Recent studies reveal that automated traffic now constitutes the majority of web activity, with a significant rise in bot-driven interactions. The 2025 "Bad Bot Report" by Thales and Imperva highlights that bots are responsible for 37% of all internet traffic, marking a 5% increase from the previous year. This surge underscores the escalating complexity and prevalence of AI-enabled cyber threats.

AI-Enabled Bots: A Breakdown of Key Players

The report identifies the ByteSpider Bot as the primary contributor to AI-driven attacks, accounting for 54% of such incidents last year. This bot, a legitimate web crawler operated by ByteDance, is followed by Applebot at 26%, ClaudeBot at 13%, and ChatGPT User Bot at 6%. These bots are increasingly targeting specific industries, with travel sites experiencing 41% bot traffic and retail sites facing a staggering 59%.

Increasing Sophistication of Bot Attacks

The dynamics of bot attacks are evolving, with simple, high-volume attacks now making up 45% of all bot-related incidents, up from 40% in 2023. This growth is largely due to the accessibility of AI-powered automation tools, which enable attackers with minimal technical skills to launch sophisticated bot attacks.

  • Human Behavior Mimicry: AI allows bots to imitate human actions, complicating the task of distinguishing between genuine users and automated threats.
  • Advanced Evasion Techniques: Attackers employ tactics such as fake browser identities, residential IP addresses, and privacy tools like iCloud Private Relay to evade detection.

Strategies for Mitigating Bot Threats

As the threat of malicious bots continues to escalate globally, organizations are urged to adopt comprehensive mitigation strategies. Key recommendations include:

  • Risk Identification: Assess and identify potential risks within the business environment.
  • Access Restrictions: Limit access from known bulk IP data centers to reduce exposure to bot traffic.
  • Automation Detection: Implement strategies to detect signs of automation and evaluate bot traffic effectively.
  • Real-Time Monitoring: Establish real-time monitoring and alerts for API-specific threats to enhance security response.
The link has been copied!