AI-Powered API Attacks Cause Disruption and Losses Across Asia-Pacific

The article explicitly mentions AI-powered bots targeting APIs and causing application-layer attacks that disrupt services, which constitutes harm to digital infrastructure and communities relying on these services. The surge in attacks and reported security incidents indicates that harm is occurring, not just potential. The involvement of AI systems in these attacks and the resulting disruption aligns with the definition of an AI Incident, as the AI system's use has directly led to harm (disruption of critical digital infrastructure and services).

The article explicitly mentions AI-powered bots conducting API attacks that mimic legitimate traffic and evade traditional defenses, which have caused measurable financial and operational harm to organizations. It also discusses AI-assisted low-code development introducing security misconfigurations that increase vulnerability. These factors show AI system involvement in causing harm through malicious use and development-related vulnerabilities. The harms include disruption of digital services and financial impacts, fitting the definition of an AI Incident. The article does not merely warn of potential harm but reports ongoing realized harm due to AI-related attacks and vulnerabilities.

The article explicitly mentions AI's role in enabling adversaries to conduct more sophisticated and frequent attacks on APIs, which are critical points of access to sensitive data. These attacks have led to breaches resulting in harms like identity theft and fraud, which are direct harms to persons and organizations. The AI system's use by bad actors is a contributing factor to these harms, fulfilling the criteria for an AI Incident. The article does not merely warn of potential harm but reports ongoing incidents and their consequences, thus it is not an AI Hazard or Complementary Information.

The content outlines potential security vulnerabilities and risks associated with LLM-powered applications, which could plausibly lead to AI incidents in the future if exploited. However, it does not report any actual harm or incident resulting from these risks. Therefore, it fits the definition of an AI Hazard, as it describes circumstances where AI system use could plausibly lead to harm but no harm has yet materialized.

The article clearly involves AI systems in the context of AI-generated or AI-assisted attacks, which are causing increased security risks and operational challenges. However, it does not describe a concrete AI Incident where harm has occurred due to an AI system's development, use, or malfunction. Nor does it describe a specific AI Hazard event with a plausible imminent risk of harm. Instead, it provides complementary information about the current state of AI-related security threats, organizational challenges, and responses in the cybersecurity ecosystem. Therefore, the article fits best as Complementary Information, providing context and insights into AI-related security risks and responses without reporting a new incident or hazard.