TALKING POINT
RESEARCH FINDS AI ACCELERATION IN APAC EXPOSES GROWING API SECURITY GAP
Across Asia-Pacific( APAC), organisations are racing to embed Artificial Intelligence( AI) into core digital services – from customer care to financial management and supply chain automation. However, this‘ AI-first’ momentum is built upon a foundation of APIs( Application Programming Interfaces) that are increasingly under attack. According to new APAC insights from Akamai’ s 2026 Apps, APIs and DDoS State of the Internet( SOTI) report, this growing dependence is creating a widening security gap. While innovation is advancing at speed, API security maturity is lagging, exposing a critical layer at the centre of the region’ s digital growth. The consequences of this gap are already being felt across the region, where businesses have reported experiencing measurable financial and operational impacts.
In 2025 alone, Akamai observed nearly 65 billion web application and API attacks in APAC, a 23 % year-over-year increase. Globally, Akamai observed triple-digit growth in daily API attacks, highlighting the scale and consistency of pressure
facing organisations across the region. A large portion( 87 %) of surveyed organisations globally also reported experiencing an API-related security incident in 2025.
Layer 7 DDoS attacks are also tracking significant growth, surging 104 % globally over the past two years. Unlike traditional volumetric or‘ brute force’ attacks that overwhelm network bandwidth, Layer 7 attacks target the very processes that handle user requests. Given that APIs operate at this same layer, these attacks can directly disrupt the digital services and transactions that organisations rely on.
The nature of attacks is also changing. In APAC, 61 % of API attacks in 2025 involved unauthorised workflows and abnormal activity, signalling a shift towards business logic abuse. This means that rather than exploiting technical vulnerabilities, attackers are increasingly manipulating applications in ways not intended.
Retail and financial services remain leading targets due to their heavy reliance on APIs to power digital payments and crossborder services. Telecommunications and high-technology sectors are also experiencing rising pressure as they expand API-driven offerings.
Innovation velocity vs. security maturity
In APAC, digital ambition is high, but the risks differ by market. In highly digitised, mature economies like Singapore and Japan, organisations operate with a much larger API sprawl and the sheer number of APIs sharply increases the attack surface as the huge volume of endpoints makes visibility the primary challenge. In emerging digital economies such as Vietnam and Thailand, rapid digitisation is outpacing the means and know-how to secure it. Shortage of local cybersecurity talent pool is also a key obstacle, resulting in these regions being prime targets for attacks.
At the same time, AI-assisted low-code development( or‘ vibe coding’) is speeding up how applications and APIs are built. While AI helps developers ship code faster than ever, it often introduces misconfigurations or insecure API defaults that move into production without human oversight. The result, across different starting points, is the same: more APIs in operation, greater complexity and more opportunity for attackers if security does not keep pace.
“ Across APAC, AI adoption is accelerating business transformation at an unprecedented pace,” said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai.“ However, this speed has also caused a rapidly increasing governance gap, forcing organisations to rethink their overall risk landscape.”
Koh advised organisations to prioritise building stronger operational governance to allow innovation to continue at speed.“ Today, APIs are no longer just connecting systems to data but have become an essential part of the enterprise data fabric.
“ As autonomous AI systems become more deeply embedded into business operations, resilience at the API layer will determine how confidently companies can scale. Securing these foundations will become essential to sustaining long-term business growth for every organisation in the AI era.” n
18
INTELLIGENT CIO APAC www. intelligentcio. com