Adversaries have under-protected APIs in their sights

APIs are an attractive target for adversaries because they provide access to sensitive and high-value backend data, end-user accounts and IP addresses. Credit: SuPatMaN via Shutterstock.com.

As both a defensive device and an offensive weapon, AI is having a sweeping effect on cybersecurity. While enterprises are eager to add AI to their toolkits, bad actors have been faster to include it in their arsenals. The result is they are able to accelerate endpoint identification and expedite attack efficiencies. This has caught enterprises off guard, missing breaches often until the real losses are finally discovered.

Recently published research from security, cloud and content delivery network (CDN) provider Akamai finds APIs are often the adversaries’ target of choice. Based on data from an internal tool to assess security events identified on the Akamai cloud, which is comprised of 340,000 servers in 4,000 locations on 1300 networks in 130 countries, the research showed incidents increasing in sophistication and effect.

APIs are an attractive target for adversaries because they provide access to sensitive and high-value backend data, end-user accounts and IP addresses. Too often, organisations deploy them quickly without taking adequate security measures to restrict access. Akamai found the average number of daily API attacks increased 113% in 2025 versus the prior year. More than 60% of the attacks in 2025 were affiliated with unauthorised workflows and activity that veered from the norm; indicators that cybercriminals shifted from conventional web breaches to behaviour-based incidents.

Akamai reported that each enterprise client assessed in its research data had approximately 3,000 APIs with access to confidential data. Of those, 12% had security vulnerabilities.

With respect to API-related incidents, the top five issues were security misconfigurations (just under 40%), Broken Object Property Level Authorization (35%), broken authentication (19%), Broken Function Level Authorization (4%), and improper inventory management (1%).

Web attacks – comprised of incidents involving API endpoints and web applications rose 73% in 2025 versus 2023. Organisations are clearly struggling to keep up with the onslaught of incidents. To that end, Layer 7 Distributed Denial of Service (DDoS) attacks increased by 104% between 2023 and 2025, thanks in part to bad actors leveraging super botnet services such as Kimwolf to launch attacks.

The message is clear: enterprises need to reassess their security strategies in light of AI-driven attacks, taking particular care to evaluate where there may be significant gaps in API protections.

One reason the API issue is bubbling up now is that AI relies on APIs for integration and data communications. So, as organisations under pressure to deploy more AI-driven applications do so at a fast pace, often without taking enough time to make sure adequate API protections are in place.

This opens the entire enterprise up to exposures that can result in identity theft, fraud, and regulatory non-compliance.

It bears repeating that security needs to be integral to every stage of the application lifecycle. If anything, AI is heightening the need to take a step back and ensure that this is a foundational element before, during, and after an application is in production.

close

Sign up to the newsletter: In Brief