2 Sources
[1]
AI-Powered Commerce Fuels Rising Cyber Threats Across APAC, Says Akamai
Asia Pacific's (APAC) fast-growing commerce economy is becoming a bigger target for cybercriminals as retailers, travel platforms and hospitality brands accelerate the use of AI-powered shopping, booking and customer experiences. According to Akamai's latest State of the Internet (SOTI) security report, Securing the Agentic Storefront: Attacks on Commerce, bot activity targeting APAC commerce companies rose 63% in 2025 -- the highest increase of any region globally. From July to December 2025, commerce also accounted for 38% of all AI bot traffic observed across industries in APAC, underscoring the need for security strategies that can keep pace with the region's rapid adoption of AI-powered commerce. Across the region, retailers are pivoting toward agentic commerce, using bots to hyperpersonalize shopping experiences and reduce cart abandonment. Chatbot growth is also especially fast in APAC, as businesses compete to differentiate through more personalized customer experiences. However, this is making it harder to distinguish legitimate automation from malicious bots, scraping, credential stuffing and API abuse. While retail remained the primary target, travel and hospitality industries in APAC also experienced greater exposure compared to other regions, driven by fragmented travel platforms, high digital and mobile adoption, popular loyalty programs and seasonal booking peaks during regional holidays like the Lunar New Year, Golden Week, Diwali and year-end holidays. APIs are also becoming a growing area of exposure as commerce businesses connect payments, loyalty programs, inventory systems, logistics and booking platforms. In APAC, this is especially prominent in travel, which accounted for 22% of commerce web attacks, with APIs targeted in 25% of attacks against them. Commerce businesses in APAC also faced rising application-layer DDoS pressure, with Layer 7 DDoS attacks increasing 39% from 260 billion to 361 billion events in 2025. Among API-targeted Layer 7 DDoS attacks, retail accounted for 51%, followed by hospitality (28%) and travel (21%). "APAC's commerce sector is pivoting quickly toward a more automated and AI-enabled future, as businesses use GenAI chatbots and other AI-powered services to personalize experiences and reduce friction," said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai. "But every chatbot interaction, booking flow and loyalty program integration creates another new digital surface that must be discovered, understood and protected. This is especially important in APAC, where travel and hospitality face heightened exposure from fragmented platforms, popular loyalty programs and seasonal traffic surges. Businesses must now implement risk-based defenses that are capable of identifying malicious intent hidden within high-volume, legitimate automation, without adding friction to the customer." As commerce organizations continue to embrace AI and automation, resilience must extend beyond a security function and become a business discipline. This includes: Now in its 12th year, Akamai's State of the Internet security reports draw on attack data observed across Akamai's cybersecurity protective infrastructure, which handles a significant portion of global web traffic.
[2]
AI Built the Boom, Now Bots are Burning It: The Dark Side of APAC's Commerce Surge
Commerce accounted for 38% of AI bot activity in APAC, while bot activity in the region surged 63% as retailers, travel platforms and hospitality brands race to personalize digital experiences Asia Pacific's (APAC) fast-growing commerce economy is becoming a bigger target for cybercriminals as retailers, travel platforms and hospitality brands accelerate the use of AI-powered shopping, booking and customer experiences. According to Akamai's latest State of the Internet (SOTI) security report, Securing the Agentic Storefront: Attacks on Commerce, bot activity targeting APAC commerce companies rose 63% in 2025 -- the highest increase of any region globally. From July to December 2025, commerce also accounted for 38% of all AI bot traffic observed across industries in APAC, underscoring the need for security strategies that can keep pace with the region's rapid adoption of AI-powered commerce. Across the region, retailers are pivoting toward agentic commerce, using bots to hyperpersonalize shopping experiences and reduce cart abandonment. Chatbot growth is also especially fast in APAC, as businesses compete to differentiate through more personalized customer experiences. However, this is making it harder to distinguish legitimate automation from malicious bots, scraping, credential stuffing and API abuse. While retail remained the primary target, travel and hospitality industries in APAC also experienced greater exposure compared to other regions, driven by fragmented travel platforms, high digital and mobile adoption, popular loyalty programs and seasonal booking peaks during regional holidays like the Lunar New Year, Golden Week, Diwali and year-end holidays. APIs are also becoming a growing area of exposure as commerce businesses connect payments, loyalty programs, inventory systems, logistics and booking platforms. In APAC, this is especially prominent in travel, which accounted for 22% of commerce web attacks, with APIs targeted in 25% of attacks against them. Commerce businesses in APAC also faced rising application-layer DDoS pressure, with Layer 7 DDoS attacks increasing 39% from 260 billion to 361 billion events in 2025. Among API-targeted Layer 7 DDoS attacks, retail accounted for 51%, followed by hospitality (28%) and travel (21%). "APAC's commerce sector is pivoting quickly toward a more automated and AI-enabled future, as businesses use GenAI chatbots and other AI-powered services to personalize experiences and reduce friction," said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai. "But every chatbot interaction, booking flow and loyalty program integration creates another new digital surface