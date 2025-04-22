Surge correlates with accelerated adoption of AI-powered applications

CAMBRIDGE, Mass., April 22, 2025 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM ), the cybersecurity and cloud computing company that powers and protects business online, today released a new State of the Internet (SOTI) report that finds there were 311 billion web attacks in 2024, representing a 33% year-over-year increase. State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain notes the surge in these attacks correlates to the rapid adoption of artificial intelligence (AI) applications, which expand attack surfaces and introduce new security challenges.

The report also finds that APIs have emerged as primary targets, with Akamai documenting 150 billion API attacks from January 2023 through December 2024. The AI API market is growing rapidly and the integration of AI-driven tools with core platforms via APIs has substantially expanded this attack surface. The majority of AI-powered APIs are externally accessible and many rely on inadequate authentication mechanisms, a vulnerability compounded by the growing array of AI-driven attacks targeting them. Akamai notes that AI-powered APIs are even more vulnerable than their counterparts as AI fuels technical advancements for threat actors.

In addition, Akamai documents a dramatic rise in Layer 7 (application-layer) distributed denial-of-service (DDoS) attacks against web applications and APIs. Quarterly attack volumes increased 94% year-over-year between Q1 2023 and Q4 2024. In early 2023, Akamai observed monthly numbers of 500 billion, which rose to 1.1 trillion in one month by December 2024. This growth is due to the growing sophistication of bot-driven attacks, the persistence of HTTPS flooding as a primary attack vector, and the prevalence of Layer 7 DDoS attacks targeting the high technology industry.

There were more than 230 billion web attacks targeting commerce organizations, making it the most impacted industry. This is nearly triple the number of attacks experienced by high technology (the second most attacked sector).

There were 7 trillion Layer 7 DDoS attacks targeting the high technology sector from January 2023 through December 2024, making it the most affected industry.

OWASP API Security Top 10–related incidents increased 32%, revealing authentication and authorization flaws that expose sensitive data and functionality.

Growth in security alerts related to the MITRE security framework are up 30% as attackers are using advanced techniques such as automation and AI to exploit APIs. Shadow and zombie APIs present particularly vulnerable attack vectors within increasingly complex API ecosystems.

State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain also contains a security spotlight on an API attack against an ecommerce company, an explanation of the differences between web and API attacks, regional and industry attack data, and recommended mitigation strategies. The report provides unique insights on risk scoring and technical methods that are designed to assist frontline defenders.

"AI is transforming web and API security, enhancing threat detection but also creating new challenges," said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. "This report is a must read to understand what's driving the shift and how defenders can stay ahead with the right mitigation strategies."

This is the 11th year of Akamai's SOTI reports. The SOTI series provides expert insights on cybersecurity and web performance and is based on data gathered from our network infrastructure, which processes more than one-third of global web traffic.

