Akamai Technologies has released a new State of the Internet (SOTI) report that reveals an alarming spike in automated traffic driven largely by AI-powered bots targeting websites across all industries.
According to the Digital Fraud and Abuse Report 2025, AI bots now account for a rapidly expanding share of this traffic, with activity surging by 300% over the past year. These bots generate billions of requests, significantly distorting digital operations and analytics. They now compose nearly 1% of total bot traffic across Akamai’s platform.
This spike is caused by widespread content scraping, and it underscores how AI bots are actively undermining traditional web-based business models. As bot traffic grows, publishers and other content-driven businesses are seeing corrupted analytics and collapsing ad revenues through bots extracting value without giving any in return.
Beyond scraping, the report reveals the rapid growth of AI-enabled tools has made it easier than ever for both experienced threat professionals and new malicious actors to launch impersonation attacks, conduct social engineering, distribute phishing campaigns, and commit identity fraud using AI-generated fake documents and images.
Key findings from the report include:
- The publishing industry has taken the hardest hit within the broader digital media industry with 63% of AI bot triggers.
- Online businesses are under strain from both helpful and harmful bots. Although some bots support functions like search engine indexing and accessibility, malicious bots — including FraudGPT, WormGPT, ad fraud bots, and return fraud bots — are driving up costs, degrading site performance, and skewing key metrics.
- The commerce industry leads in AI bot activity, registering more than 25 billion bot requests over a two-month observation period.
- In healthcare, more than 90% of AI bot triggers stem from scraping, largely by search and training bots.
To defend against these threats, the report encourages organizations to develop capabilities aligned with the three OWASP Top 10 frameworks for web applications, APIs, and large language models (LLMs). These frameworks help security teams map known vulnerabilities — such as broken access control, injection flaws, and data exposure — to their organization’s fraud risk tolerance, allowing for smarter prioritization of defenses.
Additionally the report includes:
- A deep dive into how bots evade detection
- A guest column from the CISO of FS-ISAC, the not-for-profit organization that advances cybersecurity and resilience in the global financial system
- Regional and industry-specific attack data
- A primer on AI scraper bot categories
- Guidance on balancing regulatory compliance with AI security strategies
“The rise of AI bots has moved from the security team’s concern to the boardroom’s business imperative,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, at Akamai. “Business leaders must act now to build frameworks that ensure secure AI adoption, manage evolving risks, and safeguard digital operations — or find themselves playing catch-up.”
Now in its 11th year, Akamai’s SOTI reports continue to offer critical insights on cybersecurity trends and web performance, drawn from Akamai’s infrastructure, which handles more than one-third of global web traffic.
