STOCK TITAN

Akamai Research: Commerce Becomes the Epicenter for AI Bot Attacks and Agentic Fraud in 2026

(Neutral)
(Negative)
Tags
AI

Akamai (NASDAQ: AKAM) published its latest State of the Internet security report, “Securing the Agentic Storefront: Attacks on Commerce,” showing commerce has become the most targeted industry for cyberattacks amid rising use of autonomous AI tools and agentic commerce.

As of December 2025, 47.9% of all commerce traffic across Akamai’s network consisted of AI bots, driven largely by AI training crawlers, with OpenAI, ByteDance, and Anthropic identified as the three most observed bots. Web attacks on APIs rose 9% year over year, and an Akamai study found 85% of commerce respondents had at least one API-related incident, while only 22% knew which APIs exposed sensitive data. Commerce endured nearly 3 trillion Layer 7 DDoS attacks in 2025, with retail absorbing 84% of that volume.

From November 2025 to April 2026, malware accounted for 56.5% of endpoint threat activity and phishing 37.6%; average daily phishing volumes for commerce customers jumped from 56,600 in February to 134,600 in April. Regionally, bot activity rose modestly in North America and EMEA (7% and 16%), but surged in APAC and LATAM (63% and 48%), with APAC’s travel and loyalty sectors heavily targeted. Akamai recommends mapping API revenue chains, adopting risk-based bot governance, implementing microsegmentation, and aligning cybersecurity with fraud teams using behavioral biometrics and automated account protections.

Loading...
Loading translation...

AI-generated analysis. How Rhea-AI works. Not financial advice.

Positive

  • None.

Negative

  • None.

Market Context

Viewed against Akamai’s AI-tagged history, where past announcements have produced both gains and a -...
Analysis

Viewed against Akamai’s AI-tagged history, where past announcements have produced both gains and a -6.25% drop, this new report slots into an already active AI narrative. Platform data also flags moderate short positioning and recent net insider selling as background risks to monitor.

Key Figures

AI bot share of commerce traffic: 47.9% AI training crawler share: more than 70% API attack growth: 9% +5 more
8 metrics
AI bot share of commerce traffic 47.9% Commerce traffic across Akamai’s global network as of December 2025
AI training crawler share more than 70% Portion of AI bot triggers in commerce driven by LLM development
API attack growth 9% Year-over-year rise in web attacks targeting APIs
API incident prevalence 85% Commerce respondents with at least one API-related incident in past year
API sensitive-data visibility 22% Commerce respondents who know which APIs expose sensitive data
Layer 7 DDoS volume nearly 3 trillion Layer 7 DDoS attacks targeting commerce in 2025
Retail share of Layer 7 DDoS 84% Portion of commerce Layer 7 DDoS volume hitting retail vertical
Malware and phishing mix 56.5% malware, 37.6% phishing Endpoint threat activity between November 2025 and April 2026

Previous AI Reports

5 past events · Latest: Jun 15 (Neutral)
Same Type 5 events
Date Event Sentiment 24h Move Catalyst
Jun 15 AI security framework Neutral +0.8% Launch of unified agentic security framework for AI-driven interactions and commerce.
Jun 02 AI security partnership Neutral +4.1% Expanded NVIDIA collaboration to embed Guardicore Segmentation into BlueField-4 for AI factories.
May 19 AI brand product launch Neutral -6.3% Launch of AI Brand Presence tool to optimize content for AI search and agentic traffic.
Apr 28 API security survey Neutral -0.5% Release of API Security Impact Survey highlighting rising AI-driven API risks.
Apr 08 AI bot activity report Neutral +1.9% State of the Internet report on 300% AI bot surge and publisher exposure.

24h Move is the share-price change in the day after each event; other market factors may also have contributed.

