Akamai acquires LayerX, delivering end-to-end security and real-time AI usage control to any browser. Get details

Beyond Cloud Uptime: API Security and AI Resilience for 2026

Jay Jenkins

Written by

Jay Jenkins

Jay Jenkins is the Chief Technology Officer (CTO) for Akamai Cloud and AI. He is responsible for helping Akamai customers solve their biggest problems by embracing new technologies to take advantage of distributed cloud computing. 

A seasoned technology leader with more than 25 years of experience, Jay spearheads Akamai’s technological advancements and strategic initiatives with customers. Jay and his team research and study the current and future impact of emerging technologies to help organizations across the globe. 

Jay is a highly sought-after speaker and thought leader in the tech industry, and regularly shares his insights at conferences, workshops, and industry events. 

Jay holds a master’s degree in business administration from the University of Chicago Booth School of Business, and was the Tech Strategist and Evangelist at both ByteDance and Google. He is currently based in Singapore, and has previously worked in the United States, Australia, Vietnam. 

Reuben Koh

Written by

Reuben Koh

Reuben Koh is a Director of Security Technology and Strategy at Akamai. He provides deep thought leadership and advice to help clients align security strategies with their core business initiatives and digital transformation processes. 

He also works with Fortune 1000 enterprises and business partners across the Asia-Pacific region by providing cybersecurity guidance and expertise, especially in domains such as web security,  Zero Trust, SASE, XDR, network security, and security operations.  

With close to 20 years of experience in cybersecurity, Reuben previously held prominent leadership roles with industry leaders such as Symantec, CA Technologies, VMware, and Cisco Systems. Reuben also holds various industry certifications such as CISSP, CISA, CISM, and  ITIL.

Vineeth Varughese

Written by

Vineeth Varughese

Vineeth Varughese leads the product marketing efforts for Akamai Cloud in the Asia-Pacific region, driving adoption of Akamai Cloud solutions and spearheading go-to-market strategy for AI inferencing on the platform. 

Vineeth is passionate about empowering organizations to thrive in the digital age, and uses his dynamic experience at leading technology companies such as Microsoft, Adobe, Cloudera, and Deloitte to deliver technology-driven transformation with sustainable growth. His customer-first mindset and proven track record in shaping impactful customer experiences have helped organizations across global markets unlock new opportunities and accelerate innovation.

Share

Key takeaways

  • Absolute uptime is an outdated goal because cloud outages are now inevitable, meaning success in 2026 and beyond requires shifting focus toward minimizing the operational blast radius and managing impact during infrastructure failures.

  • API attacks, driven by automated bots and agentic AI systems, have surged by more than 30% year over year, which makes continuous lifecycle governance and deep visibility critical for modern enterprises.

  • Autonomous AI agents and service accounts now outnumber human users to create machine identity sprawl, creating one of the fastest-growing cloud security visibility gaps across the Asia-Pacific (APAC) region.

  • Modern infrastructure architecture demands multicloud portability and distributed cloud environments to effectively balance security resilience with regional data sovereignty and compliance rules.

The technology landscape is no longer changing incrementally — it is shifting structurally. APIs have become the backbone of digital systems, AI is redefining how applications behave in real time, and repeated cloud disruptions are forcing leaders to confront a hard truth: Availability alone is no longer enough.

In the webinar Beyond Outages: AI, API Security, and Resilience Strategies for 2026, senior technology and security leaders — Dr. Kevin Tham (CISO, RDC.AI), Jay Jenkins (Cloud Chief Technology Officer, Akamai), and Reuben Koh (Director, Security Technology and Strategy, Akamai) — converged on a shared view. 

Their consensus? The organizations that will succeed in 2026 will not be those that deploy more tools, but those that rethink architecture, resilience, governance, and risk in an AI-first world.

From uptime metrics to impact-driven resilience

For years, resilience was synonymous with uptime — four nines, five nines, and systems designed to never fail. Reality has caught up; outages will happen, across every provider and every platform.

What has changed is the blast radius. Our State of the Internet (SOTI) Security research shows that application-layer attacks and disruptions in APAC have grown steadily year over year, increasing the likelihood that outages now coincide with active security threats rather than isolated technical failures.

As a result, the definition of resilience is shifting from preventing failure to managing impact. Leaders are asking tougher questions: 

  • What fails first? 

  • Which business functions are affected? 

  • Which security controls disappear when infrastructure degrades? 

  • How quickly can systems recover without introducing new risk?

When security controls live inside the same infrastructure that they protect, availability risk becomes security risk. Designing for resilience in 2026 means planning for controlled failure, not perfect uptime.

Cloud architecture is being rewritten

The last decade of cloud adoption prioritized speed. “Lift and shift” worked well for a while, until scale, cost pressure, and outages exposed its limits.

Architecture is now being reshaped by portability, distribution, and sovereignty. Gartner forecasts that by 2026, more than 75% of enterprises will deliberately run workloads across hybrid or multicloud environments because of resilience, regulatory pressure, and geopolitical considerations rather than cost alone.

AI accelerates this shift as inference workloads increasingly need to run closer to users, devices, and data sources to meet latency, performance, and data-residency requirements. What was once a centralized model is becoming inherently distributed.

Where workloads run, who controls them, and how data moves across regions are now strategic decisions that allow for increased flexibility, but also significantly increase security complexity.

APIs: The invisible risk multiplier

APIs are the nervous system of modern enterprises, powering applications, integrations, and AI workflows. Yet many organizations still lack clear visibility into how many APIs they expose, what data flows through them, or who owns them.

According to our SOTI: Apps, APIs, and DDoS 2026 report API attacks grew more than 30% year over year, with APAC identified as one of the fastest-growing regions for API abuse. 

