Security
API-directed attacks surged to 44% of advanced bot traffic, with the travel sector topping the list for bot attacks overall.
Thales has released the 2025 Imperva Bad Bot Report, showing that AI is making bot attacks more frequent and harder to detect. The report explains how generative AI now helps even less-skilled attackers launch advanced bot attacks and improve their techniques over time. This rise comes as part of a growing Bots-as-a-Service (BaaS) trend, where attackers use AI tools to rent and deploy bots easily.
In 2024, automated bots made up 51% of global web traffic, overtaking human activity online for the first time in 10 years. Of this, malicious bots accounted for 37%, a jump from 32% in 2023. The increase is mainly due to AI tools and Large Language Models (LLMs), which make it easier to build and run bots at scale. This marks the sixth year in a row that bad bot activity has grown, raising serious concerns for cybersecurity.
Travel and retail industries are among the worst hit. Bad bots made up 41% of traffic in travel and 59% in retail. The travel sector saw 27% of all bot attacks in 2024, up from 21% last year. Interestingly, while advanced attacks dropped, simple bot attacks rose sharply—suggesting AI is helping even basic attackers flood websites with fake traffic.
Popular AI tools like ByteSpider Bot, ClaudeBot, ChatGPT, and Google Gemini are now being misused for cyberattacks. ByteSpider Bot alone caused 54% of AI-related threats, followed by AppleBot (26%), ClaudeBot (13%), and ChatGPT User Bot (6%).
Tim Chang, General Manager of Application Security at Thales, warns that as AI tools become more common, bot threats will continue to grow. “Businesses need stronger defenses to keep up,” he said. Bot-driven attacks today include DDoS, API misuse, and other forms of fraud that are becoming harder to detect.
A big area of concern is API security. In 2024, 44% of advanced bots targeted APIs, aiming to exploit the business logic behind them. These bots go beyond just overwhelming systems—they steal data, commit fraud, and hijack user accounts. Industries like finance, healthcare, and e-commerce are at high risk because they rely heavily on APIs for daily operations.
In the financial services sector, account takeover (ATO) attacks are a major threat. It was the most targeted industry in 2024, facing 22% of ATO incidents, followed by telecom (18%) and IT (17%). Because banks and fintech firms store sensitive data like credit card and account info, they’re prime targets for hackers. As APIs become more common in these sectors, the risk of data breaches grows.
The report urges businesses to upgrade their bot detection tools and build stronger cybersecurity strategies. As attackers become smarter and AI tools more accessible, protecting digital systems is becoming more urgent than ever.
In 2024, automated bots made up 51% of global web traffic, overtaking human activity online for the first time in 10 years. Of this, malicious bots accounted for 37%, a jump from 32% in 2023. The increase is mainly due to AI tools and Large Language Models (LLMs), which make it easier to build and run bots at scale. This marks the sixth year in a row that bad bot activity has grown, raising serious concerns for cybersecurity.
Travel and retail industries are among the worst hit. Bad bots made up 41% of traffic in travel and 59% in retail. The travel sector saw 27% of all bot attacks in 2024, up from 21% last year. Interestingly, while advanced attacks dropped, simple bot attacks rose sharply—suggesting AI is helping even basic attackers flood websites with fake traffic.
Popular AI tools like ByteSpider Bot, ClaudeBot, ChatGPT, and Google Gemini are now being misused for cyberattacks. ByteSpider Bot alone caused 54% of AI-related threats, followed by AppleBot (26%), ClaudeBot (13%), and ChatGPT User Bot (6%).
Tim Chang, General Manager of Application Security at Thales, warns that as AI tools become more common, bot threats will continue to grow. “Businesses need stronger defenses to keep up,” he said. Bot-driven attacks today include DDoS, API misuse, and other forms of fraud that are becoming harder to detect.
A big area of concern is API security. In 2024, 44% of advanced bots targeted APIs, aiming to exploit the business logic behind them. These bots go beyond just overwhelming systems—they steal data, commit fraud, and hijack user accounts. Industries like finance, healthcare, and e-commerce are at high risk because they rely heavily on APIs for daily operations.
In the financial services sector, account takeover (ATO) attacks are a major threat. It was the most targeted industry in 2024, facing 22% of ATO incidents, followed by telecom (18%) and IT (17%). Because banks and fintech firms store sensitive data like credit card and account info, they’re prime targets for hackers. As APIs become more common in these sectors, the risk of data breaches grows.
The report urges businesses to upgrade their bot detection tools and build stronger cybersecurity strategies. As attackers become smarter and AI tools more accessible, protecting digital systems is becoming more urgent than ever.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
