AI-Powered Applications Drive 73% Surge in Web Attacks Across Asia Pacific and Japan

AI-Driven Threats Lead to 51 Billion Web Attacks in APJ, Says Akamai

Akamai Technologies released a new State of the Internet (SOTI) report titled State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. Akamai Technologies released a new State of the Internet (SOTI) report titled State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. The report revealed that the Asia Pacific and Japan (APJ) region experienced a 73% increase in web application attacks year-over-year - the highest percentage increase globally - underscoring the need to protect web applications and APIs amidst the rapid growth and adoption of artificial intelligence (AI).

Akamai Research: AI-Powered Applications Drove 51 Billion Web Attacks in Asia Pacific and Japan, Up 73% Year-Over-Year

Akamai Technologies, Inc. (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects businesses online, today released a new State of the Internet (SOTI) report titled State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. The report revealed that the Asia Pacific and Japan (APJ) region experienced a 73% increase in web application attacks year-over-year - the highest percentage increase globally - underscoring the need to protect web applications and APIs amidst the rapid growth and adoption of artificial intelligence (AI). While AI is transforming both web application and API security landscapes by enhancing threat detection and response capabilities, it is also introducing new security challenges. In 2024, the APJ region recorded a total of 51 billion web application attacks, up from 29 billion in 2023. The surge is closely tied to the rapid adoption of AI applications, which are expanding the attack surface and increasing the complexity of cyber attacks. The countries most targeted by web and API attacks in APJ were Australia (20.3 billion), India (17.3 billion) and Singapore (15.9 billion); followed by Japan (6.3 billion), China (6.2 billion), South Korea (4.9 billion), New Zealand (2.9 billion), and Hong Kong SAR (2.2 billion). Across APJ, the most attacked industries were financial services, with over 27 billion web attacks, followed by commerce, with over 18 billion web attacks, which correlates with these industries' accelerated adoption of emerging technologies such as AI. The number of web and API attacks in APJ contributed to the 311 billion web application attacks globally in 2024, representing a 33% year-over-year increase. At the heart of this year's findings is the growing threat to APIs, which are increasingly used to integrate AI-driven tools with core platforms. Akamai documented 150 billion API attacks globally between January 2023 and December 2024 as threat actors exploited authentication gaps and automation-friendly attack vectors. AI-powered APIs are especially at risk due to their external accessibility and often inadequate authentication measures. APJ the Second Most Targeted Region for Layer 7 DDoS Attacks The report also revealed a 94% increase in Layer 7 (application layer) DDoS attacks during the same period to 7 trillion attacks globally, with the high-technology sector being the most impacted industry. Monthly attacks rose from just over 500 billion in early 2023 to more than 1.1 trillion by the end of 2024. HTTP floods remained the leading Layer 7 DDoS threat, targeting web apps and APIs with persistent severity. The growth trend is also evident in APJ as the region saw a 66% year-over-year growth in Layer 7 DDoS attacks - the second most targeted region globally - and reached a 24-month high, peaking at 504 billion in December 2024. The region experienced 7.4 trillion attacks over the two years, with Singapore recording 4.7 trillion attacks followed by India (1.1 trillion) and South Korea (607 billion). The report also revealed that digital media platforms, including social media channels, and commerce were the most impacted sectors in APJ. Other key global findings include: Over 230 billion web attacks targeting commerce organizations, making it the most impacted industry globally. This is nearly triple the number of attacks experienced by high technology (the second most attacked sector). OWASP API Top 10-related incidents increased by 32%, revealing authentication and authorization flaws that expose sensitive data and functionality. Growth in security alerts related to the MITRE security framework is up 30% as attackers are using advanced techniques, such as automation and AI, to exploit APIs. Shadow and zombie APIs present particularly vulnerable attack vectors within increasingly complex API ecosystems. "The surge in web and API attacks across APJ reflects more than just the region's rapid digital adoption, it also underscores the urgent need for cybersecurity to evolve rapidly with the growing integration of AI into enterprise ecosystems. As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," said Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies APJ. "This SOTI report will also dive into practical mitigation strategies on how organizations can better protect themselves against evolving threats." Heightened Compliance Requirements to Mitigate Future Attacks In response to the exponential growth of web and API attacks, regulatory bodies worldwide are enforcing stricter cybersecurity compliance requirements and guidelines, including governments across APJ. Singapore has expanded its cybersecurity bill to expand regulatory oversight; Japan has strengthened its national cybersecurity strategy and laws; India passed the Digital Personal Data Protection Bill; and Australia enacted the Cybersecurity Act 2024, which brings API and applications processing sensitive data under stricter oversight. With compliance deadlines approaching and enforcement increasing, organizations that delay security improvements risk not only regulatory penalties but also reputational damage, data loss, and service outages. Akamai recommends adopting a shift-left security approach, strengthening API governance, and deploying AI-powered defenses to detect and mitigate evolving threats. Now in its 11th year, Akamai's State of the Internet (SOTI) report series offers expert insights into cybersecurity and web performance based on data gathered from our network infrastructure that processes over one-third of global web traffic. About Akamai Akamai is the cybersecurity and cloud computing company that powers and protects businesses online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

Akamai Research: AI-Powered Applications Drove 51 Billion Web Attacks in Asia Pacific and Japan, Up 73% Year-Over-Year

Akamai Technologies, Inc. (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects businesses online, today released a new State of the Internet (SOTI) report titled State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. The report revealed that the Asia Pacific and Japan (APJ) region experienced a 73% increase in web application attacks year-over-year - the highest percentage increase globally - underscoring the need to protect web applications and APIs amidst the rapid growth and adoption of artificial intelligence (AI). While AI is transforming both web application and landscapes by enhancing threat detection and response capabilities, it is also introducing new security challenges. In 2024, the APJ region recorded a total of 51 billion web application attacks, up from 29 billion in 2023. The surge is closely tied to the rapid adoption of AI applications, which are expanding the attack surface and increasing the complexity of cyber attacks. The countries most targeted by web and API attacks in APJ were Australia (20.3 billion), India (17.3 billion) and Singapore (15.9 billion); followed by Japan (6.3 billion), China (6.2 billion), South Korea (4.9 billion), New Zealand (2.9 billion), and Hong Kong SAR (2.2 billion). Across APJ, the most attacked industries were financial services, with over 27 billion web attacks, followed by commerce, with over 18 billion web attacks, which correlates with these industries' accelerated adoption of emerging technologies such as AI. The number of web and API attacks in APJ contributed to the 311 billion web application attacks globally in 2024, representing a 33% year-over-year increase. At the heart of this year's findings is the growing threat to APIs, which are increasingly used to integrate AI-driven tools with core platforms. documented 150 billion API attacks globally between January 2023 and December 2024 as threat actors exploited authentication gaps and automation-friendly attack vectors. are especially at risk due to their external accessibility and often inadequate