Akamai has promulgated its annual State of the Internet dossier, chronicling the landscape of applications, APIs, and distributed denial-of-service (DDoS) bombardments, and has subsequently chronicled a profound metamorphosis in adversarial stratagems. The cardinal revelation distills to this singular truth: kinetic strikes have evolved into architectures of profound systemic complexity, become precipitously more economical to scale, and are now inextricably entwined with the very infrastructure through which enterprises proliferate digital services and integrate artificial intelligence. APIs now reside at the epicenter of this mounting pressure. Until recently, a multitude of enterprises relegated them to the periphery of their defensive perimeters; presently, however, APIs are increasingly weaponized as the paramount vector of ingress.
Forensic investigators observe a marked departure from isolated, clamorous campaigns orchestrated merely for notoriety and reputational reverberations. Vastly more prevalent is the architecting of kinetic strikes as meticulously synchronized operations, seamlessly orchestrating the subjugation of APIs, assaults upon web applications, and Layer 7 (Application Layer) DDoS bombardments—striking at the very heart of the OSI model. This multifaceted paradigm empowers digital marauders not merely to shatter service availability, but to exponentially inflate the victim’s infrastructural expenditures. As enterprises plunge deeper into the crucible of AI and digital automation, adversaries exhibit a heightened appetite for striking the very interfaces and services that sustain these architectures.
The telemetry enshrined within this nascent dossier unequivocally demonstrates that we are no longer witnessing isolated paroxysms. Over the preceding biennium, the volume of Layer 7 DDoS bombardments has surged by a staggering 104%. Between 2023 and 2025, the frequency of kinetic strikes directed at web applications skyrocketed by 73%. Furthermore, the daily average of API assaults experienced an astronomical 113% year-over-year escalation. Akamai concurrently illuminates the findings of an enterprise survey: a chilling 87% of respondents conceded enduring at least one API-centric security breach during 2025. This aggregation of telemetry unequivocally proves that APIs have long transcended the realm of esoteric technical discourse amongst developers, crystallizing into a paramount defensive frontline.
In Akamai’s estimation, the very teleology of these attacks is undergoing a profound transfiguration. Malefactors increasingly strive not merely to breach the citadel and exfiltrate telemetry, but to actively degrade service efficacy, paralyze applications, precipitate a hemorrhagic surge in computational resource expenditures, and aggressively co-opt AI automation to serve their own nefarious machinations. This paradigm is profoundly advantageous for the assailants on several fronts. Foremost, automation drastically diminishes the fiscal burden of preparation. Secondly, pre-fabricated operational scripts facilitate the rapid replication of identical kinetic maneuvers across disparate quarries. Thirdly, bombardments directed at APIs and web applications frequently yield a substantial financial harvest, even bereft of a classic, headline-grabbing penetration.
The dossier emphatically underscores an auxiliary tribulation: the bifurcation of application security and API security is, in practical reality, an untenable paradigm. A multitude of enterprises persist in managing these domains as entirely disparate endeavors, wielding divergent instruments, mobilizing isolated squadrons, and suffering from fragmented visibility. Such a labyrinthine architecture inevitably breeds chasms in oversight. For the digital marauder, these very blind spots manifest as highly fortuitous vectors of ingress, given that within the crucible of an authentic attack, the web application and the API are customarily weaponized as a singular, unified conduit.
The document further harbors a multitude of auxiliary observations that eloquently illustrate the shifting trajectory of peril. One such observation is tethered to the phenomenon colloquially christened “vibe coding”—a paradigm wherein code is synthesized at breakneck velocity, frequently leaning heavily upon AI auxiliaries, whilst utterly forsaking rigorous engineering discipline. In Akamai’s estimation, this methodology increasingly injects nascent vulnerabilities and configurational aberrations directly into the production environment, entirely bypassing the crucible of rigorous pre-deployment validation. Distilled to its essence: enterprises are simultaneously hyper-accelerating their developmental cadence whilst precipitously eroding their safety margins, and adversaries are lying in wait, eager to exploit these hastily deployed interfaces within the operational theater.
A dedicated sector of the dossier is devoted to the scrutiny of DDoS kinetic activity orchestrated by hacktivist syndicates. Akamai chronicles that politically motivated cabals are relentlessly amplifying their pressure, fueled by the volatile permutations of the international geopolitical tableau and the burgeoning accessibility of rentable botnet architectures. This contemporary infrastructure bears little resemblance to the rudimentary, artisanal networks of subjugated devices characteristic of bygone eras. The digital bazaar is increasingly dominated by the “DDoS-for-hire” and “DDoS-as-a-Service” (DDoSaaS) paradigms, wherein requisite destructive capacity is procured merely as a commodity. As the friction to access such arsenals diminishes, the threshold for entry plummets, inviting a deluge of nascent participants.
The researchers unequivocally tether the 104% explosion in Layer 7 bombardments directly to this profound accessibility. It has become terrifyingly simple for malefactors to procure a bespoke botnet and seamlessly augment it with AI-fortified attack scripts. Consequently, the meticulous curation of targets is simplified, the fiscal burden of the operation plummets, and the ignition of campaigns against APIs and web applications is hyper-accelerated. The dossier specifically illuminates the specter of “super-botnets” akin to Aisuru and Kimwolf. These leviathan networks are cultivating architectures that trace their lineage to the infamous Mirai contagion, presently serving as the foundational bedrock for the DDoS-as-a-Service ecosystem. Crucially, this infrastructure is patronized not solely by cybercriminal syndicates, but equally by fervent hacktivists.
Akamai concurrently directs its gaze toward the overarching economic macro-environment. The contemporary internet bombardment is increasingly architected as a ruthless business model, wherein supreme efficiency reigns paramount. Whereas historically, a digital marauder was compelled to expend colossal resources upon labyrinthine, manual preparation, contemporary paradigms allow for the automation of myriad tasks, whilst bespoke instruments can simply be leased. This evolution renders the kinetic strike not merely scalable, but predictably, effortlessly repeatable. For the vanguard of defenders, this metamorphosis is exceptionally harrowing; the theater of conflict is no longer defined by sparse, complex operations, but rather by an unrelenting torrent of economical, hyper-accelerated campaigns capable of being ignited ad infinitum.
This nascent dossier transcends mere macroeconomic statistics, offering a granular dissection of regional trajectories, an appraisal of the economic engines driving contemporary internet bombardments, and a bespoke editorial by a guest luminary regarding the fortification against nascent perils tethered to agentic AI architectures. Within this context, “agentic AI” customarily denotes systems that do not merely regurgitate responses to inquiries, but possess the autonomy to execute labyrinthine chains of action, invoke auxiliary instruments, and seamlessly commune with external services. For the defensive vanguard, this paradigm is acutely perilous; an agent relies almost exclusively upon APIs, meaning that a singular vulnerability or architectural aberration within the interface instantaneously cascades, compromising the entirety of the broader automation chain.
The State of the Internet series has endured as a beacon of insight for its twelfth consecutive year. Akamai traditionally anchors its deductions upon the colossal telemetry harvested through its sovereign, global defensive infrastructure—an architecture that processes a monumental fraction of planetary web traffic. Within the contemporary iteration of this document, the paramount focus has irrevocably shifted toward the labyrinthine nexus of applications, APIs, DDoS bombardments, and artificial intelligence. In essence, the dossier chronicles a brutally stark reality: whilst enterprises hyper-accelerate their digital transfigurations, digital marauders possess the agility to adapt to these nascent architectures with virtually zero latency. And if APIs have indeed become the bedrock of AI services, then the pragmatic defense of artificial intelligence inextricably begins with the impregnable fortification of the API.
