• IT Security AI & Machine Learning Commentary Insight and analysis on the information technology space from industry thought leaders. • The New Front Line: API Risk in the Age of AI-Powered Attacks Attackers and defenders alike are using AI to scan for weaknesses in API design and implementation. • How can defenders prevail? • August 28, 2025 By Gerard Morelli Asmicroservices, cloud and edge computing, mobile apps, and IoT devices spread throughout governments and businesses, application programming interfaces (APIs) have emerged as a primary cybersecurity attack vector. • A typical large organization has hundreds ofAPIsserving as connective tissue in their networks, not to mention undocumented and unmanaged “shadow” APIs outside the organization’s monitoring and security reach. • Akamaidocumented 150 billion API attacksin 2023 and 2024.
Article Summaries:
- Summary
A surge in AI‑driven attacks has turned application programming interfaces (APIs) into a primary cyber‑risk vector for governments and enterprises. Akamai reported 150 billion API attacks in 2023‑24, with each endpoint presenting a unique zero‑day threat. AI tools enable attackers to scan for authentication flaws, insecure endpoints, and faulty business logic, while defenders face an asymmetrical arms race-AI offers attackers more flexibility than it does for defensive use. Industries handling sensitive data (healthcare, finance, tech) are urged to adopt structured frameworks such as OWASP API Security Top 10, NIST SP 800‑160, and, for defense contractors, the upcoming 2027 CMMC certification. Small firms may rely on cloud vendors or liability coverage, but larger entities must build robust, AI‑aware API security programs.
Sources: