Application Programming Interfaces (APIs) are emerging as a new way that attackers can disrupt and hack broadcasters and publishers.
Over the years DOS (denial of service) attacks have caused websites and broadcast streams to crash, with state sponsored bad actors particularly targeting broadcasters and publishers who write news that they want to surpress. Hackers have also used brute force password attacks and phishing scams to trick staff to reveal system login details. With the coming of AI, these attacks have grown to an industrial scale, but defences are also becoming more spohisticated, to combat such attacks.
There is now a new threat, API attacks.
APIs are a set of rules and protocols that allow different software applications to communicate and share data with one another. They deliver information requests between one system to another, operating through a request-response cycle between a client (the app making the request) and a server (the system holding the data).
Many broadcasters and publishers use APIs to bring data into their systems and also to distribute their content to clients and partners. These APIs are now being targeted for attacks, with the possibility of hackers introducing fake content or disrupting the information flow of the system.
According to cloud services and security company Akamai, unsafe consumption of APIs represents the top API security incident type (35.32%) and “highlights the critical need to validate data from third-party vendors and maintain interactions over TLS.” A recent security report shows DDoS attacks up 104% from 2023 to 2025, and API attacks targeting unauthorized workflows doubling from 2024 to 2025, particularly in AI powered APIs.
The majority of AI-powered APIs are externally accessible and many rely on inadequate authentication mechanisms, a vulnerability compounded by the growing array of AI-driven attacks targeting them.
The company advises that “treating web applications and APIs as separate entities creates critical visibility gaps that threat actors exploit to move seamlessly through systems.” Unified protection ensures that defenses mirror the actual interconnected nature of modern business logic.
- API security requires a shift from signature matching to behavioral analysis. Modern API threats have evolved from traditional web attacks to complex business logic abuse that lacks a recognizable signature. Defenders must implement solutions capable of identifying anomalous activity in real time to stop these stealthy incursions.
- Software and SaaS providers are now high-value targets for operational chaos. The massive dependency of downstream clients on cloud-based hubs makes these industries prime targets for extortion-driven DDoS attacks. Proactive resilience testing is essential to prevent brief service disruptions from cascading into widespread financial losses.
Managers should be asking questions about the security of their API paths and tech teams need to review their strategies regarding API services.


