Akamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend against.

New research from internet infrastructure giant Akamai shows that layer 7 (application layer) DDoS attacks have increased in volume while Layer 3 (network layer) and layer 4 (transport layer) attacks have increased in scale. These, together with increasing API and web application attacks have converged into a new operating model for attackers.

Akamai’s latest State of the Internet Report highlights a rapidly evolving cybersecurity landscape, where AI in cybersecurity, API vulnerabilities, and advanced DDoS attacks are converging into complex, multi-layered threat campaigns. The findings reveal a significant shift from isolated cyber incidents to coordinated attack strategies that combine web application attacks, API abuse, bot activity, and distributed denial-of-service (DDoS) techniques into a single operational model.

According to Brent Maynard, Senior Director for Cybersecurity Strategy at Akamai, “Convergence has shifted from an emerging trend to an operating model.” This evolution underscores how attackers are leveraging automation, AI-driven tools, and scalable botnets to execute more sophisticated, cost-effective, and harder-to-detect cyberattacks.

DDoS attacks continue to rise both in frequency and complexity. While traditional Layer 3 and Layer 4 attacks remain prevalent, Layer 7 attacks targeting web applications and APIs have surged by over 100% in the last three years. These attacks are particularly concerning because they disrupt operations without causing visible downtime, making detection more challenging for security teams. Additionally, botnets like Mirai and its variants continue to dominate the threat landscape, with some now offered as DDoS-for-hire services.

A key trend identified in the report is the convergence of attack techniques. Organizations are increasingly experiencing hybrid attacks that combine multiple DDoS layers or integrate ransomware capabilities. For instance, threat groups like Qilin have expanded their operations to include DDoS, spam campaigns, and automated attack mechanisms, demonstrating how cybercriminals are building comprehensive attack toolkits.

API security has emerged as a critical vulnerability point. The report indicates that 87% of organizations experienced API-related security incidents in 2025. As enterprises rapidly adopt digital transformation strategies and integrate AI-driven systems, APIs have become prime targets for exploitation. Attackers leverage weak or undocumented APIs to gain unauthorized access, execute commands, and even recruit compromised systems into botnets.

The rise of agentic AI and SaaS-based applications further complicates the security landscape. Many organizations unknowingly introduce “shadow AI” and undocumented APIs, increasing system complexity while reducing visibility. This has contributed to a 73% increase in web application attacks throughout 2025, as threat actors continuously probe for exploitable vulnerabilities across both front-end and back-end systems.

Steve Winterfeld, Advisory CISO at Akamai, emphasized that rapid adoption of APIs and AI technologies often outpaces security readiness. He noted that API attacks have increased by 113%, driven by the high return on investment for attackers targeting weak security frameworks.

The report ultimately highlights the urgent need for a unified cybersecurity approach. Just as attackers are combining multiple techniques into cohesive campaigns, organizations must integrate their defenses across API security, AI systems, and web application protection. Siloed security teams and fragmented strategies are no longer sufficient in combating today’s AI-powered, multi-vector cyber threats.

As cyber risks continue to evolve, enterprises must adopt converged security models, leveraging AI-driven threat detection, real-time monitoring, and integrated defense frameworks to safeguard digital infrastructure and maintain resilience in an increasingly complex threat environment.

Recommended Cyber News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com