Malicious bots now account for 37 per cent of all internet traffic, according to cybersecurity firm Imperva’s 2025 Bad Bot Report, with AI playing a central role in their rapid evolution.

For the first time in a decade, automated traffic (51 per cent) has overtaken human activity online. The rise of accessible AI tools has not only made bots more evasive and effective but also lowered the barrier for low-skilled attackers to launch simple, high-volume attacks.

Imperva warns that bots are increasingly targeting APIs, with 44 per cent of advanced bot traffic now focused on exploiting business logic. These bots scrape data, commit payment fraud, and hijack accounts, often bypassing detection by mimicking human users and leveraging residential proxies, browser spoofing, and CAPTCHA-solving AI.

Tools like ByteSpider (responsible for 54 per cent of AI-powered bot attacks), AppleBot (26 per cent), and ClaudeBot (13 per cent) are being spoofed to launch attacks. Meanwhile, account takeover (ATO) attacks have surged by 54 per cent since 2022, hitting sectors like financial services and telecoms hardest.

Imperva says businesses must urgently adapt by deploying advanced bot detection, securing APIs, applying rate limits, and monitoring for suspicious behaviour. With AI fuelling both the volume and sophistication of attacks, staying ahead requires constant vigilance and smarter defences.