IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Cracked shield protecting server nodes api link warning
#
Data Protection
#
Digital Transformation
#
Cloud Security

API attacks surge as AI exposure raises cyber risk

Tue, 28th Apr 2026 (Today)
Author image
By Sofiah Nichole Salivio, News Editor

Akamai has published a survey finding that application programming interfaces have become the main attack surface for cybercriminals. The average cost of an API-related security incident now exceeds USD $700,000.

The research drew on responses from 1,840 security professionals across 10 countries and six industries. It found that 87% of respondents had experienced an API-related security incident in the past year, up from 76% in 2022. Organisations reported an average of 3.5 such incidents over the same period.

The findings point to a widening gap between the pace of software deployment and the security controls around it. Organisations are rolling out APIs without enough testing or protection, leaving systems exposed once they go live.

API security is also moving up the corporate agenda. Nearly 80% of enterprises surveyed ranked it among their top three cybersecurity priorities, reflecting how central APIs have become in connecting applications, services and data across modern businesses.

At the same time, many companies still appear to lack the personnel and visibility needed to manage the risk. Only 53% of organisations said they had dedicated staff responsible for API security. Just 27% of enterprises with full API inventories said they knew which APIs exposed sensitive data, down from 40% in 2022.

AI exposure

AI deployment emerged as a major factor in the survey. Security teams ranked securing AI technologies as their top cybersecurity priority for the coming year, and 42% of respondents said APIs linked to AI applications, agents and large language models had been targeted by cyberattacks in the past 12 months.

The result adds to concerns that businesses are expanding their use of AI faster than they are adapting their security processes. APIs often serve as the route through which AI tools access company data, third-party services and internal systems, making them a direct point of exposure when controls are weak.

The survey also highlighted a gap between executive perceptions and technical teams' assessments of preparedness. Forty percent of C-suite leaders reported advanced API testing maturity, compared with 28% of DevSecOps teams. That suggests senior management may have a more optimistic view of security practice than those responsible for implementation.

Sector pressure

Financial services stood out as the sector most exposed to API-related attacks. Nearly all respondents in that industry, or 96%, said they had suffered at least one API-related attack in the past 12 months.

Other sectors also faced sizeable financial consequences. The highest average incident costs were reported in energy and utilities at USD $860,000, followed by manufacturing at USD $732,000 and health and life sciences at USD $725,000.

Those figures indicate that API incidents are not only frequent but expensive, particularly in industries that depend on continuous operations, sensitive data or complex digital supply chains. Costs can include response efforts, service disruption, regulatory exposure and the knock-on effects of compromised systems.

Sean Lyons, Senior Vice President and General Manager of Application and Infrastructure Security at Akamai, said the scale of the issue is increasing as businesses add more APIs to support digital services and AI tools.

"The rapid expansion of the API attack surface means organisations who rely heavily on APIs face significant risks, financial impact, and compromised visibility," Lyons said.

He added that many companies still struggle to maintain a clear picture of what they have deployed.

"APIs are rapidly exploding in number and most companies can't keep track of them. If you're adopting AI, API security can't be an afterthought. You need the foundation to actually trust the AI systems you're building," he said.

Security gaps

A central theme in the survey is visibility. Even where companies say they maintain full API inventories, fewer now know which interfaces handle sensitive data. That decline suggests some organisations may be counting APIs without understanding their risk profile, a problem that becomes more serious as AI systems are linked into core operations.

Akamai said stronger API security starts with identifying and cataloguing all APIs connected to AI applications and large language models, then building testing and controls into the full software lifecycle. The survey suggests API security is shifting from a specialist concern to a broader business risk issue, especially as AI adoption grows and attack volumes continue to rise.

Related stories
Google Cloud CEO sets out enterprise AI agent plan
LinkedIn names DBS top Singapore employer for career growth
Hyland appoints Tracy Roccasalva as Marketing Chief
Workday backs Club Med HR overhaul for global staff
Kingston launches 30.72TB DC3000ME SSD for data centres

Top stories

Ntt Data launches AI agent for multivendor IT estates
HTX & NCS deepen tech tie-up for Singapore Home Team
UiPath & Deloitte launch AI testing for enterprises
Dell expands cyber resilience with quantum-ready PCs
Spalba appoints Erica Seo as Business Head for APAC