Key Terms

ddos, layer 7, api, large language models, +2 more
6 terms
ddos technical
"the industry continues to suffer a relentless barrage of application-layer distributed denial-of-service (DDoS) activity"
A DDoS (distributed denial-of-service) attack is when many compromised computers or devices artificially flood a company's online systems with traffic so legitimate users cannot access websites, apps, or services. For investors, DDoS episodes can disrupt sales, damage customer trust, and expose weaknesses in a company's security — like a traffic jam that shuts down a city's main highway, revealing costs and operational risks that can affect revenue and stock value.
layer 7 technical
"application-layer (Layer 7) distributed denial-of-service (DDoS) activity"
Layer 7 is the top level of network communication that handles the actual applications people use, like web browsers, mobile apps, and online services — think of it as the front desk where requests from users are processed. For investors, Layer 7 matters because problems or improvements here directly affect user experience, security (such as blocking malicious traffic), and the functionality of online products, which can influence customer retention, costs, and revenue.
api technical
"narrowing of the gap between traditional application attacks and API-targeted exploits"
An API, or Application Programming Interface, is a set of rules that allows different software programs to communicate and work together smoothly, much like a waiter translating your order into the kitchen and then bringing your meal back. For investors, APIs are important because they enable real-time access to financial data, trading systems, and other digital services, making it easier to make informed decisions quickly and efficiently.
large language models technical
"They are also deploying large language models (LLMs) to create synthetic identity fraud"
Large language models are advanced AI systems trained on vast amounts of text to understand and generate human-like writing, like a very fast reader and writer that learns patterns in words and sentences. They matter to investors because they can change how companies operate—automating customer service, speeding analysis, cutting costs, creating new products—and they introduce risks around accuracy, security and regulation that can affect a firm’s revenue and reputation.
microsegmentation technical
"Minimize the blast radius: Implement microsegmentation to eliminate lateral movement."
Microsegmentation is the practice of dividing a larger group—such as customers, network devices, or data access—into many very small, specific segments based on behavior, risk, or needs. For investors, it matters because it can improve security and efficiency (like locking individual rooms instead of just the front door) and enable more precise marketing or cost control, potentially reducing losses and raising revenue per customer.
multi-factor authentication technical
"deploy real-time behavioral biometrics, risk-based multi-factor authentication, and automated kill switches"
A security method that requires users to prove their identity in two or more different ways before accessing accounts or systems, such as combining a password with a one-time code sent to a phone or a fingerprint. For investors, it reduces the risk of unauthorized access to sensitive accounts, lowers chances of fraud or data breaches, and helps protect a company’s financials and reputation—similar to needing both a key and a fingerprint to open a safe.

AI-generated analysis. How Rhea-AI works. Not financial advice.

See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google
Add on Google

Commerce faces rising AI bot activity, escalating DDoS attacks, and new fraud tactics

CAMBRIDGE, Mass., July 15, 2026 (GLOBE NEWSWIRE) -- An evolution toward agentic commerce and autonomous AI tools has made commerce the world’s most targeted industry by cybercriminals, according to the latest Akamai (NASDAQ: AKAM) State of the Internet (SOTI) security report, Securing the Agentic Storefront: Attacks on Commerce.

The report highlights that, as of December 2025, nearly half (47.9%) of all commerce traffic across Akamai’s global network now consists of AI bots. Furthermore, the industry continues to suffer a relentless barrage of application-layer (Layer 7) distributed denial-of-service (DDoS) activity, malicious web application exploits, and a dangerous narrowing of the gap between traditional application attacks and API-targeted exploits.

“We are securing a digital frontier where the ‘customer’ is increasingly an AI agent operating on behalf of the human user,” said Patrick Sullivan, Chief Technology Officer of Security Strategy at Akamai. “This report reveals how and why security leaders must embrace ‘agentic readiness,’ to architect sites that welcome legitimate AI while aggressively shutting down malicious bots.”

Additional key findings include:

  • The rise of agentic commerce fraud: Autonomous AI shopping agents are creating a signal masking problem by perfectly mimicking human microbehaviors, according to guest contributor Pam Lindemoen, Chief Security Officer and Vice President of Strategy at RH-ISAC. Threat actors are now using agent hijacking tactics to compromise legitimate AI assistants and abuse stored payment credentials. They are also deploying large language models (LLMs) to create synthetic identity fraud in the form of “Frankenstein” accounts that easily bypass static defenses.

  • The unchecked influx of AI bots: Driven by LLM development, AI training crawlers account for more than 70% of AI bot triggers in commerce. OpenAI, ByteDance, and Anthropic rank as the top three AI bots observed. Commerce organizations placed more than 90% of their AI bot activity in the “monitor” category but allowed three-quarters of the remaining activity to pass unrestricted, exposing themselves to underlying risks.

