API Attacks Surge as AI Exposure Elevates Cyber Risk

At the same time, enterprises are beginning to recognize the importance of API security. Nearly 80% of surveyed organizations ranked it among their top three cybersecurity priorities. This shift reflects the growing reliance on APIs to connect applications, services, and data across modern digital ecosystems. However, despite this awareness, gaps in staffing and visibility remain a major concern.

Only 53% of organizations reported having dedicated personnel responsible for API security. Additionally, just 27% of enterprises with full API inventories said they could identify which APIs expose sensitive data—down significantly from 40% in 2022. This decline highlights a troubling lack of visibility into critical security risks.

AI exposure has further complicated the situation. The survey reveals that security teams now consider securing AI technologies their top cybersecurity priority for the coming year. Meanwhile, 42% of respondents confirmed that APIs linked to AI applications, agents, and large language models have been targeted by cyberattacks within the past 12 months. As businesses integrate AI at a rapid pace, they often fail to align their security processes accordingly.

In addition, APIs act as gateways through which AI systems access internal data, third-party services, and enterprise applications. Therefore, weak API controls can directly expose sensitive assets, amplifying the risk.

The report also identifies a disconnect between executive leadership and technical teams. While 40% of C-suite leaders believe their organizations have advanced API testing maturity, only 28% of DevSecOps teams share that view. This disparity suggests that leadership may underestimate the complexity and risks associated with API security.

From an industry perspective, financial services emerged as the most affected sector, with 96% of respondents reporting at least one API-related attack in the past year. Meanwhile, energy and utilities reported the highest average incident costs at USD $860,000, followed by manufacturing at USD $732,000 and health and life sciences at USD $725,000. These figures demonstrate that API attacks are not only frequent but also financially damaging, especially in sectors reliant on continuous operations and sensitive data.

Sean Lyons, Senior Vice President and General Manager of Application and Infrastructure Security at Akamai, emphasized the growing scale of the issue.

“The rapid expansion of the API attack surface means organisations who rely heavily on APIs face significant risks, financial impact, and compromised visibility,” Lyons said.

He further added, “APIs are rapidly exploding in number and most companies can’t keep track of them. If you’re adopting AI, API security can’t be an afterthought. You need the foundation to actually trust the AI systems you’re building.”

A central theme throughout the report is visibility. Even when organizations claim to maintain complete API inventories, many fail to understand which interfaces handle sensitive data. This lack of clarity becomes even more critical as AI systems integrate deeper into core business operations.

Ultimately, Akamai stresses that strengthening API security begins with comprehensive identification and cataloging of all APIs, especially those connected to AI and large language models. Organizations must also embed testing and security controls throughout the entire software lifecycle. As AI adoption accelerates and cyber threats continue to evolve, API security is no longer a niche concern—it is a fundamental business risk that demands immediate attention.

Recommended Cyber Technology News:

• Utimaco Joins VAST Cosmos To Secure AI Data
• Robinhood Security Flaw Used to Send Phishing Emails
• Suzu Labs Acquires Emulated Criminals to Expand AI-Driven Cybersecurity Capabilities

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com