AI + DDoS + API Attacks

Akamai’s new 2026 “Apps, APIs, and DDoS” State of the Internet (SOTI) report, published March 17, 2026, explicitly flags APIs as the primary attack surface as organizations rush AI into production. (markets.businessinsider.com) The report cites a 104% rise in Layer‑7 (application‑layer) DDoS activity over the past three years and notes the average number of daily API attacks per organization climbed to 258 in 2025 — a 113% jump from 2024. (securityweek.com) Industry data show financial services remain the top target (Akamai/FS‑ISAC collaborations documented spikes and regional surges), while sector reports from Thales/Imperva and others list banking, fintech and healthcare among the most‑attacked verticals for API and DDoS campaigns. (prnewswire.com) Technical analysis from vendors and trade press documents how adversaries now use AI to craft polymorphic, human‑like Layer‑7 traffic and to shift from flood‑style spikes to low‑and‑slow, behavior‑matched bursts that defeat signature‑based filters. (radware.com) Concrete proof that APIs can be repurposed for stealthier intrusions came from Microsoft DART’s November 3, 2025 disclosure of the “SesameOp” backdoor, which abused the OpenAI Assistants API as a command‑and‑control channel. (microsoft.com) Policy and vendor guidance converge on integrated, identity‑aware monitoring and continuous controls: NIST’s 2025 guidance promotes testable continuous‑monitoring controls, the Cloud Security Alliance warns of AI‑era API risks, and vendors push behavior‑based API monitoring and Zero‑Trust access models. (nvlpubs.nist.gov)