that must be discovered, understood and protected. This is especially important in APAC, where travel and hospitality face heightened exposure from fragmented platforms, popular loyalty programs and seasonal traffic surges. Businesses must now implement risk-based defenses that are capable of identifying malicious intent hidden within high-volume, legitimate automation, without adding friction to the customer." As commerce organizations continue to embrace AI and automation, resilience must extend beyond a security function and become a business discipline. This includes: * Mapping the revenue chain: Continuously identify the APIs that support payments, loyalty programs, checkout, inventory and partner integrations, and understand where sensitive data may be exposed. * Governing automation by risk: Move beyond blanket "allow" or "block" decisions and adopt a risk-based approach that can distinguish legitimate automation from malicious bot activity. * Preparing for peak traffic periods: Strengthen surge capacity, test DDoS response plans, monitor for fake storefronts and credential exposure, and bring cybersecurity and fraud teams closer together ahead of major shopping and travel peaks. Now in its 12th year, Akamai's State of the Internet security reports draw on attack data observed across Akamai's cybersecurity protective infrastructure, which handles a significant portion of global web traffic.
Share
Copy Link
Bot activity targeting APAC commerce companies surged 63% in 2025, the highest increase globally, as retailers and travel platforms adopt AI-powered shopping experiences. Commerce accounted for 38% of all AI bot traffic in the region, making it harder to distinguish legitimate automation from malicious attacks.
AI-powered commerce is transforming how businesses operate across APAC, but this digital acceleration is creating substantial cyber threats that demand immediate attention. According to Akamai's latest State of the Internet report titled "Securing the Agentic Storefront: Attacks on Commerce," bot activity targeting APAC commerce companies rose 63% in 2025, marking the highest increase of any region globally
1
2
. From July to December 2025, commerce accounted for 38% of all AI bot traffic observed across industries in APAC, underscoring how rapidly the region has embraced automated customer experiences while simultaneously becoming vulnerable to sophisticated attacks1
.
Source: DT
Retailers across the region are pivoting toward agentic commerce, deploying GenAI chatbots and automated systems to hyperpersonalize shopping experiences and reduce cart abandonment. Chatbot growth is especially fast in APAC as businesses compete to differentiate through more personalized customer experiences
2
. However, this rapid adoption is making it increasingly difficult to distinguish legitimate automation from malicious bots engaged in scraping, credential stuffing, and API abuse. The challenge lies in the volume and sophistication of these attacks, which can blend seamlessly with normal traffic patterns generated by legitimate AI-powered tools.
Source: CXOToday
While retail remained the primary target for cyber threats, travel and hospitality industries in APAC experienced greater exposure compared to other regions
1
. This heightened vulnerability stems from fragmented travel platforms, high digital and mobile adoption, popular loyalty programs, and seasonal booking peaks during regional holidays like Lunar New Year, Golden Week, Diwali, and year-end holidays. Travel accounted for 22% of commerce web attacks, with APIs targeted in 25% of attacks against them2
. APIs are becoming a critical area of exposure as commerce businesses connect payments, loyalty programs, inventory systems, logistics, and booking platforms, creating multiple entry points for attackers.Commerce businesses in APAC faced rising application-layer DDoS pressure, with Layer 7 DDoS attacks increasing 39% from 260 billion to 361 billion events in 2025
1
. Among API-targeted attacks using Layer 7 DDoS methods, retail accounted for 51%, followed by hospitality at 28% and travel at 21%2
. These numbers reflect how attackers are increasingly focusing on application-layer vulnerabilities rather than traditional network-layer attacks, exploiting the complex interconnections that power modern commerce platforms.Related Stories
"APAC's commerce sector is pivoting quickly toward a more automated and AI-enabled future, as businesses use GenAI chatbots and other AI-powered services to personalize experiences and reduce friction," said Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai. "But every chatbot interaction, booking flow and loyalty program integration creates another new digital surface that must be discovered, understood and protected". Businesses must now implement risk-based defenses capable of identifying malicious intent hidden within high-volume, legitimate automation, without adding friction to customer experiences
2
.As commerce organizations continue to embrace AI and automation, resilience must extend beyond a security function and become a business discipline. This includes continuously mapping the revenue chain to identify APIs that support payments, loyalty programs, checkout, inventory, and partner integrations. Organizations need to govern automation by risk, moving beyond blanket allow-or-block decisions to adopt approaches that distinguish legitimate automation from malicious bot activity. Preparing for peak traffic periods by strengthening surge capacity, testing DDoS response plans, monitoring for fake storefronts and credential exposure, and bringing cybersecurity and fraud teams closer together ahead of major shopping and travel peaks is essential
2
. The security report, now in its 12th year, draws on attack data observed across Akamai's cybersecurity protective infrastructure, which handles a significant portion of global web traffic1
.Summarized by
Navi
23 Apr 2025âąTechnology

06 Nov 2025âąTechnology

29 Apr 2026âąTechnology

1
Policy and Regulation

2
Technology

3
Technology
