AI-era cybersecurity in financial services — a new era of compliance

TL;DR

Akamai's SOTI 2026 (Financial Services edition) puts numbers on the moment attacks on finance moved from automation to autonomous agents. Asia-Pacific (APAC) is now the top Layer 7 DDoS target, up +40% year-over-year — attacks are converging on the region where digital adoption and real-time payments have grown fastest. Banks absorb 83% of API-endpoint attacks; only 27% of defenders know which APIs return sensitive data. As mimicry approaches the indistinguishable, detection scores grow weaker as material for proving "an unauthorised exercise of authority occurred." Detection and mitigation are more necessary than ever — and beyond them, in finance where AI agents enter as counterparties, a layer remains that cryptographically attests, before the transaction, who acted under whose authority and whether they cleared KYC and sanctions screening.

What follows traces five points along the report's structure and notes where Lemma draws its line.

Statistics are drawn from Akamai SOTI 2026 (Financial Services edition). As of 2026-06-01.

1. DDoS — finance is still the top target

Per Akamai SOTI 2026, financial services rank first across all industries in Layer 3/4 DDoS attack events, and are the only top industry up year-over-year (+5.2%). Peak events grew +236% from 2024 to 2025; median attack duration is up +738% globally (+1033% in EMEA). Banks sit at the center, accounting for 62% of L3/4 DDoS and 44% of L7 DDoS.

Where Lemma draws the line: detection and mitigation (DDoS defense) is a specialist, indispensable layer — and the layer to invest in first. Lemma does not replace it. The proof layer sits beyond it — making "who acted under whose authority" un-litigable after the attack has been stopped.

2. AI is "amplifying" the threat

The report returns to the point that AI doesn't replace traditional security risks — it amplifies them. The second half of 2025 marked the "shift from automation to autonomy," at which point malicious agents began navigating complex applications autonomously, probing for and extracting sensitive data. Bot activity surged +147%; in one case 96% of a site's traffic was judged to be malicious scraping bots; AI-enhanced botnets are imitating legitimate user behavior near-perfectly and pushing through conventional defenses.

Where Lemma draws the line: as mimicry approaches the indistinguishable, detection grounded in behavioral "look-and-feel" gets fuzzier. The question is not "can it execute (if)" but "was it authorised (prove)." You need enforcement that proves agent authority before the transaction (Pillar 03 — Agent Authority Proof).

3. A serious gap in API visibility

Banks now absorb 60% of all web attacks and 83% of API endpoint attacks; financial services saw 20 billion web attacks against APIs over two years. Yet Akamai's 2026 API Security Impact Study finds that even among organizations with a complete API inventory, only 27% know which APIs return sensitive data. APAC's status as the top Layer 7 DDoS target (and the largest YoY increase, +40%) sits against the backdrop of the region's rapid bank digital adoption and real-time payments growth.

Where Lemma draws the line: make it ZK-provable that an API call carries legitimate provenance and attributes (Pillar 01 — Verifiable Origin). For traffic that cannot be fully visualised, the answer is to draw the line via provability rather than via detection — as a complement.

4. DNS — another attack surface

DNS floods are the largest DDoS attack vector and up +29% year-over-year. Akamai DNS Posture Management data shows that across regulated industries including financial services, more than 85% of observed domains miss at least one foundational DNS control (SOA consistency, CAA, DNSSEC). DNS is the substrate of financial digital operations and can be a single point of failure.

Where Lemma draws the line: DNS and infrastructure hygiene is the domain of infrastructure-side players like Akamai. What Lemma adds sits above it — proving cryptographically, at the application / agent layer, that "this call carries legitimate provenance and authority." Different layers.

5. A new era of compliance

As noted at the top, AI governance has become a formal compliance domain — and enforcement on the regulatory side has stepped up. The report cites DORA, in force since January 2025 with 2026 as its first year of full enforcement; the EU AI Act's high-risk AI obligations (credit scoring, behavioral profiling, etc.) entering full enforcement on August 2, 2026, with mandatory conformity assessments; NYDFS signalling fines of up to $250,000 per day; and GDPR cumulative fines passing €6.7 billion. JD Denning of FS-ISAC writes that interconnected risk requires collective defense.

