{"id":494,"date":"2025-11-10T10:01:07","date_gmt":"2025-11-10T00:01:07","guid":{"rendered":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/11\/10\/ai-powered-bots-are-reshaping-the-internet-threat-landscape\/"},"modified":"2025-11-10T10:01:07","modified_gmt":"2025-11-10T00:01:07","slug":"ai-powered-bots-are-reshaping-the-internet-threat-landscape","status":"publish","type":"post","link":"https:\/\/qld.cybersafebusiness.au\/index.php\/2025\/11\/10\/ai-powered-bots-are-reshaping-the-internet-threat-landscape\/","title":{"rendered":"AI-Powered Bots Are Reshaping the Internet Threat Landscape"},"content":{"rendered":"<p>The internet is no longer dominated by human users. In 2024, bots accounted for 51% of all web traffic\u2014and 37% of that was malicious, driven increasingly by AI-powered automation. This shift signals a new era of cyber risk, where AI is giving bot operators more scale, lower costs, and greater sophistication in evasion.<\/p>\n<h3>The Rise of Bad Bots<\/h3>\n<p>According to Imperva&#8217;s latest Bad Bot Report, malicious bot activity has grown significantly, with attackers now using AI to:<\/p>\n<ul>\n<li>Generate bots faster\n<\/li>\n<li>Launch high-volume attacks at low cost\n<\/li>\n<li>Evade detection with increasingly polymorphic (ever-changing) behaviors\n<\/li>\n<\/ul>\n<p>While basic bot attacks\u2014those that are easy to spot and block\u2014are growing rapidly, the more concerning trend is the evolution toward advanced bots, which can mimic human behavior and bypass traditional defenses.<\/p>\n<p>\u201cAdvanced bots constantly change. They\u2019re harder to detect and cause more damage,\u201d says Tim Chang, Global VP of Application Security at Thales (which acquired Imperva in 2023).<\/p>\n<h3>Key Findings from Imperva\u2019s 2024 Report<\/h3>\n<ul>\n<li>API bot attacks now represent 44% of all advanced bot activity\n<\/li>\n<li>Account takeover (ATO) attacks increased by 40% year-over-year\n<\/li>\n<li>Most targeted API vulnerabilities include:<br \/>\nData scraping (31%)<br \/>\nPayment fraud (26%)<br \/>\nAccount takeovers (12%)<br \/>\nScalping (11%)<\/p>\n<\/li>\n<li>Data scraping (31%)\n<\/li>\n<li>Payment fraud (26%)\n<\/li>\n<li>Account takeovers (12%)\n<\/li>\n<li>Scalping (11%)\n<\/li>\n<\/ul>\n<p>Many of these exploits stem from weak API protections, such as misconfigurations, lack of rate limits, or poor authentication protocols.<\/p>\n<h3>AI-Enabled Bots on the Rise<\/h3>\n<p>AI is transforming how bots are built and how they operate. Imperva identifies the top AI-assisted bots by volume:<\/p>\n<ul>\n<li>ByteSpider Bot (54%) \u2013 Often mistaken for ByteDance\u2019s legitimate web crawler\n<\/li>\n<li>AppleBot (26%)\n<\/li>\n<li>Claude Bot (13%)\n<\/li>\n<li>ChatGPT User Bot (6%)\n<\/li>\n<\/ul>\n<p>Malicious actors increasingly disguise their bots as legitimate web crawlers\u2014a tactic that exploits the fact that many defenders whitelist such bots to avoid disrupting useful traffic (e.g., SEO, analytics).<\/p>\n<p>This tactic blurs the line between useful automation and abuse, raising legal and ethical concerns under GDPR and the AI Act, especially when bots are used to scrape data for AI model training.<\/p>\n<h3>What This Means for Businesses<\/h3>\n<ul>\n<li>AI is lowering the barrier to entry: Even low-skill attackers can now launch powerful bot campaigns.\n<\/li>\n<li>Attackers are learning and adapting: AI helps them test, optimize, and refine their evasion tactics in real-time.\n<\/li>\n<li>The volume is staggering: In 2024, Imperva blocked 13 trillion bot requests and reported up to 2 million AI-driven attacks per day.\n<\/li>\n<\/ul>\n<p>\u201cWe expect bots to evolve further\u2014more advanced, harder to detect, and more damaging,\u201d says Chang.<\/p>\n<h3>How to Respond<\/h3>\n<p>Businesses should reassess their bot defense strategies, especially in areas such as:<\/p>\n<ul>\n<li>API security\n<\/li>\n<li>Account login protection\n<\/li>\n<li>Bot detection systems that adapt in real-time\n<\/li>\n<li>Visibility into bot traffic and behavior\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The internet is no longer dominated by human users. In 2024, bots accounted for 51% of all web traffic\u2014and 37% of that was malicious, driven increasingly by AI-powered automation. This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":493,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=494"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/494\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/493"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}