Automated bots accounted for 51% of all global internet traffic in 2024, overtaking human-generated activity for the first time in a decade, according to the 2025 Imperva Bad Bot Report released by Thales. The report highlights a sharp rise in the use of generative artificial intelligence (AI) to develop and deploy malicious bots at scale.
The 12th edition of the annual study shows that the widespread availability of AI tools has lowered the barrier to entry for cyber attackers. Threat actors now rely on commercialized Bots-as-a-Service (BaaS) platforms and AI-enhanced tools to produce more frequent and adaptive bot attacks. Malicious bots alone comprised 37% of internet traffic in 2024, up from 32% the previous year—marking the sixth consecutive year of growth.
Industries with strong reliance on APIs and digital infrastructure have been particularly affected. API-directed attacks represented 44% of all advanced bot traffic. The travel and retail sectors saw the highest bot traffic rates, with bad bots accounting for 41% and 59% of their total traffic, respectively. The travel industry emerged as the most attacked sector in 2024, absorbing 27% of all bot attacks globally.
The report indicates a shift in bot tactics. In the travel sector, advanced bot attacks dropped from 61% in 2023 to 41% in 2024, while basic bot activity rose from 34% to 52%. This trend reflects the increased accessibility of automation tools that allow even less sophisticated attackers to launch large-scale disruptive attacks.
AI-driven bots such as ByteSpider Bot, AppleBot, ClaudeBot, and ChatGPT User Bot were identified as major contributors to this shift. ByteSpider Bot alone was responsible for 54% of AI-enabled attacks tracked by the Imperva Threat Research team.
The report also details how attackers are targeting business logic within APIs to conduct automated payment fraud, account hijacking, and data theft. These threats are especially critical for industries dependent on APIs for core operations—such as financial services, healthcare, and e-commerce.
In 2024, the financial services sector was the most targeted by account takeover (ATO) attacks, accounting for 22% of global incidents, followed by telecoms and IT sectors. The sector’s high volume of sensitive user data and expanding API usage were cited as key factors in its exposure to such attacks.
The findings are based on Imperva’s analysis of 13 trillion blocked bot requests across multiple industries and domains throughout 2024. The report aims to inform organizations of the evolving threat landscape and the increasing role of AI in shaping cyberattack strategies.