API security incidents are costing enterprises across the Asia Pacific (APAC) region an average of more than $1 million per incident, according to a new report by Akamai Technologies released on Tuesday, 12 May. The surge in costs coincides with rapid artificial intelligence (AI) adoption across the region, which has expanded the attack surface for API-related threats.

Rising Costs and Growing Exposure

The report found that 81 per cent of organisations in APAC experienced at least one API security incident in the past 12 months. The average cost per incident has nearly doubled — rising sharply from around $580,000 in the previous year's study to more than $1 million — reflecting the compounding risks as AI integration deepens across enterprise systems.

Among individual markets, Japan recorded the highest average financial impact per breach at $1.59 million, followed by Singapore at $1.33 million per incident. India and Singapore reported the highest exposure to API-related attacks, with 93 per cent and 90 per cent of organisations, respectively, reporting at least one incident during the year.

AI-Connected APIs Emerge as Primary Attack Vector

Attacks involving APIs connected to AI technologies — including AI applications, AI agents, and large language models (LLMs) — emerged as the most common type of security incident, cited by 43 per cent of respondents. This signals a structural shift in the threat landscape: as enterprises wire AI capabilities into their core operations via APIs, those interfaces are increasingly becoming targets.

This comes amid a broader global trend of API sprawl, where organisations deploy APIs faster than they can secure or monitor them — a gap that threat actors are actively exploiting.

The Visibility Gap

The report pointed to a critical blind spot in enterprise security posture: only 22 per cent of respondents said they maintained a complete inventory of APIs and knew which of them handled sensitive data. This means the vast majority of organisations are, in effect, defending infrastructure they cannot fully see.

While 72 per cent of organisations said their focus on API security increased over the past year, only 19 per cent reported fully embedding security testing into their API software development and deployment processes — a significant gap between stated priority and operational practice.

What Security Leaders Are Saying

Reuben Koh of Akamai Technologies noted that organisations across APAC are rapidly scaling AI adoption, but the security foundations supporting those systems remain inadequate. He cautioned that APIs are becoming critical infrastructure for AI-powered services, and that weak visibility or governance could lead to service disruptions, higher recovery costs, and loss of consumer trust.

Compliance Risk on the Horizon

The report also flagged that weak API visibility is emerging not only as a cybersecurity risk but as a compliance challenge, particularly as AI services become more deeply integrated into business operations. As regulators across APAC tighten data governance frameworks, organisations with poor API oversight could face both financial penalties and reputational damage.

With AI adoption showing no signs of slowing, industry observers expect API security investment to become a boardroom-level priority across the region in the coming months.