Akamai: Why AI-Driven Threats are Intensifying for Finance

Despite the clear gains financial services continue to reap from digital transformation, one of the most pressing and complex challenges it introduces is the expanded attack surface for cybercriminals.

And that surface is only widening.

Akamai’s AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services State of the Internet (SOTI) Security report underscores this shift, positioning the sector as a primary target for increasingly sophisticated and persistent distributed denial-of-service (DDoS) attacks.

A growing threat landscape

Akamai’s research highlights a sharp escalation in both the scale and sophistication of attacks targeting banks, payment providers and financial platforms.

Fuelled by AI-powered botnets and coordinated hacktivist campaigns, DDoS attacks have evolved from short-lived disruptions into sustained, strategic assaults.

The report finds that the median duration of Layers 3 and 4 DDoS attacks targeting financial services has surged by 738% since 2024.

This shift, it suggests, signals a move away from opportunistic disruption towards sustained campaigns designed to overwhelm infrastructure and erode customer trust.

“Cybercriminals and hacktivists continue to escalate DDoS from nuisance attacks to a sustained siege encompassing both hacktivism and cybercrime and financial services are in the crosshairs," says Steve Winterfeld, Advisory CISO of Akamai. 

“In addition, the data shows that APIs are increasingly targeted as AI doesn't reduce traditional security risks, it puts them on steroids. 

“Fortunately, financial services organisations can leverage the security strategies and best practices detailed in this report."

Are APIs the new battleground?

As financial institutions embrace open banking, real-time payments and API-driven ecosystems, Akamai finds attackers are following close behind.

The report’s findings show APIs are now among the most exploited entry points.

Akamai’s 2026 API Security Impact Study reveals that 96% of financial services leaders reported at least one API security incident in the past year – the highest rate across any industry.

In parallel, 83% of API-related incursions in 2025 targeted banking institutions specifically.

This growing exposure further underscores a critical challenge for financial institutions: innovation is outpacing security maturity in a heavily regulated industry.

AI and botnets amplify risk

Akamai’s report also shines a light on the rapid evolution of automated threats.

Advanced bot activity surged by 147% in late 2025, with one case study revealing that 96% of all site traffic was made up of malicious scraping bots.

These AI-enabled botnets are capable of mimicking legitimate user behaviour, making detection more difficult and mitigation more resource-intensive.

For financial institutions operating high-volume digital services, this introduces both operational strain and heightened exposure to fraud and data breaches.

At the same time, geopolitical tensions are reshaping the threat landscape.

Akamai’s report highlights the emergence of pro-Iran hacktivist groups as a notable force, leveraging coordinated DDoS campaigns to target financial infrastructure in sustained waves.

The regional patterns behind attacks

Akamai’s global visibility offers insight into how attack strategies vary across regions.

These regional variations reinforce the importance of adopting customised cybersecurity approaches, especially for multinational financial institutions operating across increasingly complex and fragmented threat landscapes.

The need to bridge the security gap

Despite the rising threat landscape, Akamai’s report finds that the adoption of advanced cybersecurity measures remains uneven.

Nearly 80% of financial institutions have experienced ransomware attacks in the past two years, yet fewer than half have implemented advanced security technologies.

While the findings expose clear gaps across the sector, they also position Akamai as a key player in helping to close them.

With a significant share of global web traffic flowing through its infrastructure, Akamai delivers real-time threat intelligence and mitigation across cloud, application and network layers.

As attacks grow larger, longer and more coordinated, these capabilities are becoming central to safeguarding the future of finance.