Akamai has published a new report on the Internet status (Soti) that includes 311,000 million web attacks perpetrated in 2024, which represents an annual increase of 33%. In the study state of the security of API and applications 2025: how AI changes the digital panorama, it points to the rapid adoption of applications with artificial intelligence (AI) as a reason for this peak, as the attack surface increases and new security challenges are generated.

In the report, it is revealed that APIs have become critical objectives. 150,000 million attacks have been documented between January 2023 and December 2024. The API market with Grow at high speed, as with the attack surface. This is due to the integration of tools with this technology into key platforms using API. Most APIs based on AI are extremely accessible and many use inappropriate authentication mechanisms, a vulnerability that is aggravated with the growing variety of attacks that stalk them. Akamai points out that this type of API is more vulnerable than the rest, since AI is a technological advantage for cybercriminals.

Most APIs based on AI are extremely accessible and many use inappropriate authentication mechanisms

In addition, it highlights the significant increase in distributed attacks of service denial (DDOS) to layer 7 (application layer) against web and API applications. The volumes of quarterly attacks increased 94% between the first quarter of 2023 and the fourth quarter of 2024. At the beginning of 2023, monthly figures of 500,000 million were recorded, which amounted to 1,100,000 million by December 2024. This increase is due to a greater sophistication of bot -based attacks and the prevalence of DDos of layer 7 aimed at the technological sector.

In addition, the report includes the following key data:

  • There were more than 230,000 million web attacks aimed at the trade sector, the most affected. It is almost triple attacks that the technological sector experienced (the second on this list).
  • The latter suffered 7 billion attacks on layer 7 between January 2023 and December 2024, which suffered the most threats of this type.
  • Incidents related to the 10 main security vulnerabilities of Owasp API increased by 32%, which points to failures in authentication and authorization that reveal data and sensitive functions.
  • Alerts related to the miter security framework increased by 30%, because attackers use advanced techniques with automation and against APIs.
  • API zombies and shadow have especially vulnerable attack vectors in increasingly complex API ecosystems.

In the study state of the security of API and applications 2025: how AI changes the digital panorama, key data on an API attack against an electronic commerce company is also known, the differences between web attacks and API are explained, data is presented by regions and sectors, and mitigation strategies are recommended. Unique data on risk score and technical methods designed to help first -line defenders are also offered.

“IA is transforming the security of the web and API, improving the detection of threats and revealing new challenges”Francisco Arnau, regional vice president of Akamai for Spain and Portugal points out. “This report is fundamental to understand the catalysts of this change and how to anticipate attacks with relevant mitigation strategies.”

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.