Skip to main content

Security Leaders Cite AI as a Risk Multiplier for APIs in New Akamai Survey

Written by Customer Service on . Posted in Public Companies.

API attacks and incident costs surge alongside AI adoption

CAMBRIDGE, Mass., April 28, 2026 (GLOBE NEWSWIRE)Akamai (NASDAQ: AKAM) today released new research showing that organizations are rushing to deploy APIs without adequate security or testing, leaving them vulnerable to attacks once released. Now in its fourth year, the Akamai API Security Impact Survey examines the state of API protection based on a global survey of 1,840 security professionals across 6 industries and 10 countries.

The study shows that API attacks continue to rise. Eighty-seven percent of respondents reported an API-related security incident in the past year, up from 76% in 2022. On average, organizations reported 3.5 API-related security incidents in the past 12 months, with an average cost exceeding US$700,000 per incident.

Security teams rank securing AI technologies as their top cybersecurity priority (38%) for the next year. Additionally, 42% of security professionals say APIs that power their AI applications, agents, and large language models (LLMs) were targeted by cyberattacks in the past 12 months. These findings reinforce recent Akamai research that identified APIs as a primary attack surface for cybercriminals.

Survey results show organizations increasingly lack API visibility, a problem worsened by AI, with only 23% of enterprises with full API inventories now knowing which APIs expose sensitive data — down from 40% in 2022.

Other survey findings include:

  • Nearly all respondents in the financial services sector (96%) reported an API-related attack in the past 12 months.
  • The industries with the highest incident costs were energy and utilities (US$860,000), manufacturing (US$732,000), and health and life sciences (US$725,000).
  • Nearly 80% of enterprises rank API security among their top three cybersecurity priorities.
  • Forty percent of C-suite leaders report advanced API testing maturity, compared with just 28% of DevSecOps teams. This suggests that leadership confidence exceeds what implementation teams report on the ground.
  • Slightly more than half of organizations (53%) have dedicated personnel responsible for API security.

“The rapid expansion of the API attack surface means organizations who rely heavily on APIs face significant risks, financial impact, and compromised visibility,” said Sean Lyons, Senior Vice President and General Manager, Application and Infrastructure Security at Akamai. “APIs are rapidly exploding in number and most companies can’t keep track of them. If you’re adopting AI, API security can’t be an afterthought. You need the foundation to actually trust the AI systems you’re building.”

Beyond survey insights, the study also provides recommendations to help security teams strengthen their API security strategies. These include closing visibility gaps by discovering and inventorying all APIs that are linked to LLMs and AI applications, embedding security testing and controls throughout the API lifecycle, and treating API security as a prerequisite for trusted AI.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

Contact
Akamai Media Relations
akamaipr@akamai.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.