Cybersecurity leaders are increasingly framing artificial intelligence as a “risk multiplier” rather than a neutral tool, after a new Akamai survey highlighted growing exposure across organisational application programming interfaces (APIs).
The research comes as many organisations accelerate API deployment without what respondents describe as adequate protection or testing before going live.
Akamai said the findings reflect four years of tracking the state of API security through its API Security Impact Survey. This year’s study draws on a global survey of 1,840 security professionals across six industries and 10 countries.
Source: API Security Impact Study 2026, Akamai
According to the results, API attacks continue to rise: 87% of respondents reported an API-related security incident in the past year, up from 76% in 2022. Respondents also reported that organisations experienced 3.5 API-related security incidents on average over the previous 12 months, with an average cost exceeding US$700,000 per incident.
The survey also suggests that AI is tightening the link between development speed and security strain. Security teams ranked securing AI technologies as their top cybersecurity priority (38%) for the next year.
More specifically, 42% of security professionals said APIs that power their AI applications, agents and large language models (LLMs) were targeted by cyberattacks within the past 12 months. Akamai positioned this as consistent with its broader view that APIs are a key attack surface for cybercriminals.
Concerns extend beyond direct attack rates to organisational visibility. Akamai reported that only 23% of enterprises with full API inventories know which APIs expose sensitive data, down from 40% in 2022. In practical terms, that implies fewer teams can confidently assess the most sensitive endpoints—especially as AI use cases can add more integrations, connectors and data flows.
Leadership expectations and operational reality also appear misaligned. Nearly 80% of enterprises rank API security among their top three cybersecurity priorities, yet 40% of C-suite leaders report advanced API testing maturity compared with 28% among DevSecOps teams. Akamai further noted that 53% of organisations have dedicated personnel responsible for API security.
In comments accompanying the survey, Sean Lyons, senior vice president and general manager for application and infrastructure security at Akamai, warned that API expansion is outpacing oversight.
“The rapid expansion of the API attack surface means organisations who rely heavily on APIs face significant risks, financial impact, and compromised visibility. If you’re adopting AI, API security can't be an afterthought.” Sean Lyons
The study’s recommendations focus on strengthening foundations: discovering and inventorying APIs connected to LLMs and AI applications, embedding security testing throughout the API lifecycle, and treating API security as a prerequisite for trusted AI systems.
