The 2025 Imperva Bad Bot Report, published by global cybersecurity leader Thales, reveals a major turning point in internet security: for the first time in over a decade, automated bot traffic has surpassed human-generated traffic online. In 2024, bots accounted for 51% of total internet traffic, with 37% of them classified as “malicious”—up from 32% in 2023. This upward trend has now continued for six consecutive years.

AI at the Helm of a New Bot Era

Behind this dramatic surge are AI-driven bots. Large Language Models (LLMs) like ChatGPT, ClaudeBot, and Perplexity AI, along with automation tools, are enabling even low-skilled actors to carry out attacks that once required advanced technical expertise. Notably, ByteSpider Bot alone is responsible for 54% of all AI-powered bot activity.

Bad Bots Have Become an Everyday Threat

According to Tim Chang, General Manager of Application Security at Thales, this shift poses a significant risk for businesses:

“More than half of the internet is now occupied by bots. In this new digital order, bad bots are multiplying by the day.”

These bots don’t just target websites—they also disrupt core business operations. Their activities span DDoS attacks, credential theft, traffic manipulation, and API exploitation.

Travel and Retail Under Heavy Fire

One of the report’s standout findings is the sector-specific analysis. The travel industry suffered the most in 2024, absorbing 27% of all bot attacks. A staggering 52% of the bot traffic in this sector came from simple but high-volume attacks—highlighting a shift toward more accessible and widespread techniques rather than sophisticated intrusions.

The situation is even more critical in retail: 59% of web traffic in the sector stems from malicious bots. This not only undermines customer experience but also jeopardizes operational security.

A Surge in API-Based Attacks

Perhaps the most dangerous trend is the rise in targeted API attacks. According to the report, 44% of sophisticated bot traffic now targets APIs. These attacks go beyond service disruption—they exploit business logic vulnerabilities, leading to payment fraud, account takeovers, and data breaches.

APIs are the backbone of today’s digital economy, powering everything from payment systems and supply chains to AI analytics and personalized services. But their high functionality also makes them prime targets.

“The business logic that APIs offer is a massive advantage—but it also provides a blueprint for attackers.” — Tim Chang

Most Vulnerable Sectors: Finance, Healthcare, and E-Commerce

The financial sector is the top target for Account Takeover (ATO) attacks, accounting for 22% of all such incidents. Telecoms (18%) and tech (17%) follow closely behind.

Financial institutions are especially attractive due to the volume of personal data they hold. The increasing use of APIs and weak authentication/authorization frameworks further expand the attack surface.

Healthcare is also at significant risk. Medical data extracted from hospital systems and digital health platforms fetch high prices on the dark web. Meanwhile, e-commerce companies are battling fake accounts, inventory manipulation, and fraud attempts.

What Should Be Done?

The report urges organizations to move beyond passive defense. In a threat landscape that evolves daily, advanced bot detection and holistic cybersecurity solutions are no longer optional—they’re essential.

“Techniques once considered advanced are now common. To counter this new digital reality, your strategies must evolve.” — Tim Chang

Conclusion: A New Normal in Cybersecurity

The 2025 Imperva Report illustrates how artificial intelligence is redrawing the lines of cybersecurity. It’s no longer just organized hacker groups—everyday individuals now wield powerful AI tools capable of breaching systems. This new paradigm demands smarter, more proactive, and tech-savvy defenses from both organizations and individuals alike.

Source used for publication: https://www.businesswire.com