CAMBRIDGE, Mass., July 15, 2026 (GLOBE NEWSWIRE) -- An evolution toward agentic commerce and autonomous AI tools has made commerce the world’s most targeted industry by cybercriminals, according to the latest Akamai (NASDAQ: AKAM) State of the Internet (SOTI) security report, Securing the Agentic Storefront: Attacks on Commerce.
The report highlights that, as of December 2025, nearly half (47.9%) of all commerce traffic across Akamai’s global network now consists of AI bots. Furthermore, the industry continues to suffer a relentless barrage of application-layer (Layer 7) distributed denial-of-service (DDoS) activity, malicious web application exploits, and a dangerous narrowing of the gap between traditional application attacks and API-targeted exploits.
“We are securing a digital frontier where the ‘customer’ is increasingly an AI agent operating on behalf of the human user,” said Patrick Sullivan, Chief Technology Officer of Security Strategy at Akamai. “This report reveals how and why security leaders must embrace ‘agentic readiness,’ to architect sites that welcome legitimate AI while aggressively shutting down malicious bots.”
Additional key findings include:
- The rise of agentic commerce fraud: Autonomous AI shopping agents are creating a signal masking problem by perfectly mimicking human microbehaviors, according to guest contributor Pam Lindemoen, Chief Security Officer and Vice President of Strategy at RH-ISAC. Threat actors are now using agent hijacking tactics to compromise legitimate AI assistants and abuse stored payment credentials. They are also deploying large language models (LLMs) to create synthetic identity fraud in the form of “Frankenstein” accounts that easily bypass static defenses.
- The unchecked influx of AI bots: Driven by LLM development, AI training crawlers account for more than 70% of AI bot triggers in commerce. OpenAI, ByteDance, and Anthropic rank as the top three AI bots observed. Commerce organizations placed more than 90% of their AI bot activity in the “monitor” category but allowed three-quarters of the remaining activity to pass unrestricted, exposing themselves to underlying risks.
- API exposure and vulnerabilities: Web attacks targeting APIs rose by 9% year over year. In fact, Akamai’s 2026 API Security Impact Study revealed that 85% of commerce respondents experienced at least one API-related incident in the past year, yet only 22% know which of their APIs expose sensitive data.
- Layer 7 DDoS attacks escalate: Commerce was targeted by Layer 7 DDoS attacks nearly 3 trillion times in 2025, with the retail vertical bearing 84% of that volume. Attackers are using HTTP botnets to flood APIs during high-stakes holiday surges and exhaust app servers and halt sales.
- Industrialized phishing and malware pipelines: Between November 2025 and April 2026, malware represented 56.5% of observed endpoint threat activity, followed by phishing at 37.6%. Average daily phishing volume across commerce customers skyrocketed from 56,600 in February to 134,600 in April, serving as the primary raw material powering account takeover (ATO) and loyalty point theft.
Regional trends
Automated bot activity and web attacks varied by region:
- North America and EMEA: These mature markets saw modest bot increases (7% and 16%, respectively) but significant holiday-driven web attacks, with North America leading AI bot activity with 33 billion counts.
- APAC and LATAM: Bot activity surged by 63% in APAC and 48% in LATAM. APAC’s fragmented travel market and loyalty programs made it a primary target for bot and Layer 7 DDoS attacks.
Mitigation strategies
To effectively counter these evolving threats, Securing the Agentic Storefront: Attacks on Commerce provides a strategic roadmap for CISOs. Recommendations include:
- Map the revenue chain: Continuously discover and inventory the API estate to clear up critical visibility gaps regarding sensitive data exposure.
- Govern automation: Move away from binary “allow/block” models toward risk-based governance that categorizes bots by intent and business value.
- Minimize the blast radius: Implement microsegmentation to eliminate lateral movement. Although 92% of organizations use basic network segmentation, only 35% have progressed to true microsegmentation.
- Establish cooperative resilience: Integrate cybersecurity and fraud prevention teams to deploy real-time behavioral biometrics, risk-based multi-factor authentication, and automated kill switches to freeze compromised accounts instantly.
Now in their 12th year, Akamai SOTI Security reports continue to offer critical insights on cybersecurity trends and web performance, drawn from attacks viewed across Akamai’s cybersecurity protective infrastructure, which handles a significant portion of global web traffic.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contacts
Akamai Media Relations
akamaipr@akamai.com
Akamai Investor Relations
invrel@akamai.com
