The latest findings from Akamai highlight an evolving threat landscape where cyberattacks are increasingly sophisticated due to the convergence of AI, APIs, and DDoS strategies. The report reveals that while traditional network and transport layer attacks continue to grow in scope, application layer attacks are surging, affecting corporate operations globally.
DDoS Attacks on the Rise
Distributed Denial of Service (DDoS) attacks have not only increased in frequency but have also evolved in their execution. Layer 7 attacks, targeting application layers, have more than doubled in the past three years, complicating detection efforts. These attacks leverage botnets and AI to disrupt business activities without causing noticeable downtimes, making them particularly challenging to identify and mitigate.
Despite a slower increase, layer 3 and 4 attacks have reached unprecedented scales, with the notorious Mirai botnet remaining a significant threat. Variants of these botnets are now being offered as commercial services, facilitating widespread access to attack capabilities.
API Vulnerabilities Exploited
Application Programming Interfaces (APIs) are increasingly targeted for exploitation, with 87% of businesses reporting API-related security incidents in 2025. APIs serve as critical integration points in enterprise environments, yet they are often exposed to substantial risk. Attackers exploit these vulnerabilities to magnify DDoS attacks and compromise server integrity.
APIs, particularly in Software as a Service (SaaS) applications, are becoming more complex and less visible, heightening security challenges. The rise of agentic AI within these applications further exacerbates the issue, as it increases both the complexity and the potential attack surface.
Strategic Adaptations in Cybersecurity
The convergence of multiple attack types into unified campaigns necessitates a strategic shift in defensive measures. Akamai’s report emphasizes the importance of integrated security strategies that address web application vulnerabilities, API exposure, and botnet activity collectively.
Steve Winterfeld, advisory CISO at Akamai, underscores the need for organizations to reassess their security postures. He highlights the importance of robust API programs and the necessity to evaluate DDoS defenses, especially against advanced layer 7 threats. As cyber threats evolve, so too must the defense strategies employed by organizations to safeguard their infrastructures.
In conclusion, the convergence of attack vectors into a cohesive operating model presents significant challenges for cybersecurity. Organizations must adapt by integrating their security resources to effectively counter these sophisticated threats, ensuring comprehensive protection against the dynamic cyber threat landscape.
