Akamai uses machine learning in its App & API Protector product to automatically detect and block web attacks, including zero-day exploits, SQL injection, and application-layer DDoS attacks, against its enterprise customers' websites and APIs. This system has been active in various forms since at least 2021 and received major AI-powered updates in 2024 and 2026.

The core technology is the Adaptive Security Engine, which uses machine learning and heuristic models to inspect web traffic in real time, self-tune detections, and reduce false positives. In October 2024, Akamai added the Behavioral DDoS Engine, which uses machine learning to set traffic baselines and detect application-layer DDoS attacks automatically. In March 2026, Akamai introduced AI-powered WAF detections that train AI models on global traffic to identify malicious patterns faster than rule-based methods alone. The system is described as processing data from billions of daily events.