AI Transformation at Risk: APIs Emerge as the Primary Attack Surface, Akamai Research Finds

Rhea-AI Summary

Akamai (NASDAQ: AKAM) released its 2026 Apps, APIs, and DDoS State of the Internet report on March 17, 2026, warning that APIs are the primary attack surface as cybercriminals industrialize attacks against AI-enabled infrastructure.

Key metrics: Layer 7 DDoS attacks surged 104% over two years, daily API attacks rose 113% YoY, web application attacks increased 73% (2023–2025), and 87% of organizations reported an API-related incident in 2025.

Positive

• Layer 7 DDoS activity quantified with a 104% increase over two years
• 113% year-over-year rise in average daily API attacks provides actionable telemetry
• 87% of organizations reported API incidents in 2025, highlighting widescale visibility

Negative

• Web application attacks climbed 73% between 2023 and 2025
• API-centric attacks and DDoS are becoming cheap, repeatable, and scalable
• Emergence of DDoS-for-hire and "super botnets" increases attack availability and impact

Key Figures

Layer 7 DDoS surge: 104% API incidents prevalence: 87% Web app attacks rise: 73% +5 more

8 metrics

Layer 7 DDoS surge 104% Increase in Layer 7 DDoS attacks over the past two years

API incidents prevalence 87% Organizations reporting an API-related security incident in 2025

Web app attacks rise 73% Growth in web application attacks between 2023 and 2025

API attacks growth 113% Year-over-year increase in average daily API attacks

SOTI report year 12th year Duration of Akamai’s State of the Internet reporting series

Price vs 52-week high -7.1% AKAM position relative to 52-week high of 113.5 pre-news

Price vs 52-week low 56.18% AKAM level above 52-week low of 67.51 pre-news

AI-tag average move 1.07% Average 24h move on last 5 AI-tagged headlines

Market Reality Check

Price: $105.44 Vol: Volume 4,685,714 is close...

normal vol

$105.44 Last Close

Volume Volume 4,685,714 is close to the 20-day average of 4,833,944, indicating no major pre-news positioning. normal

Technical Shares trade above the 200-day MA at 83.96, about 7.1% below the 52-week high of 113.5 and well above the 52-week low of 67.51.

Peers on Argus

AKAM was down 2.07% while key software/security peers were mixed: SAIL, OKTA, FF...

1 Down

AKAM was down 2.07% while key software/security peers were mixed: SAIL, OKTA, FFIV, and RBRK were negative, but TWLO was positive. Momentum scanner only flagged NTAP moving down, reinforcing a stock-specific reaction rather than a coordinated sector move.

Previous AI Reports

5 past events · Latest: Mar 05 (Positive)

Same Type Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Mar 05	AI cluster agreement	Positive	-1.9%	Revealed four-year, $200M NVIDIA Blackwell GPU cluster hosting deal.
Mar 03	AI platform expansion	Positive	+4.5%	Announced thousands of NVIDIA Blackwell GPUs for distributed AI inference platform.
Nov 05	Inference Cloud traction	Positive	+1.4%	Reported early demand for Akamai Inference Cloud across several AI use cases.
Oct 28	Inference Cloud launch	Positive	+0.3%	Launched Akamai Inference Cloud built on NVIDIA Blackwell at the edge.
Apr 29	AI security product	Positive	+1.0%	Introduced Firewall for AI and API LLM Discovery to secure AI applications.

Pattern Detected

AI-tagged announcements have usually produced modest gains, with 4 of 5 prior events closing higher and one seeing a small decline.

Recent Company History

Over the past year, Akamai has steadily built an AI and security narrative. Launches like Akamai Inference Cloud and the distributed NVIDIA Blackwell GPU platforms on Oct 28, 2025 and Mar 3, 2026 delivered positive price reactions. Even detailed AI contract disclosures and early traction updates generally supported small gains. Today’s AI-focused security report extends that storyline by emphasizing how APIs and DDoS threats intersect with enterprise AI adoption, complementing earlier AI platform and protection launches.

