Web attacks rose by 33% in 2024, new data suggests, with APIs becoming increasingly popular targets for cybercriminals. According to a new report by Akamai Technologies, 311 billion incidents were recorded in 2024, with 150bn API attacks documented from January 2023 to December 2024. The study links the surge in attacks to the rapid adoption of AI applications, which increase attack surfaces and present new security challenges.
The US-based cybersecurity and cloud computing firm’s report highlights that the AI API market is expanding rapidly, as AI-driven tools are integrated with core platforms via APIs, significantly enlarging the attack surface. The research also points out that many AI-powered APIs are externally accessible and often rely on inadequate authentication mechanisms. This vulnerability is exacerbated by an increase in attacks powered by AI models. Akamai notes that AI-powered APIs are particularly susceptible as AI advancements aid threat actors.
Layer 7 DDoS attacks surge, targeting high-tech and commerce sectors
The report also details a significant rise in Layer 7 (application-layer) distributed denial-of-service (DDoS) attacks targeting web applications and APIs. Quarterly attack volumes surged 94% year-over-year from Q1 2023 to Q4 2024. Monthly attack numbers, which were 500bn in early 2023, escalated to 1.1 trillion by December 2024. This increase is attributed to the growing sophistication of bot-driven attacks, the continued use of HTTPS flooding, and the prevalence of Layer 7 DDoS attacks in the high technology sector.
Further findings include over 230bn web attacks targeting commerce organisations, making it the most impacted industry, nearly three times more than the high technology sector. The high technology industry faced seven trillion Layer 7 DDoS attacks from January 2023 to December 2024, making it the most affected sector. Incidents related to the OWASP API Security Top 10 increased by 32%, exposing authentication and authorisation flaws. Security alerts related to the MITRE framework rose by 30%, with attackers using advanced techniques like automation and AI to exploit APIs. Shadow and zombie APIs remain particularly vulnerable within complex API ecosystems.
“AI is transforming web and API security, enhancing threat detection but also creating new challenges,” said Akamai senior vice president and application security portfolio general manager Rupesh Chokshi. “This report is a must-read to understand what’s driving the shift and how defenders can stay ahead with the right mitigation strategies.”
In February 2025, Radware’s 2025 Global Threat Analysis Report revealed a 550% year-over-year rise in web DDoS attacks. The report attributes this increase to geopolitical tensions, the growing complexity of digital infrastructure, and the expanded use of AI-driven attack tools.
Read more: Web DDoS attacks soar 550% in 2024 as cyber threats intensify, report finds
