Bangalore, May 12: Akamai has released new research highlighting how application programming interface (API) security is lagging as AI adoption accelerates across Asia Pacific. The APAC edition of Akamai’s API Security Impact Study found that 81% of respondents in the region experienced an API security incident in the past 12 months. The financial toll is equally striking, with the average estimated cost per incident exceeding US$1 million, up sharply from US$580,000 in last year’s study, exposing a growing blind spot as AI reshapes how attacks are launched and scaled.
Among 640 cybersecurity decision-makers surveyed across India, China, Japan, and Singapore, attacks involving APIs linked to AI technologies, including applications, agents, and large language models (LLMs), emerged as the most common incident type, cited by 43% of respondents. The findings also point to a persistent visibility gap, with only 22% saying they have a complete API inventory and know which APIs return sensitive data.
Together, these results point to a widening gap between digital ambition and security readiness. As businesses roll out more AI-enabled services at an accelerated pace, APIs are becoming harder to monitor, govern, and protect, increasing the risk of disruption, exposed data, and higher operating costs.
“Organizations across APAC are moving quickly to scale AI, but the security foundations underneath that growth are still not as robust as it should be,” said Reuben Koh, Director of Security Technology & Strategy, Akamai Technologies, Asia-Pacific & Japan. “When APIs that power AI applications proliferate and become blind spots, the result is not just greater technical risk. It can also mean large-scale service disruption, higher recovery costs, and loss of trust. API allows AI to get things done, so API security has to be treated as a core part of building AI systems that organizations can actually rely on.”
Key findings for Asia Pacific:
- AI-linked API attacks are now the top incident type in the region: 43% of respondents said their organization experienced attacks involving APIs linked to AI technologies, apps, agents, or LLMs in the past 12 months.
- India and Singapore reported the highest incident exposure: 93% of organizations in India and 90% in Singapore experienced an API security incident in the past year.
- Japan recorded the highest average cost per incident: The average API security incident in Japan reached US$1.59 million, while Singapore averaged US$1.33 million per incident.
- Security maturity remains uneven: While 72% of respondents said their focus on API security has increased over the past year, only 19% said security testing is fully embedded across the API software development life cycle and CI/CD pipeline.
A growing gap between AI ambition and security readiness
Across the four markets surveyed, companies are dedicating more attention to API security, clarifying ownership, and strengthening testing. But as AI moves from experimentation to scaled deployment, those gains have not yet translated into consistent protection. Repeat incidents remain common, particularly among the APIs that are hardest to track and secure, underscoring how quickly growing complexity can outpace existing controls.
The study also highlights a disconnect between leadership confidence and frontline readiness. Across the broader sample, 56% of C-suite respondents said they are well prepared or fully prepared for these threats, compared with 44% of AppSec respondents. This suggests confidence at the top may be running ahead of operational reality – a risky gap at a time when AI-driven services are becoming more deeply embedded in core business operations.
A visibility and compliance wake-up call
While nearly all respondents in APAC say their organization factors APIs into regulatory compliance requirements, far fewer are taking the practical steps needed to demonstrate real control.
Only 63% incorporate APIs into risk assessments, and just 40% include them in reporting requirements. In other words, many companies may be discussing API compliance at a high level without having the operational clarity to back it up.
For enterprises across APAC, weak API visibility is becoming more than a security issue – it is also an AI compliance challenge. Without a clear view of which APIs exist, which expose sensitive data, and how those data flows are protected, businesses may struggle to meet rising expectations around oversight, reporting, and accountability as AI adoption scales.
As APIs become more deeply embedded in digital services and AI applications, the study underscores the need for stronger visibility, governance, and testing across the full life cycle. Recommendations include improving API discovery and inventory, embedding security checks earlier in development and deployment, and treating API security as a prerequisite for trusted AI.