Historical Comparison

+1.1% avg move · Past 5 AI-tagged headlines averaged a 1.07% move. Today’s -2.07% reaction is weaker than that patter...

AI

+1.1%

Average Historical Move AI

Past 5 AI-tagged headlines averaged a 1.07% move. Today’s -2.07% reaction is weaker than that pattern, suggesting this risk-focused AI security update was treated differently than prior growth-centric AI launches.

AI news has evolved from launching Firewall for AI, to rolling out Inference Cloud at the edge, to deploying large NVIDIA Blackwell GPU clusters. This report adds a data-driven view of securing the APIs underpinning that AI infrastructure.

Market Pulse Summary

This announcement highlights Akamai’s view that APIs have become the primary attack surface for ente...

Analysis

This announcement highlights Akamai’s view that APIs have become the primary attack surface for enterprises pursuing AI transformation, with Layer 7 DDoS attacks up 104% and daily API attacks up 113%. It reinforces the strategic link between Akamai’s AI initiatives and its security franchise. In context of prior AI launches and contracts, investors may watch whether the company translates these threat trends into product adoption, revenue growth, and continued traction for its application and API security offerings.

Key Terms

apis, ddos, layer 7, botnets, +1 more

5 terms

apis technical

"APIs — long overlooked as a point of vulnerability — have become the primary attack surface."

APIs are sets of rules that let different software systems talk to each other, like standardized doorways that let apps, data services and websites exchange information without needing to be rebuilt each time. For investors, APIs matter because they speed product development, enable digital partnerships and data feeds, create new revenue or cost savings, and introduce operational or security dependencies that can affect growth and risk.

ddos technical

"Layer 7 DDoS activity into scalable, cost-efficient operations to disrupt availability"

A DDoS (distributed denial-of-service) attack is when many compromised computers or devices artificially flood a company's online systems with traffic so legitimate users cannot access websites, apps, or services. For investors, DDoS episodes can disrupt sales, damage customer trust, and expose weaknesses in a company's security — like a traffic jam that shuts down a city's main highway, revealing costs and operational risks that can affect revenue and stock value.

layer 7 technical

"Layer 7 DDoS activity into scalable, cost-efficient operations to disrupt availability"

Layer 7 is the top level of network communication that handles the actual applications people use, like web browsers, mobile apps, and online services — think of it as the front desk where requests from users are processed. For investors, Layer 7 matters because problems or improvements here directly affect user experience, security (such as blocking malicious traffic), and the functionality of online products, which can influence customer retention, costs, and revenue.

botnets technical

"availability of rentable botnets.The 104% spike in Layer 7 DDoS attacks"

A botnet is a network of internet-connected devices that have been secretly taken over by criminals and are controlled remotely to carry out coordinated attacks or fraud. Think of it like a fleet of hijacked cars driven by a remote operator to block highways or steal goods; for investors, botnets can cause costly outages, data breaches, lost sales, regulatory fines and reputational damage that can quickly reduce a company’s revenue and share price.

agentic ai technical

"guest column that explores defenses against emerging agentic AI threats, along"

Agentic AI refers to computer systems that can make their own decisions and take actions without needing someone to tell them what to do each time. It's like giving a robot a degree of independence to solve problems or achieve goals on its own, which matters because it could change how we work and interact with technology in everyday life.

AI-generated analysis. Not financial advice.

Cybercriminals follow enterprise AI investment, exploiting APIs as the fastest path to scale, disruption, and profit

CAMBRIDGE, Mass., March 17, 2026 (GLOBE NEWSWIRE) -- Akamai (NASDAQ: AKAM) today released its 2026 Apps, APIs, and DDoS State of the Internet (SOTI) report, highlighting a decisive shift in the threat landscape. Attackers are now industrializing their methods and targeting the infrastructure that fuels business growth and AI transformation.

As organizations accelerate AI adoption, APIs — long overlooked as a point of vulnerability — have become the primary attack surface. Akamai researchers have observed attacks evolve into coordinated campaigns that consistently blend API abuse, web application attacks, and Layer 7 DDoS activity into scalable, cost-efficient operations to disrupt availability and drive financial impact. Wherever investment concentrates, risk follows. APIs have become the foundation of AI transformation, and securing AI means securing APIs.

