There’s a new industrial revolution in progress that’s reshaping the online threat landscape. I’m talking about the industrialization of cyberattack campaigns that are transforming the speed, precision, and cost-effectiveness of those attacks.
Attack economics have been fundamentally changed by automation, which lowers the barriers to sophisticated campaigns. The convergence of web application exploits, API threats, and distributed denial-of-service (DDoS) attacks is becoming standard practice for attackers and exposing new vulnerabilities.
And rather than headline-grabbing breaches, the impact is often a slow burn of degraded performance, surprise infrastructure costs, lost conversions, and burned-out security teams. As a result, businesses are experiencing significant, cumulative damages.
The latest research: Addressing shifting threat dynamics
The 2026 State of the Internet (SOTI) Security report on apps, APIs, and DDoS, Prepare for the Convergence Crisis: Mitigating API, AI, and DDoS Risks, is officially live. We’re diving into the shifting threat dynamics that are making your security teams feel like they’re playing a never-ending game of Whac-A-Mole against a machine that never sleeps.
Key takeaways
The SOTI Security report highlights some key takeaways that help illustrate today’s multidimensional threat landscape.
The API problem: APIs are now the number one attack surface. Attackers have officially swapped traditional web exploits for behavior-based threats.
DDoS 2.0: Layer 7 surges are up by 104% over the last two years. We’re seeing DDoS as a service powered by super botnets like Kimwolf and Aisuru.
The risks of vibe coding: Artificial intelligence (AI) is great until vibe-coded apps (apps that have been developed with AI assistance) hit production with zero testing, leaving a trail of misconfigurations for attackers to find.
The slow burn: There is not always a massive breach, but the cumulative damage of degraded performance and infrastructure surprises can drain budgets and teams.
Take a deep dive on topics and trends
The SOTI Security report delves deeply into the trends that are reshaping today’s threats, including:
API security
DDoS attacks
DNS security
Web application attacks
API security
Based on an analysis of API attack trends, the report examines API Common Vulnerabilities and Exposures (CVEs), including the risk of data leaks by misconfigured, shadow APIs, or zombie APIs. The report makes the case for a defense-in-depth API security strategy that combines web application firewalls (WAFs) with dedicated API protection for both conventional attacks and behavioral risks.
DDoS attacks
The report explores global DDoS attack trends, including the role of super botnets like Kimwolf and Aisuru in mounting crippling volumetric floods and the impact of DDoS attacks on software and software as a service (SaaS).
In addition, it explores the emergence of hybrid assaults that are challenging traffic over ports and protocols across multiple layers of the Open Systems Interconnection (OSI) model. The findings underscore the need for robust protection of Layers 3, 4, and 7 with a multilayered, adaptive defense approach.
DNS security
Domain Name System (DNS) misconfigurations, such as dangling CNAME records, continue to pose a risk. Akamai research revealed how often unresolved DNS misconfigurations are quietly underpinning incidents discovered elsewhere, especially during periods of organizational change.
Web application attacks
Akamai data analysis reveals significant growth in the volume of web attacks — up 73% from 2023 through 2025. These attacks are also increasing in subtlety, impacting applications well before a compromise is detected. The report cites the updated Open Worldwide Application Security Project (OWASP) Top 10 web application security risks, highlighting important changes in vulnerabilities that organizations need to address.
Expert insights
The SOTI Security report includes special guest columns that examine specific topics of interest, authored by privacy and security experts, including:
The economics of modern internet attacks by Brent Maynard, Senior Director for Cybersecurity Strategy at Akamai. Brent explores the industrialization of cyberattacks and the factors driving it, including how the proliferation of APIs and AI is expanding the attack surface.
Defending against emerging threats around agentic AI by Steve Winterfeld, Akamai’s Advisory CISO. Steve looks at how agentic AI with decision-making capabilities is creating new vulnerabilities, highlighting the most critical GenAI threat vectors and providing mitigation tips to counter the threat.
Mitigation strategies
The SOTI Security report isn’t just about threat awareness; it also provides guidance on how organizations can improve their security posture. At the heart of this strategy is visibility. Once an organization is confident it has visibility of APIs and other points of vulnerability, it can deploy effective security controls.
The report also emphasizes the importance of people and processes in creating a culture that ensures developers, IT, infosec, vendor management, and legal teams are all following the latest best practices for countering threats.
Ready for more?
Download the Apps, APIs, and DDoS 2026 SOTI Security report: Prepare for the Convergence Crisis: Mitigating API, AI, and DDoS Risks.
Tags
