As Hollywood director James Cameron predicted in the movie The Terminator, robots will rise to take over humanity in a bloody, senseless war.
While it may not be August 29, 1997 - the day Cyberdyne’s Skynet Artificial Intelligence (AI) defence system decided to cripple humanity into a post-nuclear world - such an event remains a possibility (perhaps Cameron was just ahead of his time).
I mean, Cyberdyne is already a real robotics company, and now bots account for over 50% of global internet traffic, latest data from cybersecurity firm Imperva’s Bad Bot report shows.
Halfway to the apocalypse?
For the first time since Web 2.0, robots have surpassed human activity on the internet, accounting for 51% of all web traffic in 2024.
That’s the 1’s and 0’s that make up data that’s been created and transferred under instruction of bots - artificial intelligence prompted by the user or in and of itself through tools such as OpenAI’s ChatGPT and Google’s Gemini.
This was largely driven by the rapid adoption of AI and large language models (LLMs), which have made bot creation more accessible and scalable.
Bad Bot growth spiked in 2019, largely influenced by unprecedented online usage during the COVID-19 pandemic, a trend that has continued.
Its activity as a percentage of all traffic has risen for the sixth consecutive year, with largely state-sponsored malicious bots now making up 37% of what we send through the ether - a relatively sharp increase from 32% in 2023.
Imperva says AI is not only being used by attackers to create more advanced, evasive bots that target APIs, exploit business logic, and fuel fraud - it's also lowering the barrier to entry for attackers resulting in an increase in volumes of simple bot attacks.
“For the first time in a decade, automated traffic has surpassed human activity, accounting for ~51% of all web traffic,” the cybersecurity firm wrote.
The number of account takeover (ATO) attacks, says Imperva, has increased significantly - rising by 40% year-on-year to 2024 and by 54% since 2022.
"This surge is likely driven by cybercriminals using AI and machine learning to automate credential stuffing and brute-force attacks, making them more sophisticated and harder to detect.
“Businesses must adapt their security strategies to keep pace with these increasingly sophisticated threats.”
Imperva's threat research team found that most AI-powered tools currently in circulation are being used for cyberattacks.
“AI is enabling attackers to wield a wide range of cyber threats, including DDoS attacks, custom rules exploitation, and API violations,” it said.
While API violations can involve automated bot activity, they also include broader abuse scenarios, such as unauthorised access attempts and the exploitation of misconfigurations.
Bot-driven attacks, in particular are becoming more sophisticated and harder to detect. In 2024, bad bots accounted for over 16% of all AI-enabled attacks.
The ByteSpider Bot was responsible for 54% of all AI-enabled attacks followed by AppleBot at 26%. ClaudeBot accounted for 13%, while ChatGPT User Bot contributed 6% of the attacks.
What will be next? A ChristieBot, or JohnBot?
With billions of dollars being injected into the AI boom by governments, tech companies and retail investors - the cat and mouse game of humanity vs bad bots is one we may be losing at a pace.