  • API exposure and vulnerabilities: Web attacks targeting APIs rose by 9% year over year. In fact, Akamai’s 2026 API Security Impact Study revealed that 85% of commerce respondents experienced at least one API-related incident in the past year, yet only 22% know which of their APIs expose sensitive data.

  • Layer 7 DDoS attacks escalate: Commerce was targeted by Layer 7 DDoS attacks nearly 3 trillion times in 2025, with the retail vertical bearing 84% of that volume. Attackers are using HTTP botnets to flood APIs during high-stakes holiday surges and exhaust app servers and halt sales.

  • Industrialized phishing and malware pipelines: Between November 2025 and April 2026, malware represented 56.5% of observed endpoint threat activity, followed by phishing at 37.6%. Average daily phishing volume across commerce customers skyrocketed from 56,600 in February to 134,600 in April, serving as the primary raw material powering account takeover (ATO) and loyalty point theft.

Regional trends

Automated bot activity and web attacks varied by region:

  • North America and EMEA: These mature markets saw modest bot increases (7% and 16%, respectively) but significant holiday-driven web attacks, with North America leading AI bot activity with 33 billion counts.

  • APAC and LATAM: Bot activity surged by 63% in APAC and 48% in LATAM. APAC’s fragmented travel market and loyalty programs made it a primary target for bot and Layer 7 DDoS attacks.

Mitigation strategies

To effectively counter these evolving threats, Securing the Agentic Storefront: Attacks on Commerce provides a strategic roadmap for CISOs. Recommendations include:

  • Map the revenue chain: Continuously discover and inventory the API estate to clear up critical visibility gaps regarding sensitive data exposure.

  • Govern automation: Move away from binary “allow/block” models toward risk-based governance that categorizes bots by intent and business value.

  • Minimize the blast radius: Implement microsegmentation to eliminate lateral movement. Although 92% of organizations use basic network segmentation, only 35% have progressed to true microsegmentation.

  • Establish cooperative resilience: Integrate cybersecurity and fraud prevention teams to deploy real-time behavioral biometrics, risk-based multi-factor authentication, and automated kill switches to freeze compromised accounts instantly.

Now in their 12th year, Akamai SOTI Security reports continue to offer critical insights on cybersecurity trends and web performance, drawn from attacks viewed across Akamai’s cybersecurity protective infrastructure, which handles a significant portion of global web traffic.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

Contacts
Akamai Media Relations
akamaipr@akamai.com

Akamai Investor Relations
invrel@akamai.com


FAQ

What did Akamai (NASDAQ: AKAM) report about AI bot traffic in commerce for 2025?

Akamai reported that by December 2025, 47.9% of commerce traffic across its network was AI bots. According to Akamai, AI training crawlers driven by large language model development accounted for over 70% of AI bot triggers in commerce environments.

How many Layer 7 DDoS attacks against commerce did Akamai measure in 2025?

Akamai observed nearly 3 trillion Layer 7 DDoS attacks targeting commerce in 2025. According to Akamai, the retail segment absorbed 84% of this volume, with HTTP botnets often flooding APIs during major holiday periods to disrupt applications and halt sales.

What API security risks did Akamai highlight for commerce organizations in its 2026 report?

Akamai highlighted that web attacks on APIs rose 9% year over year and 85% of commerce respondents experienced at least one API-related incident. According to Akamai, only 22% of these organizations knew which APIs exposed sensitive data, underscoring significant visibility gaps.

How are phishing and malware affecting commerce customers according to Akamai’s 2026 findings?

Akamai found that from November 2025 to April 2026, malware made up 56.5% of endpoint threats and phishing 37.6%. According to Akamai, average daily phishing volume rose from 56,600 in February to 134,600 in April, fueling account takeover and loyalty fraud.

What mitigation strategies does Akamai recommend for AI bot and agentic fraud in commerce?

Akamai recommends mapping the API-driven revenue chain, shifting to risk-based bot governance, and implementing microsegmentation. According to Akamai, organizations should also align cybersecurity and fraud teams, using behavioral biometrics, risk-based MFA, and automated kill switches to contain compromised accounts quickly.