CDNetworks Report: AI Is Industrializing Cyberattacks Across APAC
Source: CDNetworks
CDNetworks, the APAC-leading edge-as-a-service provider headquartered in Singapore, has released its annual State of WAAP Report revealing that AI is fundamentally changing the economics of cyberattacks by reducing the cost, time, and expertise needed to launch sophisticated campaigns. Key findings include 15 billion malicious API requests blocked per month, 1.64 million AI bot requests observed daily, and APAC accounting for 67.45% of Layer 7 DDoS activity in 2025.

CDNetworks, the Singapore-headquartered edge-services provider that operates more than 3,000 points of presence globally, has published its annual State of Web Application and API Protection report with a stark verdict: AI is industrialising the cyberattack economy. The report, released this week, draws on production data from CDNetworks' WAAP platform to map how large language models, agentic AI, and browser automation are shifting automated threats from scripted traffic to adaptive, human-like abuse that bypasses traditional defences.
The numbers are striking. In 2025, CDNetworks blocked an average of 15 billion malicious API requests per month — a volume that points to API abuse becoming the primary vector for business logic attacks targeting login flows, checkout processes, and search functions. AI bot traffic alone hit 1.64 million requests per day, which creates a governance headache: organisations can no longer simply allow or block automated traffic, they need granular policies that distinguish between helpful AI crawlers, malicious scrapers, and everything in between. Multi-layer DDoS attacks are also becoming more common, with DDoS-as-a-Service platforms enabling attackers to pivot across Layers 3, 4, and 7 in a single campaign.
The APAC region bears the brunt of this shift — it accounted for 67.45 percent of all Layer 7 DDoS activity in 2025, reflecting the concentration of digital-first sectors such as SaaS, fintech, and gaming where application availability directly affects revenue. For Singapore-based enterprises, this is a live concern: the city-state's role as a regional hub for fintech, e-commerce, and digital services means local organisations are both prime targets and on the front line of defence. The report notes that AI does not necessarily create entirely new attack types, but it dramatically compresses the time defenders have to understand and contain threats before they escalate.
CDNetworks' Global Head of Infrastructure Antony Li framed the challenge in operational terms: the focus should shift from identifying every vulnerability to understanding which exposures create real risk. The report recommends a tiered defence strategy that combines WAAP protections with adaptive rate limiting, behaviour-based bot detection, and API-specific security policies — recommendations that align with guidance from Singapore's Cyber Security Agency, which has flagged AI-driven threats as a priority area for national cybersecurity.
Why it matters for Singapore: CDNetworks is one of Singapore's most significant homegrown infrastructure technology companies, and its WAAP report offers a data-rich, real-world snapshot of how AI is reshaping the threat landscape that Singapore enterprises face daily. With APAC absorbing the majority of application-layer attacks and Singapore serving as a regional digital hub, the report's findings reinforce the urgency of CSA's push for AI-aware cyber defence strategies. For local CISOs and security teams, the key takeaway is straightforward: AI-powered attacks are no longer theoretical — they are arriving at scale, and the window to respond is shrinking.