• 07 3184 7575

AI-Powered Bots Are Reshaping the Internet Threat Landscape

  • Home
  • Blog Posts
  • AI-Powered Bots Are Reshaping the Internet Threat Landscape
  • November 10, 2025
  • 0 Comments

The internet is no longer dominated by human users. In 2024, bots accounted for 51% of all web traffic—and 37% of that was malicious, driven increasingly by AI-powered automation. This shift signals a new era of cyber risk, where AI is giving bot operators more scale, lower costs, and greater sophistication in evasion.

The Rise of Bad Bots

According to Imperva’s latest Bad Bot Report, malicious bot activity has grown significantly, with attackers now using AI to:

  • Generate bots faster
  • Launch high-volume attacks at low cost
  • Evade detection with increasingly polymorphic (ever-changing) behaviors

While basic bot attacks—those that are easy to spot and block—are growing rapidly, the more concerning trend is the evolution toward advanced bots, which can mimic human behavior and bypass traditional defenses.

“Advanced bots constantly change. They’re harder to detect and cause more damage,” says Tim Chang, Global VP of Application Security at Thales (which acquired Imperva in 2023).

Key Findings from Imperva’s 2024 Report

  • API bot attacks now represent 44% of all advanced bot activity
  • Account takeover (ATO) attacks increased by 40% year-over-year
  • Most targeted API vulnerabilities include:
    Data scraping (31%)
    Payment fraud (26%)
    Account takeovers (12%)
    Scalping (11%)

  • Data scraping (31%)
  • Payment fraud (26%)
  • Account takeovers (12%)
  • Scalping (11%)

Many of these exploits stem from weak API protections, such as misconfigurations, lack of rate limits, or poor authentication protocols.

AI-Enabled Bots on the Rise

AI is transforming how bots are built and how they operate. Imperva identifies the top AI-assisted bots by volume:

  • ByteSpider Bot (54%) – Often mistaken for ByteDance’s legitimate web crawler
  • AppleBot (26%)
  • Claude Bot (13%)
  • ChatGPT User Bot (6%)

Malicious actors increasingly disguise their bots as legitimate web crawlers—a tactic that exploits the fact that many defenders whitelist such bots to avoid disrupting useful traffic (e.g., SEO, analytics).

This tactic blurs the line between useful automation and abuse, raising legal and ethical concerns under GDPR and the AI Act, especially when bots are used to scrape data for AI model training.

What This Means for Businesses

  • AI is lowering the barrier to entry: Even low-skill attackers can now launch powerful bot campaigns.
  • Attackers are learning and adapting: AI helps them test, optimize, and refine their evasion tactics in real-time.
  • The volume is staggering: In 2024, Imperva blocked 13 trillion bot requests and reported up to 2 million AI-driven attacks per day.

“We expect bots to evolve further—more advanced, harder to detect, and more damaging,” says Chang.

How to Respond

Businesses should reassess their bot defense strategies, especially in areas such as:

  • API security
  • Account login protection
  • Bot detection systems that adapt in real-time
  • Visibility into bot traffic and behavior

The AI-bot threat isn’t coming—it’s here. As attackers gain smarter tools, defenders must evolve just as fast. Read more about how CSB helps organizations identify and defend against bot attacks powered by artificial intelligence.

Previous Post
VeriSource Data Breach Affects 4 Million Individuals: What You Need to Know