State of the Internet (SOTI) reports

Actionable threat intelligence and defensive guidance, grounded in continuous research from the Akamai Security Intelligence Group (SIG). Use these reports to brief stakeholders, prioritize controls, and equip your teams with tactics that work at enterprise scale.

What’s new

The Year in Review 2025: AI, APIs, and a Whole Lot of Audacity
An expert look back at 2025’s major attacks — and the AI, API, and resilience gaps shaping 2026’s risk landscape.
Read the Year in Review 2025 blog
Fraud and Abuse Report 2025: Charting a Course Through AI’s Murky Waters
Which regions and industries are hit hardest by AI bot–driven fraud — and how to stay ahead of evolving tactics.
Download the Fraud and Abuse 2025 report
Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape
How AI-backed ransomware leverages DDoS and even “compliance” as extortion tools — and how to fight back.
Download the Ransomware 2025 report

Explore all research and data

App & API security
State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain
Global web attacks rose 33% year over year; OWASP API Top 10 patterns and MITRE-aligned techniques are surging alongside AI adoption.
Get the Apps & API 2025 report • See charts and data • View the infographic
Attack Trends Shine Light on API Threats (Financial Services)
The latest on DDoS, hacktivism, brand abuse, and phishing targeting FSI.
Download the FSI API threats report • See charts and data • View the infographic
Ransomware
Ransomware on the Move: Global Report • Download the report
APJ Snapshot • Read the APJ snapshot
EMEA Snapshot • Read the EMEA snapshot
Infographic • View the ransomware infographic
DDoS
EMEA’s Rising DDoS Threats: Regional Report • Download the EMEA DDoS report • See charts and data
Industry reports
Financial services global trends • Download the FSI trends report • See charts and data
Ecommerce scraping impact • Download the web scraping report • See charts and data
Healthcare under the microscope • Download the healthcare report • See charts and data
Year in Review
2024 recap and 2025 outlook • Read the 2024 Year in Review blog
Defenders’ Guide
Defenders’ Guide 2025: Fortify the Future of Your Defense • Download the Defenders’ Guide

How Akamai uses threat research to strengthen security products

Always-on global telemetry. SIG fuses data from Akamai’s edge, Guardicore Segmentation deployments, and massive global sensors — including more than 7 trillion daily DNS requests on the Akamai DNS cloud — to surface indicators of compromise and evolving TTPs.
Learn more about the Akamai Security Intelligence Group.
Rapidly translated into protections. Threat intel continuously feeds adaptive detections and managed updates across:
App & API Protector for WAAP, correlating multidimensional signals to detect up to 2x more web and API attacks.
Bot Manager to stop sophisticated automation at first contact.
Secure Internet Access via multilayer malware, phishing, and DNS exfiltration detections.
Client-Side Protection & Compliance to identify compromised scripts and block malicious behavior.
Account Protector with real-time behavioral analytics to reduce account takeover.
Akamai Hunt for proactive threat hunting based on current adversary tradecraft.

What we’re seeing in the data

Global web attacks are up 33% year over year, with OWASP API Top 10 and MITRE-aligned threats rising in parallel. AI-powered APIs are introducing new weaknesses while adversaries use AI to automate the kill chain.
Get the detail in the State of Apps and API Security 2025 report.
AI-driven botnets are accelerating fraud and abuse, with sharp regional and vertical differences.
See the Fraud and Abuse 2025 report.
Ransomware actors are adopting DDoS and “compliance” pressure as extortion levers, shortening dwell time and increasing impact.
Read the Ransomware 2025 report.
L7 DDoS activity continues to climb in key regions, demanding resilient WAAP and scrubbing at scale.
Explore the EMEA DDoS report.

Akamai’s enterprise security approach

Defense in depth at the edge and inside the network. Combine edge enforcement (WAAP, bot, DDoS) with Akamai Guardicore Segmentation to limit lateral movement and reduce blast radius under a Zero Trust model.
Intelligence-led automation. Continual SIG research drives managed updates, ML models, and automated mitigations so protections adapt as threats evolve.
Operational readiness. Lean on Akamai Managed Security Service for proactive monitoring, rapid incident response, periodic tuning, and executive-ready reporting.
Integrated platform. Streamline controls and visibility across apps, APIs, users, and infrastructure with solutions designed to work together and managed from a single pane of glass.
Explore our Zero Trust solutions.

Analytics and visibility

Streaming telemetry. DataStream delivers low-latency logs for SIEM/SOAR and data lakes.
Real-time dashboards. Product portals provide high-level to granular drill-down views of attacks, policy, and posture.
Environment mapping. Guardicore visualizes flows across data centers and cloud to inform precise microsegmentation.
Managed insights. MSS supplies monthly reports, QBRs, and post-incident reviews to track risk and ROI.
Research assets. Many SOTI publications include exportable datasets for your analysts. See “See charts and data” links throughout.

How Akamai helps with website and API security

Proven WAAP efficacy. Independent testing by SecureIQLab found Akamai achieved the highest complete security score, blocking 100% of bot and L7 DDoS attacks, avoiding 100% false positives, and delivering 100% WAAP resiliency — outperforming peers including Cloudflare by 40% in security efficacy.
Review the findings in the 2025 WAAP comparison report.
End-to-end protections.
App & API Protector mitigates DDoS at the edge and application-layer threats within seconds, including injection, Slowloris, and automated botnets.
Bot Manager differentiates good from bad automation to protect availability, conversion, and fraud controls.
Client-Side Protection & Compliance detects compromised JavaScript to prevent data theft and UX tampering.
Account Protector reduces account takeover with behavioral analytics.
Prolexic adds global, always-on DDoS scrubbing with a zero-second SLA for large-scale attacks.

Defensive actions you can take now

Validate and tune WAAP and bot policies against the latest SOTI attack patterns.
Implement microsegmentation to contain ransomware and APT lateral movement with Akamai Guardicore Segmentation.
Enforce secure internet access with multilayer detections and data loss prevention via Secure Internet Access.
Operationalize playbooks using the Defenders’ Guide 2025.

Stay current with SIG

Get new SOTI reports and research alerts from the Akamai Security Intelligence Group.
Follow updates and tools: Follow SIG on X • Explore SIG on GitHub