DDoS attacks have become more than a recurring operational headache. They’ve become a defining stress test for the global internet. Driven by automation and the growing commoditization of botnets, attacks are becoming larger, faster, and more coordinated than ever. Just take the Azure attack, measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps), as an example. What was once an episodic security concern has become a persistent operational reality that is forcing network operators to rethink how resilience is built and maintained at scale.

At the center of this challenge are wholesale networks. Often invisible to end users, these networks form the connective tissue of the digital economy, carrying traffic between service providers, cloud platforms, content networks, and entire regions. Their mandate is scale and openness: to move massive volumes of data efficiently, interconnect diverse ecosystems, and enable growth without friction.

As organizations confront ever larger, distributed and increasingly sophisticated attacks, they’re recognizing that the issues exposed in responding to DDoS are linked to a broader need: a shift towards intelligence-driven security models that can operate and adapt at machine speed on the scale of global networks.

The Dual Task of Wholesale Networks

This shift raises a critical question for wholesale operators: how do you preserve the openness and performance that global networks depend on, while delivering the level of security today’s threat environment demands?

Customers expect low-latency, high-availability connectivity, but they also require confidence that traffic is protected against direct attacks and the unintended spread of malicious activity across shared infrastructure. As wholesale networks continue to expand and interconnect, maintaining this balance becomes more difficult. The attack surface grows, traffic patterns become more complex, and adversaries evolve faster than traditional preventive controls can respond.

Legacy security approaches struggle under these conditions. Signature-based tools and static thresholds, designed for predictable environments, often fail against today’s low-volume, distributed, and multi-vector attacks.

AI Is Changing the Equation

To address these challenges, wholesale operators are embedding AI and machine learning directly into their global network operations. This approach marks a fundamental shift in how defense is delivered. Rather than relying on static rules or predefined signatures, AI-enhanced systems develop an understanding of normal traffic behavior across highly distributed environments and can surface anomalies as they emerge.

Machine learning models can continuously evaluate signals across traffic volumes, protocols, locations, and behavioral patterns, allowing potential attacks to be identified earlier and with far greater accuracy. Crucially, this intelligence enables automated action. Traffic can be redirected, filtered, or mitigated in real time, reducing reliance on manual intervention and minimizing disruption to legitimate services.

AI is also opening new possibilities for data governance and compliance. AI-enhanced wholesale networks can use IP intelligence to make informed decisions about where traffic flows, dynamically isolate risk, and route data through designated zones. This gives customers both security and choice, allowing performance, protection, and regulatory compliance to operate in harmony.

Wholesalers are also increasingly able to leverage new ways to collaborate for enhanced defenses. As threats grow more sophisticated, sharing threat intelligence, coordinating on best practice and engaging in cross-industry efforts are essential. AI can support these types of collective efforts by helping providers correlate signals across distributed networks and detect and respond to risks more quickly and accurately.

The Path Forward

The growth in DDoS attacks is a clear demonstration of why a shift is needed, but the implications extend far beyond this one form of threat. Resilience must be built in, not bolted on. By leveraging AI-driven monitoring, real-time threat analysis, and shared best practices for cybersecurity, wholesale providers can secure complex, multi-tenant networks without compromising openness or performance. In doing so, they evolve from passive connectivity suppliers into proactive guardians, ensuring networks are secure, reliable, and adaptable when delivering the network performance customers rely on in an ever-more-dynamic threat landscape.