Nearly half of all internet traffic is generated by automated bots, and a significant portion of these bots pose serious risks to both consumers and businesses online.
“Bots are often used to create phishing scams by gaining users’ trust and exploiting it for fraudulent purposes. These scams can result in severe consequences, including financial loss, identity theft, and the distribution of malware,” said Christoph C. Cemper, founder of AIPRM, an AI prompt engineering and management company based in Wilmington, Del., in a statement to TechNewsWorld.
“However, this isn’t the only security threat posed by bots,” Cemper continued. “They can also harm brand reputations, especially for businesses with popular social media profiles and high engagement. By associating a brand with unethical or fraudulent activity, bots can damage its image and erode consumer loyalty.”
The 2024 Imperva Bad Bot Report revealed a troubling rise in bad bot traffic for the fifth consecutive year, driven in part by the growing use of artificial intelligence (AI) and large learning models (LLMs).
In 2023, bad bots accounted for 32% of all internet traffic, a 1.8% increase from 2022. At the same time, good bot traffic also grew slightly, rising from 17.3% of internet traffic in 2022 to 17.6% in 2023. Together, bots made up 49.6% of all internet traffic in 2023, while human traffic dipped to 50.4%.
“Good bots, such as those used for search engine indexing, cybersecurity monitoring, and chatbots for customer service, play valuable roles in the digital landscape,” explained James McQuiggan, a security awareness advocate at KnowBe4, a security training provider in Clearwater, Fla.
“They help detect vulnerabilities, enhance IT workflows, and streamline online procedures,” he told TechNewsWorld. “The challenge lies in distinguishing beneficial automation from malicious activity.”
Ticket Scalping on a Large Scale
Automation and success are key factors driving the rise in botnet traffic, according to Thomas Richards, network and red team practice director at Black Duck Software, a software security company in Burlington, Mass.
“Being able to scale operations allows malicious actors to achieve their objectives more efficiently,” Richards told TechNewsWorld. “AI is playing a role by enabling these actors to mimic human behavior and automate coding and other tasks. For instance, Google has revealed that Gemini has been used to create malicious content.”
“We’re seeing this trend in other areas too,” he continued, “like the ongoing challenge of securing concert tickets for high-demand events. Scalpers exploit bots to create fake users or use compromised accounts to purchase tickets faster than any human could. They then resell those tickets at a much higher price.”
Stephen Kowski, field CTO at SlashNext, a computer and network security company in Pleasanton, Calif., added that automated attacks are both easy to deploy and highly profitable.
“Criminals are employing advanced tools to circumvent traditional security measures,” he told TechNewsWorld. “AI-powered systems make bots more convincing and difficult to detect, allowing them to better mimic human behavior and adapt to defensive tactics.”
“The availability of AI tools and the rising value of stolen data create ideal conditions for even more sophisticated bot attacks in the future,” he added.
Why Malicious Bots Pose a Major Threat
David Brauchler, technical director and head of AI and ML security at NCC Group, a global cybersecurity consultancy, predicts that non-human internet traffic will continue to rise.
“As more devices become connected to the internet, SaaS platforms add interconnected features, and new vulnerable devices emerge, bot-related traffic has had more opportunities to increase its share of network bandwidth,” he told TechNewsWorld.
Brauchler emphasized that bad bots can cause significant damage. “Bots have been used to trigger massive outages by overwhelming network resources, denying access to systems and services,” he said.
“With the rise of generative AI, bots can also mimic realistic user activity on online platforms, increasing the risk of spam and fraud,” he explained. “They can also scan for and exploit vulnerabilities in computer systems.”
He argued that the greatest risk posed by AI is the spread of spam. “There’s no effective technical solution to identifying and blocking this type of content online,” he said. “Users are calling it AI slop, and it risks overwhelming legitimate online interactions with artificial noise.”
However, he cautioned that the industry must be careful when considering solutions to this problem. “Many potential remedies could cause more harm, especially those that might infringe on online privacy,” he added.
How to Spot Malicious Bots
Brauchler acknowledged that detecting a malicious bot can be challenging for humans. “The vast majority of bots operate in ways that are undetectable to people,” he said. “They directly interact with internet-exposed systems, querying data or engaging with services.”
“The type of bot that concerns most people are autonomous AI agents designed to mimic humans in order to defraud individuals online,” he explained. “Many AI chatbots follow predictable speech patterns, which users can learn to recognize by interacting with AI text generators online.”
“Similarly, AI-generated images often have certain ‘tells’ that users can learn to identify, like distorted patterns—such as hands or clocks being misaligned, objects’ edges blending into one another, and blurry backgrounds,” he explained.
“AI-generated voices also exhibit unusual inflections and tonal expressions that users can become attuned to,” he added.
Malicious bots are frequently used on social media platforms to gain trusted access to individuals or groups. “Look out for red flags like abnormal patterns in friend requests, generic or stolen profile pictures, and accounts posting at unnatural speeds or frequencies,” Kowski warned.
He also advised caution with profiles that have limited personal information, exhibit suspicious engagement patterns, or push specific agendas through automated responses.
For enterprises, he noted that real-time behavioral analysis can help identify automated actions that don’t align with natural human behavior, such as excessively rapid clicks or form submissions.
Business Threats
Malicious bots pose a significant threat to enterprises, according to Ken Dunham, director of the threat research unit at Qualys, a provider of cloud-based IT, security, and compliance solutions in Foster City, Calif.
“Once gathered by a threat actor, bots can be weaponized,” he told TechNewsWorld. “Bots have vast resources and capabilities to conduct anonymous, distributed, asynchronous attacks against chosen targets, including brute force credential attacks, distributed denial-of-service attacks, vulnerability scans, exploitation attempts, and more.”
These malicious bots can also target login portals, API endpoints, and public-facing systems, posing risks to organizations as attackers search for weaknesses to exploit in order to access internal infrastructure and data, added McQuiggan.
“Without bot mitigation strategies in place, companies remain vulnerable to automated threats,” he explained.
To counter the threat of bad bots, he recommended implementing multi-factor authentication, deploying technological bot detection solutions, and monitoring traffic for any anomalies.
He also suggested blocking outdated user agents, using Captchas, and limiting interactions where possible to reduce success rates.
“Through security awareness training and human risk management, employees’ knowledge of bot-driven phishing and fraud attempts can foster a healthy security culture and lower the chances of a successful bot attack,” he advised.
