Malicious bots now make up more than a third of web traffic
a year ago
- #bot-traffic
- #cybersecurity
- #AI-threats
- Bot traffic now exceeds human web traffic, with 37% being malicious bots in 2024.
- AI and LLM technology contribute to the rise in bot traffic, with attackers using AI to refine techniques.
- API threats from bad bots made up 44% of advanced bot traffic in 2024.
- Advanced bots mimicking human behavior increased from 40% in 2023 to 45% in 2024.
- Imperva blocks an average of 2 million AI-powered attacks daily, including SQL injections and XSS attacks.
- Bytespider, a TikTok-related web crawler, accounted for 54% of AI-related bot traffic blocked by Imperva.
- Data scraping (31%), payment fraud (26%), and account takeover (12%) are top API-targeted bot attacks.
- Financial (40%) and business services (24%) sectors are most targeted by API attacks.
- Attackers use browser imitation, residential proxies, and AI-assisted CAPTCHA solving to evade detection.
- Defense recommendations include identifying high-risk APIs, rate limiting, and using AI-powered defense tools.