Akamai Research: Commerce Becomes the Epicenter for AI Bot Attacks and Agentic Fraud in 2026
Rhea-AI Summary
Akamai (NASDAQ: AKAM) published its latest State of the Internet security report, “Securing the Agentic Storefront: Attacks on Commerce,” showing commerce has become the most targeted industry for cyberattacks amid rising use of autonomous AI tools and agentic commerce.
As of December 2025, 47.9% of all commerce traffic across Akamai’s network consisted of AI bots, driven largely by AI training crawlers, with OpenAI, ByteDance, and Anthropic identified as the three most observed bots. Web attacks on APIs rose 9% year over year, and an Akamai study found 85% of commerce respondents had at least one API-related incident, while only 22% knew which APIs exposed sensitive data. Commerce endured nearly 3 trillion Layer 7 DDoS attacks in 2025, with retail absorbing 84% of that volume.
From November 2025 to April 2026, malware accounted for 56.5% of endpoint threat activity and phishing 37.6%; average daily phishing volumes for commerce customers jumped from 56,600 in February to 134,600 in April. Regionally, bot activity rose modestly in North America and EMEA (7% and 16%), but surged in APAC and LATAM (63% and 48%), with APAC’s travel and loyalty sectors heavily targeted. Akamai recommends mapping API revenue chains, adopting risk-based bot governance, implementing microsegmentation, and aligning cybersecurity with fraud teams using behavioral biometrics and automated account protections.
AI-generated analysis. How Rhea-AI works. Not financial advice.
Positive
- None.
Negative
- None.
Key Figures
Previous AI Reports
| Date | Event | Sentiment | 24h Move | Catalyst |
|---|---|---|---|---|
| Jun 15 | AI security framework | Neutral | +0.8% | Launch of unified agentic security framework for AI-driven interactions and commerce. |
| Jun 02 | AI security partnership | Neutral | +4.1% | Expanded NVIDIA collaboration to embed Guardicore Segmentation into BlueField-4 for AI factories. |
| May 19 | AI brand product launch | Neutral | -6.3% | Launch of AI Brand Presence tool to optimize content for AI search and agentic traffic. |
| Apr 28 | API security survey | Neutral | -0.5% | Release of API Security Impact Survey highlighting rising AI-driven API risks. |
| Apr 08 | AI bot activity report | Neutral | +1.9% | State of the Internet report on 300% AI bot surge and publisher exposure. |
24h Move is the share-price change in the day after each event; other market factors may also have contributed.
Key Terms
ddos technical
layer 7 technical
api technical
large language models technical
microsegmentation technical
multi-factor authentication technical
AI-generated analysis. How Rhea-AI works. Not financial advice.
Commerce faces rising AI bot activity, escalating DDoS attacks, and new fraud tactics
CAMBRIDGE, Mass., July 15, 2026 (GLOBE NEWSWIRE) -- An evolution toward agentic commerce and autonomous AI tools has made commerce the world’s most targeted industry by cybercriminals, according to the latest Akamai (NASDAQ: AKAM) State of the Internet (SOTI) security report, Securing the Agentic Storefront: Attacks on Commerce.
The report highlights that, as of December 2025, nearly half (
“We are securing a digital frontier where the ‘customer’ is increasingly an AI agent operating on behalf of the human user,” said Patrick Sullivan, Chief Technology Officer of Security Strategy at Akamai. “This report reveals how and why security leaders must embrace ‘agentic readiness,’ to architect sites that welcome legitimate AI while aggressively shutting down malicious bots.”
Additional key findings include:
- The rise of agentic commerce fraud: Autonomous AI shopping agents are creating a signal masking problem by perfectly mimicking human microbehaviors, according to guest contributor Pam Lindemoen, Chief Security Officer and Vice President of Strategy at RH-ISAC. Threat actors are now using agent hijacking tactics to compromise legitimate AI assistants and abuse stored payment credentials. They are also deploying large language models (LLMs) to create synthetic identity fraud in the form of “Frankenstein” accounts that easily bypass static defenses.
- The unchecked influx of AI bots: Driven by LLM development, AI training crawlers account for more than
70% of AI bot triggers in commerce. OpenAI, ByteDance, and Anthropic rank as the top three AI bots observed. Commerce organizations placed more than90% of their AI bot activity in the “monitor” category but allowed three-quarters of the remaining activity to pass unrestricted, exposing themselves to underlying risks. - API exposure and vulnerabilities: Web attacks targeting APIs rose by
9% year over year. In fact, Akamai’s 2026 API Security Impact Study revealed that85% of commerce respondents experienced at least one API-related incident in the past year, yet only22% know which of their APIs expose sensitive data. - Layer 7 DDoS attacks escalate: Commerce was targeted by Layer 7 DDoS attacks nearly 3 trillion times in 2025, with the retail vertical bearing
84% of that volume. Attackers are using HTTP botnets to flood APIs during high-stakes holiday surges and exhaust app servers and halt sales. - Industrialized phishing and malware pipelines: Between November 2025 and April 2026, malware represented
56.5% of observed endpoint threat activity, followed by phishing at37.6% . Average daily phishing volume across commerce customers skyrocketed from 56,600 in February to 134,600 in April, serving as the primary raw material powering account takeover (ATO) and loyalty point theft.
Regional trends
Automated bot activity and web attacks varied by region:
- North America and EMEA: These mature markets saw modest bot increases (
7% and16% , respectively) but significant holiday-driven web attacks, with North America leading AI bot activity with 33 billion counts. - APAC and LATAM: Bot activity surged by
63% in APAC and48% in LATAM. APAC’s fragmented travel market and loyalty programs made it a primary target for bot and Layer 7 DDoS attacks.
Mitigation strategies
To effectively counter these evolving threats, Securing the Agentic Storefront: Attacks on Commerce provides a strategic roadmap for CISOs. Recommendations include:
- Map the revenue chain: Continuously discover and inventory the API estate to clear up critical visibility gaps regarding sensitive data exposure.
- Govern automation: Move away from binary “allow/block” models toward risk-based governance that categorizes bots by intent and business value.
- Minimize the blast radius: Implement microsegmentation to eliminate lateral movement. Although
92% of organizations use basic network segmentation, only35% have progressed to true microsegmentation. - Establish cooperative resilience: Integrate cybersecurity and fraud prevention teams to deploy real-time behavioral biometrics, risk-based multi-factor authentication, and automated kill switches to freeze compromised accounts instantly.
Now in their 12th year, Akamai SOTI Security reports continue to offer critical insights on cybersecurity trends and web performance, drawn from attacks viewed across Akamai’s cybersecurity protective infrastructure, which handles a significant portion of global web traffic.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contacts
Akamai Media Relations
akamaipr@akamai.com
Akamai Investor Relations
invrel@akamai.com