprawling API ecosystems with limited visibility, while emerging digital economies such as Vietnam and Thailand are digitising faster than they can secure, hampered by cybersecurity talent shortages.
AI‑assisted low‑code development is further accelerating API creation but often introduces misconfigurations and insecure defaults.
Koh said organisations must urgently rethink security governance. He emphasised the need for complete API visibility, bot and agent management, real‑time monitoring, and security woven from code to runtime. “As autonomous AI becomes embedded in operations, resilience at the API layer will define how confidently companies can scale,” he said.
Akamai’s SOTI report, now in its 12th year, continues to provide critical intelligence on global cybersecurity trends.