In This Article:
-
Rise in accessible AI tools significantly lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale
-
For the first time in a decade, automated traffic surpassed human activity, accounting for 51% of all web traffic
-
API-directed attacks surged to 44% of advanced bot traffic, with the travel sector topping the list for bot attacks overall
MEUDON, France, April 15, 2025--(BUSINESS WIRE)--Thales, the leading global technology and security provider, today announced the release of the 2025 Imperva Bad Bot Report, a global analysis of automated bot traffic across the internet. This year’s report, the 12th annual research study, reveals that generative artificial intelligence (AI) is revolutionizing the development of bots, allowing less sophisticated actors to launch a higher volume of bot attacks with increased frequency. Today’s attackers are also leveraging AI to scrutinize their unsuccessful attempts and refine techniques to evade security measures with heightened efficiency, amidst a growing Bots-As-A-Service (BaaS) ecosystem of commercialized bot services.
Automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes. As AI tools become more accessible, cyber criminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37% of all internet traffic – a significant increase from 32% in 2023. This is the sixth consecutive year of growth in bad bot activity, posing security challenges for organizations striving to safeguard their digital assets.
Both the Travel and the Retail sectors face an advanced bot problem, with bad bots making up 41% and 59% of their traffic respectively. In 2024, the travel industry became the most attacked sector, accounting for 27% of all bot attacks, up from 21% in 2023. The most notable shift in 2024 is the decline in advanced bot attacks targeting the travel industry (41%, down from 61% in 2023) and the sharp increase in simple bot attacks (52%, up from 34%). This shift indicates that AI-powered automation tools have lowered the barriers to entry for attackers, allowing less sophisticated actors to initiate more basic bot attacks. Rather than relying exclusively on sophisticated techniques, cybercriminals are increasingly utilizing high volumes of simpler bots to inundate travel sites, resulting in more frequent and widespread attacks.