Automated traffic now makes up the majority of all internet activity, according to a new study. Thales/Imperva’s 2025 Bad Bots Report reveals that bots now account for 37% of all web traffic — a 5% rise compared to 2024. The increase highlights the growing influence of automated systems across the digital landscape.
The ByteSpider Bot, run by ByteDance (the parent company of TikTok), led all AI-driven bot traffic, accounting for 54% of such attacks in 2024. Applebot followed at 26%, while ClaudeBot and ChatGPT User Bot made up 13% and 6%, respectively.
Certain industries bear the brunt of bot traffic more than others. Travel websites saw 41% of their traffic coming from bots, while retail sites experienced even more, with bots making up 59% of their traffic.
The report also shows that bot attacks are becoming increasingly sophisticated.
“Simple, high-volume bot attacks have grown substantially, now comprising 45% of all bot attacks — up from 40% in 2023,” the report says. This jump is largely due to the easy availability of AI-powered automation tools, enabling even less technically skilled attackers to launch bot campaigns.
AI has also allowed bots to closely imitate human behavior, making it harder for cybersecurity teams to spot malicious activity. Popular evasion methods used in 2024 included disguising as real browsers, using residential IP addresses, employing iCloud Private Relay and privacy tools, cracking apps, bypassing CAPTCHA systems, and more.
With bots continuing to rise as a global concern, researchers urge organizations to take proactive measures. These include assessing risks in their business models, blocking access from bulk IP data centers, implementing automation detection methods, analyzing bot traffic patterns, and deploying real-time API monitoring and alert systems.
