AI-Powered Commerce Fuels 63% Surge in Cyber Threats Across APAC, Akamai Reports

2 Sources

Share

Bot activity targeting APAC commerce companies surged 63% in 2025, the highest increase globally, as retailers and travel platforms adopt AI-powered shopping experiences. Commerce accounted for 38% of all AI bot traffic in the region, making it harder to distinguish legitimate automation from malicious attacks.

Bot Activity Targeting Commerce Companies Jumps 63% in APAC

AI-powered commerce is transforming how businesses operate across APAC, but this digital acceleration is creating substantial cyber threats that demand immediate attention. According to Akamai's latest State of the Internet report titled "Securing the Agentic Storefront: Attacks on Commerce," bot activity targeting APAC commerce companies rose 63% in 2025, marking the highest increase of any region globally

1

2

. From July to December 2025, commerce accounted for 38% of all AI bot traffic observed across industries in APAC, underscoring how rapidly the region has embraced automated customer experiences while simultaneously becoming vulnerable to sophisticated attacks

1

.

Source: DT

Source: DT

Distinguishing Legitimate Automation from Malicious Bots Grows Harder

Retailers across the region are pivoting toward agentic commerce, deploying GenAI chatbots and automated systems to hyperpersonalize shopping experiences and reduce cart abandonment. Chatbot growth is especially fast in APAC as businesses compete to differentiate through more personalized customer experiences

2

. However, this rapid adoption is making it increasingly difficult to distinguish legitimate automation from malicious bots engaged in scraping, credential stuffing, and API abuse. The challenge lies in the volume and sophistication of these attacks, which can blend seamlessly with normal traffic patterns generated by legitimate AI-powered tools.

Source: CXOToday

Source: CXOToday

Retail, Travel, and Hospitality Face Heightened Exposure

While retail remained the primary target for cyber threats, travel and hospitality industries in APAC experienced greater exposure compared to other regions

1

. This heightened vulnerability stems from fragmented travel platforms, high digital and mobile adoption, popular loyalty programs, and seasonal booking peaks during regional holidays like Lunar New Year, Golden Week, Diwali, and year-end holidays. Travel accounted for 22% of commerce web attacks, with APIs targeted in 25% of attacks against them

2

. APIs are becoming a critical area of exposure as commerce businesses connect payments, loyalty programs, inventory systems, logistics, and booking platforms, creating multiple entry points for attackers.

Layer 7 DDoS Attacks Increase 39% as API-Targeted Attacks Intensify

Commerce businesses in APAC faced rising application-layer DDoS pressure, with Layer 7 DDoS attacks increasing 39% from 260 billion to 361 billion events in 2025

1

. Among API-targeted attacks using Layer 7 DDoS methods, retail accounted for 51%, followed by hospitality at 28% and travel at 21%

2

. These numbers reflect how attackers are increasingly focusing on application-layer vulnerabilities rather than traditional network-layer attacks, exploiting the complex interconnections that power modern commerce platforms.

Risk-Based Defenses Required to Protect Agentic Storefronts

"APAC's commerce sector is pivoting quickly toward a more automated and AI-enabled future, as businesses use GenAI chatbots and other AI-powered services to personalize experiences and reduce friction," said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai. "But every chatbot interaction, booking flow and loyalty program integration creates another new digital surface that must be discovered, understood and protected". Businesses must now implement risk-based defenses capable of identifying malicious intent hidden within high-volume, legitimate automation, without adding friction to customer experiences

2

.

What Commerce Organizations Should Watch For

As commerce organizations continue to embrace AI and automation, resilience must extend beyond a security function and become a business discipline. This includes continuously mapping the revenue chain to identify APIs that support payments, loyalty programs, checkout, inventory, and partner integrations. Organizations need to govern automation by risk, moving beyond blanket allow-or-block decisions to adopt approaches that distinguish legitimate automation from malicious bot activity. Preparing for peak traffic periods by strengthening surge capacity, testing DDoS response plans, monitoring for fake storefronts and credential exposure, and bringing cybersecurity and fraud teams closer together ahead of major shopping and travel peaks is essential

2

. The security report, now in its 12th year, draws on attack data observed across Akamai's cybersecurity protective infrastructure, which handles a significant portion of global web traffic

1

.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved