Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Posted on by

Automated traffic now accounts for the majority of activity on the web, with the share of bad bot traffic surging from 32% to 37% annually last year, according to Thales.

The French defense giant’s 2025 Imperva Bad Bot Report is now in its 12th year, and based as always on data collected by Imperva’s global network, which apparently blocked 13 trillion bad bot requests across thousands of domains and industries last year.

Bot traffic accounted for 51% of the total last year, the first time it has surpassed human activity in a decade, the vendor claimed. It said that malicious activity was to blame for this increase – particularly the use of AI and large language models (LLMs) to simplify the creation of bad bots at scale.

ByteSpider Bot was responsible for 54% of all AI-enabled attacks last year, followed by Applebot (26%), ClaudeBot (13%) and ChatGPT User Bot (6%), the report claimed.

ByteSpider is a legitimate web crawler operated by TikTok owner ByteDance, while Applebot is the US giant’s equivalent. ClaudeBot scrapes training data for Anthropic’s generative AI (GenAI) assistant Claude.

Read more on bad bots: Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Travel (41%) and retail (59%) both have high shares of bad bot traffic – with the former becoming the most attacked sector in 2024, accounting for 27% of all bot attacks. However, its share of advanced bot attacks actually declined annually (from 61% to 41%) while simple bot attacks surged up from 34% to 52%.

This shows that AI-powered bots are helping less skilled threat actors to launch higher volumes of simpler attacks, Thales argued.

Bad bots can be used in everything from DDoS attacks to custom rules exploitation and API violations. In fact, 44% of advanced bot traffic targeted APIs last year to exploit vulnerabilities in API workflows, carry out automated payment fraud, hijack accounts and exfiltrate data.

Financial services, healthcare and e-commerce providers are most at risk of these advanced API attacks due to the sensitive nature of the data they manage, the report noted.

“The business logic inherent to APIs is powerful, but it also creates unique vulnerabilities that malicious actors are eager to exploit,” said Tim Chang, general manager of application security at Thales.

“As organizations embrace cloud-based services and microservices architectures, it’s vital to understand that the very features that make APIs essential can also leave them susceptible to risk of fraud and data breaches.”