AI Bots Overtake Humans
AI-driven bots have officially taken the lead in online traffic.
According to the 2025 Imperva Bad Bot Report, bots now account for a staggering 51% of all internet activity, overtaking human visitors for the first time. It’s a milestone that signals a seismic shift in the digital world, with the once-predictable online landscape now dominated by automated invaders.
So, what’s behind this rise of the machines? The explosion of accessible AI tools, like generative AI and large language models (LLMs), has made it easier than ever for cybercriminals to launch sophisticated bots at scale. These bots aren’t just mindlessly spamming your inbox; they’re evolving, learning from failed attacks, and adapting to stay one step ahead of your defences. Forget the “dumb bots” of yesteryear — today’s AI-powered bad bots are getting pretty good at mimicking human behaviour. They use headless browsers, exploit vulnerabilities, and even analyse data to improve their chances of success.
Now, let’s talk about the tech stuff: the rise of APIs as a bot battleground. APIs, the unsung heroes behind our cloud infrastructure, mobile apps, and web services, have become prime targets for bad bots. In 2024, a whopping 44% of advanced bot traffic was aimed squarely at API endpoints — that’s a lot of traffic! Bots are exploiting these endpoints to scrape data, commit fraud, and take over accounts with alarming precision.
And it gets better (or worse, depending on your perspective): bots are now using techniques like rotating proxies, fake browser identities, and polymorphic code to sneak past traditional defences. Gone are the days when blocking bots was as simple as blocking a suspicious IP address. These days, bots can mimic your favourite browser and use privacy tools to blend in seamlessly. No wonder it’s become so difficult to tell the difference between a real human and a bot.
The impact of these bots is already being felt across industries. Account takeovers (ATO) have surged by 40%, with sectors like finance, telecom, and retail bearing the brunt of the attacks. Even the travel industry has overtaken retail as the most-targeted sector. Bots manipulate inventory, skew pricing, and even engage in scalping – all while maintaining an air of legitimacy. Talk about a digital con job.
But it’s not all doom and gloom. Businesses can fight back by adopting smarter security systems that evolve alongside these threats. Multi-layered strategies, real-time API monitoring, and AI-powered detection systems are just the start. The bots may have the upper hand for now, but with continuous vigilance and innovation, we can start turning the tide in the battle for control of the web. The key is staying ahead of the bots – because if they’re adapting, so must we.