Increasingly advanced DDoS attacks ramp up amid mounting API, AI targeting

March 18, 2026

(Adobe Stock)

SecurityWeek reports that distributed denial-of-service attacks have increased in volume and scale amid the increasing prevalence of API intrusions and AI abuse.

More advanced Layer 7 DDoS intrusions that target APIs and web apps have risen by 104% during the past three years, findings from Akamai's State of the Internet Report showed. While the acceleration of Layer 3 and Layer 4 attacks that impact network and transport layers has been slower over the same period, such DDoS incidents have attained significant scale, primarily due to the Mirai botnet. Meanwhile, APIs have emerged as one of the leading initial vectors for enterprise environment compromise, with API intrusions found to have expanded the scope of Level 3 and Level 4 DDoS attacks, according to researchers, who noted shadow API issues being amplified by shadow AI usage.

"From an attacker's perspective, for every web application there are APIs that expose functions and (potentially) data. The more vulnerable and easier the apps and APIs are to compromise, the quicker the threat actors can reach their objectives. The rise of AI agents that consume APIs to interact with the real world amplifies the problem," said the report.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Learn More

SC Staff

A stock illustration that represents the concept of e-commerce phishing in pastel orange and cobalt blue, incorporating fake shopping carts and conceptual metaphors of stolen data and false security for an engaging and intuitive understanding of the concept. Utilize soft gradients and layered shadows to create a hint of spatial complexity and priority. --ar 16:9 --v 6.1 Job ID: b12556c8-93ea-4d94-91b3-9ca3f4a58a7b

API security

Magecart campaign exploits Stripe API for credit card theft

SC StaffJune 5, 2026

The sophisticated attack utilizes Google Tag Manager (GTM) and Stripe domains, which are implicitly trusted by e-commerce sites, allowing the malicious code to bypass security measures.

Glowing digital key on a dark circuit board symbolizing cybersecurity and data encryption. Cybersecurity awareness, data protection, digital security, IT, information safety, encryption concept.

API security

Deleted Google API keys remain active for up to 23 minutes, study finds

SC StaffMay 21, 2026

While the Google Cloud Platform console indicates immediate deletion, researchers found that keys take an average of 16 minutes to become fully inactive, with the longest observed delay reaching 23 minutes.

Security Operations

Command Zero releases APIs to enable programmatic security investigations

SC StaffMay 1, 2026

The new API endpoints enable security operations teams to integrate Command Zero's investigation engine into their existing security orchestration, automation, and response (SOAR) playbooks, pipelines, and internal tools.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

API Security Cloud Computing Greynet