State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain

OWASP API Security Top 10–related incidents increased by 32%, revealing authentication and authorization flaws.

Growth in security alerts related to the MITRE security framework are up 30%

There were 7 trillion Layer 7 DDoS attacks targeting the high technology sector from January 2023 through December 2024, making it the most affected industry for this type of attack.

Akamai documented 150 billion API attacks from January 2023 through December 2024.

There were 311 billion web attacks in 2024. This represents a 33% year-over-year increase in web attacks.

There were more than 230 billion web attacks targeting commerce organisations, making it the most impacted industry. This is nearly triple the number of attacks experienced by high technology (the second most attacked sector).

In early 2023, Akamai observed monthly Layer 7 DDoS attack numbers of 500 billion. This rose to 1.1 trillion in one month by December 2024.

Quarterly Layer 7 (application-layer) distributed denial-of-service (DDoS) attack volumes increased 94% year-over-year between Q1 2023 and Q4 2024.