Akamai Named an Overall Leader for API Security by KuppingerCole

APIs aren’t just integration plumbing — they’re how your business runs and grows. They expose product capabilities to customers, connect partners and revenue channels, automate back-office operations, and exchange data across platforms.

From mobile apps and ecommerce to large language models (LLMs) and GenAI chatbots, APIs are the building blocks of your digital products and infrastructure with direct impact on availability, customer trust, and regulatory posture.

However, most organizations still lack complete, current visibility into their API estate and risks, so shadow and zombie endpoints accumulate, third-party and partner APIs expand the attack surface, and AI initiatives spawn new APIs faster than security teams can keep up. In fact, our research revealed that only 27% of IT and security professionals who believe they have a complete API inventory know which of their APIs return sensitive data.

Leaders need a platform that can discover every API (in traffic and code), classify and govern them with verifiable controls, and protect runtime across complex cloud and hybrid environments. That’s the standard Akamai API Security is built to meet, and it’s why KuppingerCole recognized Akamai as a Leader across all four categories, including:

• Overall Leader
• Product Leader
• Market Leader
• Innovation Leader

KuppingerCole calls Akamai API Security a “comprehensive and deeply integrated” platform with advanced discovery, behavioral analytics, and hybrid deployment options, powered by Akamai’s global edge and recent acquisitions. Key capabilities the report highlights include:

• Deep discovery and classification from multiple sources, including traffic, OpenAPI specs, source code, and infrastructure, to uncover shadow, zombie, and third-party APIs

• Enterprise-scale performance with broad protocol support 

• Native integration with the broader Akamai platform for automated blocking of API threats; many Akamai customers can enable monitoring in minutes and achieve extensive traffic visibility within approximately 20 minutes

• Compliance and governance with findings mapped to frameworks — such as PCI DSS, GDPR, and NIST 800-53 — and centralized policy controls

• Machine learning (ML)–driven anomaly detection and incident prioritization to focus responders on what matters

• Flexible deployments (software as a service [SaaS], hybrid, self-hosted, hardened appliance) and a broad integration ecosystem (including 300+ connectors)
  

APIs are the interface to AI. Every LLM, agent, and AI service is accessed through one. To govern AI adoption, enterprises need visibility into these APIs to understand which models are being used, where, and by whom. Yet many organizations lack a complete inventory, with shadow endpoints and third-party services often operating outside central IT. 

This visibility gap makes governance and risk management challenging.

KuppingerCole recognized Akamai’s strength in discovering and classifying LLM- and GenAI-related APIs, helping organizations quickly gain control of AI interfaces and associated risks. For teams rolling out AI initiatives, this delivers an immediate way to inventory, govern, and protect AI-exposed endpoints.

If you’re evaluating enterprise-grade API security platforms, the Leadership Compass provides third-party validation of Akamai’s approach and concrete guidance for your selection process. Inside, you’ll find:

• Analyst assessment of Akamai’s strengths across discovery, posture/compliance, testing, anomaly detection, and runtime protection

• How Akamai’s code-to-runtime context and APIs from code capabilities help match APIs to developers who code them, accelerating remediation of any discovered vulnerabilities 

• Why hybrid/multicloud architectures and edge native enforcement matter for scale, resilience, and data residency

How ML baselining and the Attacker Confidence Engine reduce alert noise and help prioritize real attacks for incident response teams

API risk is accelerating, and most teams know it. Yet evaluating a crowded, fast-moving market of API security solutions can be challenging. This report provides an objective, in-depth evaluation of 25 vendors, helping you quickly determine which platforms align with your architecture, governance needs, and risk profile. 

Whether you’re building a short list, validating a decision, or shaping your roadmap, this report offers clarity and practical insights to make a confident, informed choice.