Thales has released the 2025 Imperva Bad Bot Report following an analysis of automated bot traffic across the internet. This year’s report, the 12th annual research study, reveals that generative artificial intelligence is revolutionising the development of bots, allowing less sophisticated actors to launch a higher volume of bot attacks with increased frequency.
The Bad Bot Report is based on insights from Thales’ Threat Research and Security Analyst Services teams. The analysis draws on data collected from the Imperva global network in 2024, including the blocking of 13 trillion bad bot requests across thousands of domains and industries. This dataset provides key insights into bot activity to help organisations understand and address the growing risks of automated attacks.
Today’s attackers are leveraging artificial intelligence to scrutinise their unsuccessful attempts and refine techniques to evade security measures with heightened efficiency amidst a growing Bots-As-A-Service (BaaS) ecosystem of commercialised bot services.
Automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. This shift is largely attributed to the rise of AI and large language models, which have simplified the creation and scaling of bots for malicious purposes.
As AI tools become more accessible, cybercriminals are increasingly using these technologies to create and deploy malicious bots, which now account for 37% of all internet traffic – a significant increase from 32% in 2023. This is the sixth consecutive year of growth in bad bot activity, posing security challenges for organisations striving to safeguard their digital assets.
The travel and retail sectors face an advanced bot problem, with bad bots making up 41% and 59% of their traffic, respectively. In 2024, the travel industry became the most attacked sector, accounting for 27% of all bot attacks, up from 21% in 2023. The most notable shift in 2024 is the decline in advanced bot attacks targeting the travel industry (41%, down from 61% in 2023) and the sharp increase in simple bot attacks (52%, up from 34%).
This shift indicates that AI-powered automation tools have lowered the barriers to entry for attackers, allowing less sophisticated actors to initiate more basic bot attacks. Rather than relying exclusively on sophisticated techniques, cybercriminals are increasingly utilising high volumes of simpler bots to inundate travel sites, resulting in more frequent and widespread attacks.
Top targeted APAC countries
In 2024, bot attacks in the Asia-Pacific region were heavily concentrated in Hong Kong and Indonesia, with each country accounting for 24% of all bot attacks. Together, they made up nearly half of the region’s total bot activity.
Hong Kong’s status as a financial hub and a gateway to China makes it a prime target for cybercriminals seeking to exploit banking, fintech, and e-commerce platforms. Meanwhile, Indonesia’s large and rapidly growing digital economy, combined with relatively weaker cybersecurity infrastructure, has made it particularly vulnerable to bot-driven fraud and credential-stuffing attacks.
Australia followed closely in third place, accounting for 18% of all bot attacks. As one of APAC’s most developed economies with a strong financial sector, e-commerce market, and critical infrastructure, Australia remains a frequent target for cybercriminals using bots to launch credential attacks, and automated fraud schemes.
The concentration of attacks in these countries underscores the evolving cyber threat landscape in Asia Pacific where economic growth, digital expansion, and geopolitical factors continue to shape cybersecurity risks.
The rise of AI-driven bots: a new era of cybersecurity challenges
The emergence of advanced AI tools, including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI, and Cohere AI, are transforming not just user interactions but also the methods by which attackers execute cyber threats.
According to the Imperva Threat Research team, widely used AI tools are being leveraged for cyberattacks, with ByteSpider Bot alone responsible for 54% of all AI-enabled attacks. Other significant contributors include AppleBot at 26%, ClaudeBot at 13%, and ChatGPT User Bot at 6%.
“The surge in AI-driven bot creation has serious implications for businesses worldwide,” said Thales General Manager of Application Security Tim Chang. “As automated traffic accounts for more than half of all web activity, organisations face heightened risks from bad bots, which are becoming more prolific every day.”
As attackers become more adept at utilising AI, they can execute a variety of cyber threats—ranging from DDoS attacks to custom rules exploitation and API violations. While bot-driven attacks have become increasingly sophisticated, they pose significant challenges for detection efforts.
“This year’s report sheds light on the evolving tactics and techniques utilised by bot attackers,” adds Chang. “What were once deemed advanced evasion methods have now become standard practice for many malicious bots. In this rapidly changing environment, businesses must evolve their strategies. It’s crucial to adopt an adaptive and proactive approach, leveraging sophisticated bot detection tools and comprehensive cybersecurity management solutions to build a resilient defence against the ever-shifting landscape of bot-related threats.”
Bad bots targeting API business logic pose an increased threat to modern enterprises
Recent findings from the Imperva Threat Research team reveal a significant surge in API-directed attacks, with 44% of advanced bot traffic targeting APIs. These attacks aren’t just limited to overwhelming API endpoints; rather, they target the intricate business logic that defines how APIs operate. Attackers deploy bots specifically designed to exploit vulnerabilities in API workflows, engaging in automated payment fraud, account hijacking, and data exfiltration.
Analysis in the report reveals a deliberate strategy by cyber attackers to exploit API endpoints that manage sensitive and high-value data. Implications of this trend are especially impactful for industries that rely on APIs for their critical operations and transactions.
Financial services, healthcare, and e-commerce sectors are bearing the brunt of these sophisticated bot attacks, making them prime targets for malicious actors seeking to breach sensitive information.
APIs are the backbone of modern applications, enabling connectivity across services, streamlining operations, and delivering personalised customer experiences at scale. They underpin essential functions such as payment processing, supply chain management, and AI-driven analytics, making them indispensable for enhancing efficiency, accelerating product development, and unlocking new revenue streams.
The Bad Bot Report is based on insights from Thales’ Threat Research and Security Analyst Services teams. The analysis draws from data collected from the Imperva global network in 2024, including the blocking of 13 trillion bad bot requests across thousands of domains and industries. The dataset provides key insights into bot activity to help organisations understand and address the growing risks of automated attacks.
You can read the full report here.
