Core Insights - Akamai Technologies has announced new enhancements to its API Security offerings, aimed at helping customers address evolving threats to APIs, which are increasingly targeted by cyberattacks [1][2] - The company's API Security solutions have received recognition through industry awards and positive customer feedback, indicating strong market validation [1][3] API Security Enhancements - The latest enhancements focus on improving visibility across the API development and production lifecycle, addressing critical security gaps [2] - Key features include: - Managed Service for API Security, which offers real-time monitoring and expert response to early threats [6] - Integration with code repositories for pre-launch risk assessment of APIs [6] - Compliance Dashboard for centralized monitoring against security and privacy standards like PCI DSS v4.0 and GDPR [6] Customer Feedback - Customers have reported significant benefits from Akamai's API Security solutions, highlighting improved visibility and risk management: - A CTO from an insurance company noted enhanced data usage visibility and minimized attack surface [2] - A CISO from a software company emphasized the tool's effectiveness in guiding their AppSec team and simplifying risk assessment [2] - An executive in healthcare praised the robustness and responsiveness of the tool, providing peace of mind regarding API-level visibility [2] Industry Recognition - Akamai's security solutions have recently won three prestigious industry awards, reflecting the company's growing traction in the market [3] - The Senior Vice President of Akamai's Application Security Portfolio stated that the recognition indicates the company is effectively addressing real customer problems [4]

Core Insights - The report by Akamai highlights that China has the highest costs associated with API security incidents, amounting to $778,000 (approximately 5.68 million RMB) over the past year [2] - The report indicates a significant discrepancy in cost estimates between management and frontline employees, with management estimating costs at $517,000 and frontline employees estimating $920,000 [2] API Attack History - The evolution of API attacks can be categorized into four phases, starting from pre-2000 with internal API mechanisms and focusing on system vulnerabilities [3] - The second phase (2000-2010) saw the rise of standardized APIs with SOAP, introducing risks like XML injection and man-in-the-middle attacks, followed by the adoption of RESTful APIs which led to session hijacking and token leakage [3] - The third phase post-2010 was marked by the rise of cloud computing, where APIs became core digital assets, but many shadow APIs emerged, leading to DDoS attacks and data breaches [3][4] - The current phase involves the integration of generative AI, where API calls are essential for business applications, shifting more security responsibilities to cloud service providers [4] API Attack Statistics - From January 2023 to June 2024, the Asia-Pacific region recorded 108 billion API attacks, accounting for 15% of all web attacks [5] - In China, 27.6% of respondents prioritized "protecting APIs from attacks" as the top cybersecurity concern, significantly higher than other countries [5] Current API Security Challenges - Common vulnerabilities in API applications include misconfigurations, lack of interception by firewalls, and authorization flaws, with API misconfiguration being the most prevalent at 22.3% [6] - The primary types of API attacks currently include injection attacks, unauthorized access, and DDoS attacks, as evidenced by the attacks on DeepSeek and other major models [6][7] Recommendations for API Security - Companies should reach a consensus on the causes, impacts, and priorities of API security incidents [9] - Suggested strategies include enhancing API discovery and monitoring capabilities, improving API testing, maintaining thorough documentation, and utilizing runtime detection tools [9][10] - Organizations are encouraged to integrate API security solutions with existing security products to identify high-risk behaviors and intercept suspicious traffic [10]