More than half of all web traffic in 2024 came from bots, according to new research by cybersecurity firm Imperva.
The study revealed that bots – especially AI-driven ones – now account for 51 per cent of all online activity globally.
Worryingly, so-called “bad bots” have reached their highest level since tracking began in 2013, researchers said in the 2025 report.
Experts blame advanced tools like OpenAI’s ChatGPT and Google’s Gemini for increasing the scale and impact of bot-based threats.
Tim Chang, general manager at Thales Cybersecurity Products, warned that this surge presents serious risks for global businesses.
“As automated traffic rises, bad bots are becoming more common and more dangerous by the day,” Chang said.
Bad bots can be used to flood websites with fake traffic or spam, disrupting services and stealing sensitive information.
The report showed an average of two million AI-powered attacks every day, highlighting the scale of the growing threat.
Industries most targeted include financial services, healthcare, and online retail, according to Imperva’s latest findings.
One of the main tools used is ByteSpider, a bot from TikTok owner ByteDance, responsible for over half of attacks.
Because ByteSpider is widely seen as a legitimate tool, hackers often copy it to hide their activities online.
Researchers say AI has made it easier for attackers to create and improve bots quickly, bypassing security systems.
The report concluded that as generative AI becomes more accessible, bad bots will keep evolving, posing new global risks.