AI magnifies this risk. Agentic systems depend on APIs to take real-world actions –- moving money, accessing records, triggering workflows, and controlling services. When APIs are exposed or misused, the impact extends far beyond data leaks to unauthorized actions and operational disruption.

Looking farther past 2026, API security will be less about adding gateways and more about governance, lifecycle ownership, and continuous visibility.

Attackers are accelerating faster than defenders

AI is transforming attackers just as much as defenders. Automation and bots now dominate malicious traffic patterns, allowing adversaries to scale reconnaissance and exploitation at machine speed.

We’ve observed that automated attacks and bot-driven abuse now account for a significant share of malicious application traffic that is compressing attack timelines and shrinking defender response windows. 

This evolution exposes the limits of static rules and perimeter-only defenses. Risks such as workflow manipulation, API abuse, and AI-driven reconnaissance demand security models built around visibility, behavior, and intent, not just static rules.

Identity in a world of machines and agents

As AI agents proliferate, machine identities are rapidly outnumbering human users. Service accounts, workloads, APIs, and autonomous agents now form the majority of active identities in many environments. As we move from a human-centric web to an agentic web, the volume of machine-to-machine API calls will require real-time intelligence and adaptive AI to distinguish legitimate agent behavior from malicious automation.

Forrester highlights that machine identity sprawl is now one of the fastest-growing security visibility gaps, particularly in cloud- and API-driven architectures that are common across APAC. 

Securing identities in 2026 means understanding not just who has access, but why actions are taken — and whether behavior aligns with intended outcomes. Identity security is evolving from access control to behavioral assurance.

Leadership mindset: Enable, don’t block

Blocking AI use within the enterprise will be increasingly unrealistic. Adoption is already widespread, often outside formal approval channels.

The more effective strategy is enablement with governance: approved tools, clear guardrails, education, and visibility into use. You should treat AI as a productivity layer that’s integrated into existing risk frameworks, not as a parallel, unmanaged system.

Leaders should no longer be asking “Are we secure?” but “Are we resilient enough? How?” and “Can we scale our governance across AI use?”

The new security and resilience blueprint

As you prepare for the rest of 2026, several principles stand out:

  • Resilience must account for both availability and security.

  • Architecture must balance distribution, portability, and sovereignty.

  • API visibility and governance are foundational.

  • AI security must extend beyond prompts to workflows, identities, and intent.

  • Core fundamentals like access control, patching, multi-factor authentication (MFA), and user training will matter more than ever before.

Looking ahead

The convergence of AI, APIs, and distributed cloud is reshaping how digital enterprises operate and how they might fail. The organizations that thrive in 2026 and beyond will be those that redesign for impact, gain visibility before control, and enable innovation with well-defined governance rather than increase restrictions because of fear.

In an AI-driven world, resilience will no longer be just a compliance checkbox. It will be a strategic capability that will allow you to adapt and thrive in the new normal.

Jay Jenkins

Written by

Jay Jenkins

Jay Jenkins is the Chief Technology Officer (CTO) for Akamai Cloud and AI. He is responsible for helping Akamai customers solve their biggest problems by embracing new technologies to take advantage of distributed cloud computing. 

A seasoned technology leader with more than 25 years of experience, Jay spearheads Akamai’s technological advancements and strategic initiatives with customers. Jay and his team research and study the current and future impact of emerging technologies to help organizations across the globe. 

Jay is a highly sought-after speaker and thought leader in the tech industry, and regularly shares his insights at conferences, workshops, and industry events. 

Jay holds a master’s degree in business administration from the University of Chicago Booth School of Business, and was the Tech Strategist and Evangelist at both ByteDance and Google. He is currently based in Singapore, and has previously worked in the United States, Australia, Vietnam. 

Reuben Koh

Written by

Reuben Koh

Reuben Koh is a Director of Security Technology and Strategy at Akamai. He provides deep thought leadership and advice to help clients align security strategies with their core business initiatives and digital transformation processes. 

He also works with Fortune 1000 enterprises and business partners across the Asia-Pacific region by providing cybersecurity guidance and expertise, especially in domains such as web security,  Zero Trust, SASE, XDR, network security, and security operations.  

With close to 20 years of experience in cybersecurity, Reuben previously held prominent leadership roles with industry leaders such as Symantec, CA Technologies, VMware, and Cisco Systems. Reuben also holds various industry certifications such as CISSP, CISA, CISM, and  ITIL.

Vineeth Varughese

Written by

Vineeth Varughese

Vineeth Varughese leads the product marketing efforts for Akamai Cloud in the Asia-Pacific region, driving adoption of Akamai Cloud solutions and spearheading go-to-market strategy for AI inferencing on the platform. 

Vineeth is passionate about empowering organizations to thrive in the digital age, and uses his dynamic experience at leading technology companies such as Microsoft, Adobe, Cloudera, and Deloitte to deliver technology-driven transformation with sustainable growth. His customer-first mindset and proven track record in shaping impactful customer experiences have helped organizations across global markets unlock new opportunities and accelerate innovation.

Tags

Share

Related Blog Posts

Security
Adaptive AI for Detecting Modern DGA Attacks
Learn how a hybrid CNN-BiLSTM-Attention framework improves real-time DGA detection, reduces alert fatigue, and adapts to evolving malware variants.
Security
AI Reconnaissance: The Missing Layer in Chatbot Security
June 23, 2026
Read how Akamai threat researchers uncovered how attackers use benign-looking questions for AI reconnaissance, and why dynamic runtime guardrails are critical.
Security
DNS Is Your Most Critical — and Most Misconfigured — Security Control
June 18, 2026
DNS has evolved from a basic networking utility into a critical security control layer. Learn about the DNS misconfigurations that today’s attackers actively exploit.