For the first time in a decade, automated bot traffic has surpassed human-generated traffic, constituting 51% of all web activity in 2024.
This is according to the 2025 Imperva Bad Bot Report released by Thales, a global technology and security provider.
The report highlights a significant shift in the digital landscape, driven by the increasing sophistication and accessibility of artificial intelligence (AI).

The AI revolution in Bot Advancement

Generative AI is revolutionizing bot development, enabling less refined actors to launch a higher volume of attacks with increased frequency.
Cybercriminals are leveraging AI to scrutinize unsuccessful attempts and refine their techniques to evade security measures more efficiently.
This is happening amidst a growing Bots-As-A-Service (BaaS) ecosystem of commercialized bot services.

Key Findings from the Imperva Report

• Malicious bots now account for 37% of all Internet traffic, a significant increase from 32% in 2023.
• This marks the sixth consecutive year of growth in bad bot activity, posing ongoing security challenges for organizations.
• The travel industry became the most attacked sector in 2024, accounting for 27% of all bot attacks, up from 21% in 2023.
• Advanced bot attacks targeting the travel industry declined from 61% to 41%, while simple bot attacks increased from 34% to 52%.

AI Tools Transforming Cyber Threats

Advanced AI tools, including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI, and Cohere AI, are transforming how attackers execute cyber threats.
The Imperva Threat Research team found that ByteSpider Bot alone is responsible for 54% of all AI-enabled attacks.
Other significant contributors include AppleBot at 26%, ClaudeBot at 13%, and ChatGPT User Bot at 6%.

Expert Viewpoint

The surge in AI-driven bot creation has serious implications for businesses worldwide, said Tim Chang, General Manager of Application Security at Thales.

As automated traffic accounts for more than half of all web activity, organizations face heightened risks from bad bots, which are becoming more prolific every day.
Tim Chang, General Manager of Application Security at Thales

The Evolution of Bot Tactics

Attackers are becoming more adept at utilizing AI to execute various cyber threats, from DDoS attacks to custom rules exploitation and API violations.
Bot-driven attacks have become increasingly sophisticated, posing significant challenges for detection efforts.

This year’s report sheds light on the evolving tactics and techniques utilized by bot attackers. What where once deemed advanced evasion methods have now become standard practice for many malicious bots, Chang said.

In this rapidly changing surroundings, businesses must evolve their strategies. It is crucial to adopt an adaptive and proactive approach, leveraging sophisticated bot detection tools and thorough cybersecurity management solutions to build a resilient defense against the ever-shifting landscape of bot-related threats.
Tim Chang, General Manager of Application Security at Thales

API-Directed Attacks on the Rise

Recent findings reveal a significant surge in API-directed attacks, with 44% of advanced bot traffic targeting APIs.
These attacks target the intricate business logic that defines how apis operate, including automated payment fraud, account hijacking, and data exfiltration.

Industries at Risk

Financial services, healthcare, and e-commerce sectors are bearing the brunt of these sophisticated bot attacks, making them prime targets for malicious actors seeking to breach sensitive information.
These industries rely heavily on APIs for critical operations and sensitive transactions.

The financial services sector was the most targeted industry for account takeover (ATO) attacks, accounting for 22% of all incidents, followed by Telecoms and ISPs with 18%, and Computing and IT with 17%.

Banks, credit card companies, and fintech platforms possess vast amounts of Personally Identifiable Information (PII), including credit card and bank account details, which can be profitably sold on the dark web.

The business logic inherent to APIs is powerful, but it also creates unique vulnerabilities that malicious actors are eager to exploit, Chang said.

As organizations embrace cloud-based services and microservices architectures, it’s vital to understand that the very features that make APIs essential can also leave them susceptible to risk of fraud and data breaches.
Tim chang, General Manager of Application Security at Thales

Methodology

The 12th Annual Imperva Bad Bot Report is based on insights from Imperva’s Threat Research and Security Analyst Services (SAS) teams.
The analysis draws from data collected across the Imperva global network in 2024, including the blocking of 13 trillion bad bot requests across thousands of domains and industries.
This dataset provides key insights into bot activity, helping organizations understand and address the growing risks of automated attacks.