15 May 2025, Thu |
10:31 AM
Thales has released the 2025 Imperva Bad Bot Report, a global analysis of automated traffic trends. The report shows that AI is now driving a sharp rise in bad bot activity. For the first time in ten years, bot traffic has surpassed human traffic online, making up 51% of all web activity in 2024.
This growth is linked to the rapid use of generative AI tools and large language models (LLMs). These tools make it easier for attackers to create and launch bots. As a result, bad bots accounted for 37% of internet traffic last year, up from 32% in 2023. It marks the sixth year in a row that bad bot traffic has increased.
The report highlights that attackers are now using AI to analyze failed attacks and improve their methods. At the same time, the rise of Bots-as-a-Service (BaaS) is making bot attacks more accessible and frequent.
Industries like travel and retail are facing the highest levels of bad bot traffic. In 2024, 59% of all retail traffic and 41% of travel site traffic came from bots. The travel industry was the most targeted, seeing 27% of all attacks. There was also a major shift from advanced to simple bots, showing that basic tools can now cause large-scale harm.
Thales also reports that AI bots such as ByteSpider, ClaudeBot, and ChatGPT User Bot are being used for cyberattacks. ByteSpider alone was responsible for over half of all AI-driven attacks. Other AI bots, including AppleBot and Google Gemini, were also active.
The study notes that API attacks are rising fast. Nearly 44% of advanced bot activity targeted APIs in 2024. These bots aim to exploit business logic, rather than just flood systems. They perform actions like account hijacking, payment fraud, and data theft. Industries using APIs for sensitive operations, such as finance, healthcare, and e-commerce, are most at risk.
Financial services were the top target for account takeover attacks, accounting for 22% of all incidents. Telecoms followed at 18%, and computing at 17%. With APIs being vital to digital operations, attackers are focusing on weak points to access critical data.
According to Thales, businesses must now rethink how they manage bot threats. While bad bots are evolving, security strategies must adapt too. Proactive defenses and smarter bot detection tools are key to staying ahead.
