Across Asia-Pacific, organizations are rapidly embedding AI into core digital services such as customer care, financial management and supply chain automation. This shift is increasing dependence on APIs, which are also becoming a growing security risk. New APAC findings from Akamai’s 2026 Apps, APIs and DDoS State of the Internet report suggest that API security maturity is lagging behind the pace of AI-led innovation, exposing a critical layer of the region’s digital infrastructure.

In 2025, Akamai observed nearly 65 billion web application and API attacks in APAC, a 23% year-on-year increase. Globally, daily API attacks saw triple-digit growth, and 87% of surveyed organizations reported experiencing an API-related security incident in 2025.

Layer 7 DDoS attacks also rose sharply, increasing 104% globally over the past two years. Unlike volumetric attacks that target bandwidth, Layer 7 attacks disrupt the application processes that handle user requests. Because APIs operate at this same layer, such attacks can directly affect digital services and transactions.

The report also points to a change in attack patterns. In APAC, 61% of API attacks in 2025 involved unauthorized workflows and abnormal activity, indicating a shift toward business logic abuse. Rather than exploiting only technical flaws, attackers are increasingly misusing applications through activities such as transaction automation, data scraping, or repeated legitimate API calls that disrupt services or consume AI resources. AI-powered bots are also targeting APIs by mimicking legitimate traffic and evading traditional defenses.

Retail and financial services remain among the most targeted sectors because of their heavy reliance on APIs for digital payments and cross-border services. Telecommunications and high-technology sectors are also seeing rising pressure as they expand API-driven offerings.

The report notes that the risks vary across APAC markets. In highly digitized economies such as Singapore and Japan, the large number of APIs has increased the attack surface, making visibility a major challenge. In emerging digital economies such as Vietnam and Thailand, rapid digitization is outpacing security capabilities, with limited local cybersecurity talent adding to the risk.

At the same time, AI-assisted low-code development is accelerating the creation of applications and APIs. While this speeds up development, it can also introduce misconfigurations or insecure defaults that reach production without enough oversight. The result is a broader and more complex API environment, creating more opportunities for attackers if security controls do not keep pace.

The report also highlights India as one of the more heavily targeted markets in Asia-Pacific for AI bot activity and application-layer DDoS attacks, reflecting the scale of the country’s digital expansion. As sectors such as financial services, retail, commerce and technology continue to expand their use of AI and APIs, API visibility and security are becoming increasingly important for resilience and trust in digital services.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!