INTELLIGENT MOBILE TECHNOLOGY
AI fuels hard-to-detect bots that generate half of Internet traffic according to Imperva
T hales, the global technology and security provider, announced the release of the 2025 Imperva Bad Bot Report, a global analysis of automated bot traffic across the Internet. This year’ s report, the 12th annual research study, reveals that generative artificial intelligence, AI is revolutionising the development of bots, allowing less sophisticated actors to launch a higher volume of bot attacks with increased frequency.
Today’ s attackers are also leveraging AI to scrutinise their unsuccessful attempts and refine techniques to evade security measures with heightened efficiency, amidst a growing Bots-As-A-Service, BaaS ecosystem of commercialised bot services.
Automated bot traffic surpassed humangenerated traffic for the first time in a decade, constituting 51 % of all web traffic in
2024. This shift is attributed to the rise of AI and Large Language Models, LLMs, which have simplified the creation and scaling of bots for malicious purposes.
As AI tools become more accessible, cyber criminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37 % of all Internet traffic – a significant increase from 32 % in 2023.
This is the sixth consecutive year of growth in bad bot activity, posing security challenges for organisations striving to safeguard their digital assets.
Both the travel and the retail sectors face an advanced bot problem, with bad bots making up 41 % and 59 % of their traffic, respectively. In 2024, the travel industry became the most attacked sector, accounting for 27 % of all bot attacks, up from 21 % in 2023. The most notable shift in 2024 is the decline in advanced bot attacks targeting the travel industry, 41 %, down from 61 % in 2023 and the sharp increase in simple bot attacks, 52 %, up from 34 %.
This shift indicates that AI-powered automation tools have lowered the barriers to entry for attackers, allowing less sophisticated actors to initiate more basic bot attacks. Rather than relying exclusively on sophisticated techniques, cybercriminals are increasingly utilising high volumes of simpler bots to inundate travel sites, resulting in more frequent and widespread attacks.
The emergence of advanced AI tools, including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI, and Cohere AI, are transforming not just user interactions but also the methods by which attackers execute cyber threats.
According to the Imperva Threat Research team, widely used AI tools are being leveraged for cyberattacks, with ByteSpider Bot alone responsible for 54 % of all AI-enabled attacks. Other significant contributors include AppleBot at 26 %, ClaudeBot at 13 %, and ChatGPT User Bot at 6 %.
“ The surge in AI-driven bot creation has serious implications for businesses worldwide,” said Tim Chang, General Manager of Application Security at Thales.
As attackers become more adept at utilising AI, they can execute a variety of cyber threats, ranging from DDoS attacks to custom rules exploitation and API violations. While bot-driven attacks have become increasingly sophisticated, they pose significant challenges for detection efforts. •
48 48 www. intelligenttechchannels. com