AKAMAI warns that layer 7 DDoS, API abuse and AI-powered attacks are now merging into coordinated, multi-vector campaigns that are harder to detect and defend against, marking a shift from an emerging trend to a new operating model.
New research from internet infrastructure giant Akamai shows three developments: DDoS attacks continue to grow in volume and effect, API attacks are increasing and driven in part by growth in agentic AI, and criminal use of AI as a force multiplier makes attacks cheaper, more sophisticated and harder to attribute.
Layer 7 attacks have increased by 104% over the last three years, while layer 3 and 4 attacks have achieved massive scale; APIs are now among the most exposed entry points and can be used to magnify DDoS campaigns. Qilin, a Russia-linked RaaS group, has added DDoS to its toolkit and is described as the top ransomware threat targeting the US, with its programme updated regularly to include spam campaigns and automated ransom negotiation.
API attacks are up by 113%, with 87% of companies reporting an API-related security incident in 2025, and web attack volume has risen 73% from the start to the end of 2025, driven by SaaS apps and shadow AI. According to Akamai, defenders must converge their resources across API security, genAI, and web attack protection to cope with this integrated threat landscape.