Akamai Security Intelligence Group

Turn global internet visibility into practical defenses — faster

Akamai’s Security Intelligence Group (SIG) gives your teams the research, data, and tools to reduce risk across apps, APIs, users, and infrastructure. We analyze signals from Akamai’s massively distributed platform — including more than 7 trillion daily DNS requests on the Akamai DNS cloud — along with open sources, partner feeds, and dark web intelligence. Those insights flow directly into our products and managed services to improve detections, accelerate response, and harden your posture.

How research becomes protection

Our research-to-protection loop pushes intelligence straight into controls your teams already run:

App & API security
App & API Protector correlates platform-wide threat intel with adaptive, threat-based detections to catch up to 2x more web and API attacks. It drops network-layer DDoS at the edge and mitigates application-layer attacks in seconds. Learn about App & API Protector
API Security continuously discovers and classifies APIs — including LLM/GenAI-related APIs — and monitors behavior to surface abuse and sensitive data risks. Independent analysis by KuppingerCole named Akamai a Leader across Overall, Product, Innovation, and Market. Evaluate API Security
Network and user protection
Secure Internet Access uses multiple static and dynamic malware engines to proactively block ransomware, phishing, and DNS-based exfiltration — informed by SIG indicators and models. Discover Secure Internet Access
Prolexic counters volumetric DDoS with a zero-second mitigation SLA, backed by 200+ frontline SOC defenders and playbooks refined by ongoing threat research. Learn about Prolexic
Lateral movement and breach containment
Akamai Guardicore Segmentation combines rich process-level telemetry with SIG intel to enforce Zero Trust and detect lateral movement using reputation analysis, policy-based detections, dynamic deception, and managed threat hunting. Explore Akamai Guardicore Segmentation
Akamai Hunt leverages Guardicore telemetry plus global sensors to proactively hunt for indicators of compromise across IPs, domains, processes, users, and services. See Akamai Hunt
Bot and account abuse defense
Bot Manager updates detections continuously as threats evolve, integrating SIG research into bot classification, anomaly detection, and mitigation tactics. See Akamai Bot Manager
Account Protector applies behavior analytics, device intelligence, and source reputation to score login risk in real time and reduce account takeover. Review Account Protector
Client-side protection
Client-Side Protection & Compliance detects compromised or vulnerable JavaScript behavior to prevent user data theft and supply chain attacks, guided by current SIG findings. Harden client-side security

Our enterprise security approach

Large enterprises need outcomes, not just alerts. Akamai’s strategy brings together:

Defense in depth, aligned to Zero Trust — segment high-value assets, restrict lateral movement, and enforce identity- and context-aware access.
Edge-first mitigation — stop DDoS and malicious bots at first contact to protect origin capacity and preserve user experience.
Continuous detection and automated response — correlate signals across apps, APIs, endpoints, and DNS; use playbooks and ML-driven protections to reduce dwell time.
Integrated platform and single-pane visibility — deploy interoperable controls and manage policy, telemetry, and response centrally.
Global scale and resiliency — protect data centers, public cloud, and multicloud environments anywhere.
Managed Security Service — 24/7 monitoring, real-time analysis, periodic tuning, and rapid incident response (immediate or within 30 minutes based on severity). Engage Managed Security Service

Website and API security, delivered at the edge

Secure digital experiences without sacrificing performance:

WAAP at scale: Block OWASP Top 10, L7 DDoS, injection, Slowloris, and more; self-tuning and managed updates lower operational effort.
Bot defense: Let good bots in and stop bad bots at first touch to prevent scraping, credential stuffing, and checkout abuse.
Client-side integrity: Monitor scripts in real time for malicious code and third-party risks.
API protection: Discover, classify, and monitor APIs (including AI/LLM endpoints); enforce schema, auth, and abuse controls.
AI-aware controls: Apply policy and safety checks for LLMs and modern apps with Firewall for AI. Explore Firewall for AI

Analytics and visibility

Give your SOC and engineering teams the telemetry they need:

Real-time data feeds: DataStream provides low-latency logs for attacks, traffic, and security events for ingestion into SIEM/SOAR or data lakes. Access DataStream
Dashboards and drill-downs: Web-based portals visualize attacks, policies, and posture with high-level dashboards and granular detail.
Behavior and risk analytics: Account Protector aggregates anomalies and source reputation into per-request risk scores.
Threat hunting telemetry: Guardicore process, flow, and deception data enrich investigation and detection engineering.
User experience analytics: mPulse measures real user performance to correlate security mitigations with business outcomes. See mPulse

Insights we publish on global threats

Use SIG’s research to inform strategy and budgets:

State of Apps and API Security 2025: Global web attacks are up 33% year over year. Attacks tied to the OWASP API Security Top 10 and the MITRE framework are rising similarly. Threat actors are using AI to automate the kill chain, and AI-powered APIs are introducing new vulnerabilities. Get the Apps and API SOTI report
Fraud and Abuse Report 2025: Which regions and industries are hit hardest by AI-driven botnets — and how to stay ahead of evolving fraud tactics. Download the fraud and abuse report
Ransomware Report 2025: How AI-backed actors combine DDoS and compliance pressures as extortion tools — and how to build resilience. Download the ransomware report
Year in Review 2025: Executive-ready recap of the year’s major attacks and the AI, API, and resilience gaps shaping 2026’s risk landscape. Read the year in review
The SIG Download (monthly): A concise webcast of the most notable threats and new research from the past month. Watch The SIG Download

Browse all SOTI research and past issues. Explore the State of the Internet library

Latest research highlights

CVE-2026-26365: Incorrect processing of “Connection: Transfer-Encoding” — closing an HTTP request smuggling vector. Read the analysis
Inside the Fix: In-the-wild exploit of CVE-2026-21513 (MSHTML) — root cause via PatchDiff-AI and APT28 tradecraft. Read the analysis
CVE-2026-23864: React and Next.js DoS via memory exhaustion — impact across multiple React-based frameworks. Read the analysis

See more posts from our researchers. Browse the security research blog

Open source tools and resources

AkaRank: Daily domain ranking to improve threat intel quality using Akamai Cloud data. Use AkaRank
Infection Monkey: Open source breach and attack simulation to validate segmentation and controls. Run Infection Monkey
Botnet Encyclopedia: Profiles of botnets seen in the wild. Explore the encyclopedia
RPC toolkit: Resources to accelerate your RPC security journey. Get the RPC toolkit
GitHub: 175+ security and developer repositories from Akamai. Explore Akamai on GitHub
Webinars: Hear directly from SIG researchers. See upcoming and on-demand webinars

For your team: next steps

Stay current: Get email alerts for new SOTI reports, SIG posts, and webcasts. Subscribe to updates
Validate controls: Use Infection Monkey to test segmentation and lateral movement detection before your next audit.
Go deeper with SMEs: Share product tech docs and reference architectures. Visit Akamai TechDocs
Plan and procure: Discuss DDoS, WAAP, API security, Zero Trust segmentation, and managed detection options with our specialists. Talk to the Akamai security team
Need help now: If you’re under attack, our teams are ready 24/7. Get real-time support