Where Lemma draws the line: prove conformity assessments and audit trails for high-risk AI without moving the raw data (Pillar 04 — Regulatory Attribute Proof). Cryptographic proofs can be verified and shared across organizations, supporting "collective defense" with proofs rather than detection logs.

What remains beyond detection — "who, under whose authority"

What unites the five points: once AI agents enter as the actors handling customers and payments, the question shifts from "is this traffic anomalous" to "this counterparty — under whose authority, and within what limits, are they acting." Detection scores answer the first; they answer the second — material for proving "an unauthorised exercise of authority occurred" in regulatory reporting, audits, or litigation — only weakly. Between the detection layer and the layer of legal / regulatory proof, an independent step is needed.

That step is not reconstructing logs after the fact; it is cryptographically attesting, before the transaction takes place, "what was permitted to whom, and how far" and "has the counterparty cleared KYC and is not on the sanctions list." Lemma places four primitives at this layer — provenance (Pillar 01), AI judgment verification (Pillar 02), agent authority proof (Pillar 03), and regulatory attribute proof (Pillar 04). This line of argument is contiguous with what Lemma has written in the finance context — "AI agents in financial operations: the case for the judgment-trail layer," "x402 needs a third layer," "The last layer left for cyber defense in the AI era" — and the Akamai data here corroborates the need from the attack-side reality.

Implications for finance CSOs and risk leaders

In implementation, three things remain. First, alongside improving detection precision, hold pre-transaction proofs of authority and attributes. As mimicry advances, detection alone leaves a gap in trails one can submit in regulatory reporting. Second, address the visibility gap. When you cannot see which APIs return sensitive data, selective disclosure — proving an attribute "without moving the raw data" — is the practical answer that establishes confirmation without enlarging the PII surface. Third, the cost of explaining audits and regulatory reports. Attribute proofs attested before the transaction make the confirmation work for audits and regulators considerably more straightforward than reconstructing after-the-fact logs.

The sophistication of cyberattacks is at once a reason to invest more in the detection layer and a reason to place a proof layer beyond it. Detection stops intrusions; proof makes "who acted under whose authority" un-litigable afterwards. Two layers with different roles.

In summary

• Akamai SOTI 2026 (Financial Services edition) shows that attacks on finance have gone autonomous-agent, that banks absorb 83% of API attacks, and that APAC has become the top Layer 7 DDoS target.
• On the defending side, even where APIs are inventoried, where sensitive data lives is largely invisible (27% know), and detection alone is showing its limits against mimicry-class agents.
• Detection and mitigation are indispensable, and that is a specialist domain. Beyond them, in finance where AI agents become transaction principals, a proof layer remains — one that cryptographically attests, before the transaction, "who, under whose authority, KYC- and sanctions-cleared."
• As DORA, the EU AI Act, NYDFS, and GDPR enforcement step up, Lemma's trust layer (provenance, AI judgment, agent authority, regulatory attributes) is designed to fill that step beyond detection in a form that holds up under audit and regulatory accountability — aligning with the regulatory shift already underway.

Read the incidents — Critical Brief

The arguments above show up, almost line-for-line, in the structure of real incidents. From our Critical Brief series of structural incident analyses, here are three close to the finance context:

• No.009 GTG-1002 — AI agent ran 80–90% of an attack autonomously — the first reported case in which §2's "shift from automation to autonomy" was actually observed. The structure where agent authority is not independently verified.
• No.021 Wirecard — forged balance confirmations — a financial attribute (asset existence) reached disclosure and the markets without independent verification of its basis. The very reason §5's regulatory enforcement is stepping up.
• No.006 Google API keys, usable for up to 23 minutes after deletion — continuous with §3's API-visibility gap; a structure where credential revocation cannot be independently verified.

Index: Lemma Critical Brief

For security and compliance leaders at financial institutions, fintechs, and payment operators — about the design of the proof layer beyond detection, we typically respond within one business day. Talk to us →

Sources (external only; statistics quoted with attribution, figures not reproduced)

• Akamai, "Financial Services at Risk: DDoS Attacks Are Bigger, Longer, and More Complex, Akamai Research Finds" (press release, May 2026) — https://www.akamai.com/newsroom/press-release/financial-services-at-risk-ddos-attacks-are-bigger-longer-and-more-complex-akamai-research-finds
• Cited within the report: Akamai "2026 API Security Impact Study"; guest contribution: FS-ISAC CSO John "JD" Denning