Posted by Bengaluru: AI-powered APIs or applications have become the new security threat and posing major challenges to organisations and businesses globally. In 2024, the APJ region recorded a total of 51 billion web application attacks, up from 29 billion in 2023, according to Akamai Research report. The surge is closely tied to the rapid adoption of AI applications, which are expanding the attack surface and increasing the complexity of cyberattacks.
The new Akamai Research report titled – State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain revealed that the Asia Pacific and Japan (APJ) region experienced a 73% increase in web application attacks year-over-year. It’s the highest percentage increase globally – underscoring the need to protect web applications and APIs amidst the rapid growth and adoption of artificial intelligence (AI).
The countries most targeted by web and API attacks in APJ were Australia (20.3 billion), India (17.3 billion) and Singapore (15.9 billion); followed by Japan (6.3 billion), China (6.2 billion), South Korea (4.9 billion), New Zealand (2.9 billion), and Hong Kong SAR (2.2 billion).
Across APJ, the most attacked industries were financial services, with over 27 billion web attacks, followed by commerce, with over 18 billion web attacks, which correlates with these industries’ accelerated adoption of emerging technologies such as AI.
The number of web and API attacks in APJ contributed to the 311 billion web application attacks globally in 2024, representing a 33% year-over-year increase. At the heart of this year’s findings is the growing threat to APIs, which are increasingly used to integrate AI-driven tools with core platforms.
Akamai documented 150 billion API attacks globally between January 2023 and December 2024 as threat actors exploited authentication gaps and automation-friendly attack vectors. AI-powered APIs or applications are especially at risk due to their external accessibility and often inadequate authentication measures.
APJ the Second Most Targeted Region for Layer 7 DDoS Attacks
The report also revealed a 94% increase in Layer 7 (application layer) DDoS attacks during the same period to 7 trillion attacks globally, with the high-technology sector being the most impacted industry. Monthly attacks rose from just over 500 billion in early 2023 to more than 1.1 trillion by the end of 2024. HTTP floods remained the leading Layer 7 DDoS threat, targeting web apps and APIs with persistent severity.
The growth trend is also evident in APJ as the region saw a 66% year-over-year growth in Layer 7 DDoS attacks – the second most targeted region globally – and reached a 24-month high, peaking at 504 billion in December 2024. The region experienced 7.4 trillion attacks over the two years, with Singapore recording 4.7 trillion attacks followed by India (1.1 trillion) and South Korea (607 billion). The report also revealed that digital media platforms, including social media channels, and commerce were the most impacted sectors in APJ.
“The surge in web and API attacks across APJ reflects more than just the region’s rapid digital adoption, it also underscores the urgent need for cybersecurity to evolve rapidly with the growing integration of AI into enterprise ecosystems. As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly,” said Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies APJ.
“This SOTI report will also dive into practical mitigation strategies on how organisations can better protect themselves against evolving threats,” added Koh.