Bad Bot Report

The rise in the number of accessible AI tools has significantly lowered the barrier for entry for cyber attackers enabling them to create and deploy malicious bots at scale. With generative AI simplifying bot development, automated threats are evolving 2 rapidly – becoming more sophisticated, evasive, and widespread, fueling the growth of both simple and advanced bad bots. Attackers now use AI not only to generate bots but also to analyze failed attempts and refine their techniques to bypass detection with greater efficiency.

The resulting emergence of more sophisticated, evasive bad bots puts businesses at greater risk than ever before. As automated traffic volumes increase, security teams must adapt their approach to application security, facing increasing pressure to counter an evolving threat landscape in which bots are gaining the upper hand.

For the first time in a decade, automated traffic surpassed human activity, accounting for 51% of all web traffic in 2024. This was largely driven by the rapid adoption of AI and large language models (LLMs), which have made bot creation more accessible and scalable.

At the same time, bad bot activity has risen for the sixth consecutive year, with malicious bots now making up 37% of all internet traffic, a sharp increase from 32% in 2023.