CAMBRIDGE, Mass., April 28, 2026 (GLOBE NEWSWIRE) -- Akamai (NASDAQ: AKAM) today released new research showing that organizations are rushing to deploy APIs without adequate security or testing, leaving them vulnerable to attacks once released. Now in its fourth year, the Akamai API Security Impact Survey examines the state of API protection based on a global survey of 1,840 security professionals across 6 industries and 10 countries.
The study shows that API attacks continue to rise. Eighty-seven percent of respondents reported an API-related security incident in the past year, up from 76% in 2022. On average, organizations reported 3.5 API-related security incidents in the past 12 months, with an average cost exceeding US$700,000 per incident.
Security teams rank securing AI technologies as their top cybersecurity priority (38%) for the next year. Additionally, 42% of security professionals say APIs that power their AI applications, agents, and large language models (LLMs) were targeted by cyberattacks in the past 12 months. These findings reinforce recent Akamai research that identified APIs as a primary attack surface for cybercriminals.
Survey results show organizations increasingly lack API visibility, a problem worsened by AI, with only 23% of enterprises with full API inventories now knowing which APIs expose sensitive data — down from 40% in 2022.
Other survey findings include:
- Nearly all respondents in the financial services sector (96%) reported an API-related attack in the past 12 months.
- The industries with the highest incident costs were energy and utilities (US$860,000), manufacturing (US$732,000), and health and life sciences (US$725,000).
- Nearly 80% of enterprises rank API security among their top three cybersecurity priorities.
- Forty percent of C-suite leaders report advanced API testing maturity, compared with just 28% of DevSecOps teams. This suggests that leadership confidence exceeds what implementation teams report on the ground.
- Slightly more than half of organizations (53%) have dedicated personnel responsible for API security.
“The rapid expansion of the API attack surface means organizations who rely heavily on APIs face significant risks, financial impact, and compromised visibility,” said Sean Lyons, Senior Vice President and General Manager, Application and Infrastructure Security at Akamai. “APIs are rapidly exploding in number and most companies can’t keep track of them. If you’re adopting AI, API security can't be an afterthought. You need the foundation to actually trust the AI systems you're building.”
Beyond survey insights, the study also provides recommendations to help security teams strengthen their API security strategies. These include closing visibility gaps by discovering and inventorying all APIs that are linked to LLMs and AI applications, embedding security testing and controls throughout the API lifecycle, and treating API security as a prerequisite for trusted AI.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contact
Akamai Media Relations
[email protected]