The report data underscores the scale of this industrialization:

• Layer 7 DDoS attacks surged 104% over the past two years.
• 87% of surveyed organizations reported experiencing an API-related security incident in 2025.
• Web application attacks rose sharply, climbing 73% between 2023 and 2025.
• The average number of daily API attacks rose 113% year over year.

“Attackers increasingly focus on degrading performance, driving up infrastructure costs, and exploiting AI-driven automation at scale, rather than seeking headline-grabbing campaigns,” said Patrick Sullivan, CTO of Security Strategy at Akamai. “Automation and AI are making these sophisticated campaigns cheap, repeatable, and fast. And as enterprises invest heavily in AI transformation, attackers are targeting the APIs that power that transformation.”

The report also finds that application and API security are now inseparable, though many organizations still manage them as distinct challenges. Treating them as separate problems creates visibility gaps that attackers need to successfully exploit them as a single attack vector.

Additional key findings include:

• “Vibe coding” is introducing new vulnerabilities and misconfigurations that often reach production without adequate testing.
• Hacktivist-driven DDoS activity continues to rise as politically motivated actors adapt to shifting global tensions and the increasing availability of rentable botnets.
• The 104% spike in Layer 7 DDoS attacks is fueled by easy access to botnets through DDoS-for-hire services and AI-enabled attack scripts that simplify targeting of APIs and web applications.
• “Super botnets” such as Aisuru and Kimwolf, evolved from Mirai’s original architecture, now power DDoS as a service (DDoSaaS) ecosystems used by both cybercriminal and hacktivist groups.

The 2026 Apps, APIs, and DDoS SOTI report also includes a deep dive on regional attack trends, expert insight into the economics of modern internet attacks, and a guest column that explores defenses against emerging agentic AI threats, along with practical mitigation strategies.

Now in their 12th year, Akamai’s SOTI reports continue to offer critical insights on cybersecurity trends and web performance, drawn from attacks viewed across Akamai’s cybersecurity protective infrastructure, which handles a significant portion of global web traffic.

To learn more, please stop by Akamai’s booth N-6245 at this year’s RSA Conference.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

Contacts
Akamai Media Relations
akamaipr@akamai.com

FAQ

What did Akamai report about APIs being an attack surface in March 2026 (AKAM)?

APIs are now the primary attack surface, driven by AI adoption and exposure of API endpoints. According to Akamai, API abuse blends with web attacks and Layer 7 DDoS to create coordinated, scalable campaigns that target AI infrastructure and operations.

How much did Layer 7 DDoS attacks increase according to Akamai's 2026 SOTI report (AKAM)?

Layer 7 DDoS attacks rose 104% over the past two years, indicating rapid escalation. According to Akamai, this spike is fueled by DDoS-for-hire services, rentable botnets, and AI-enabled attack scripts that simplify targeting.

What API incident frequency did Akamai find for organizations in 2025 (AKAM)?

Eighty-seven percent of surveyed organizations experienced an API-related security incident in 2025. According to Akamai, this high prevalence shows widespread API exposure and the need to integrate API and application security practices urgently.

How did daily API attacks change year-over-year in Akamai's March 2026 report (AKAM)?

The average number of daily API attacks increased 113% year over year, reflecting rapid growth. According to Akamai, automation and AI are lowering attacker costs and enabling high-frequency, targeted API campaigns at scale.

What role do "super botnets" play in the threat landscape described by Akamai (AKAM)?

"Super botnets" like Aisuru and Kimwolf power DDoS-as-a-service ecosystems used by criminals and hacktivists. According to Akamai, these evolved architectures increase attack capacity and make large-scale API targeting more accessible and affordable.

What mitigation focus does Akamai recommend for securing AI initiatives and APIs (AKAM)?

Secure AI by securing APIs and treating application and API security as a single problem. According to Akamai, closing visibility gaps and deploying combined mitigation strategies reduces exploitation opportunities and operational disruption.