Rapid adoption of AI across the Asia‑Pacific region has intensified pressure on API security, creating a widening gap between innovation velocity and defensive maturity, according to Akamai’s 2026 Apps, APIs and DDoS State of the Internet report. The vendor’s APAC insights warn that APIs — the connective tissue of many AI‑driven services — are increasingly the primary attack surface for threat actors.
Akamai observed nearly 65 billion web application and API attacks in APAC during 2025, a 23% increase year‑on‑year. The report also noted triple‑digit global growth in daily API attacks and that 87% of surveyed organisations worldwide experienced an API‑related security incident in 2025.
Layer 7 distributed denial‑of‑service (DDoS) attacks rose 104% globally over two years; these attacks target application‑level processes that handle user requests and can directly disrupt APIs and the services they underlie.
The character of attacks is shifting from simple exploitation to business logic abuse. In APAC, 61% of API attacks in 2025 involved unauthorised workflows or abnormal activity, the report states, describing tactics such as automated transactions, scraping, or repeated legitimate calls that exhaust resources or consume costly AI tokens.
Akamai also observed AI‑powered bots increasingly mimicking legitimate traffic to evade conventional defences.
Sectors that depend heavily on APIs remain prominent targets. Retail and financial services were singled out for exposure because of digital payments and cross‑border services; telecommunications and high‑technology firms also reported rising pressure as they scale API‑driven offerings.
Akamai’s analysis highlights divergent regional risk profiles. In highly digitised markets such as Singapore and Japan, large API portfolios create visibility challenges and a sprawling attack surface. In emerging digital economies including Vietnam and Thailand, swift digitisation is outpacing local security capabilities and talent, increasing susceptibility to attacks.
The report also flagged risks introduced by AI‑assisted low‑code development. Faster delivery of code can carry misconfigurations or insecure API defaults into production without adequate review, compounding visibility and governance problems.
“Across APAC, AI adoption is accelerating business transformation at an unprecedented pace. However, this speed has also caused a rapidly increasing governance gap, forcing organisations to rethink their overall risk landscape,” said Reuben Koh, director of security technology and strategy, APJ at Akamai.
“Organisations must prioritise building stronger operational governance to allow innovation to continue at speed. They also need clearer visibility of their APIs, have to manage AI bots and agents, require real‑time monitoring across the stack, and need to build security into applications from code to runtime.” Reuben Koh
The report concludes that as autonomous AI systems become more embedded in operations, resilience at the API layer will be decisive for firms seeking to scale safely, with failure likely to bring operational disruption, financial loss and reputational damage.
