The growing use of artificial intelligence has triggered a surge in malicious bots across the internet, with automated traffic overtaking human activity for the first time in a decade, according to the 2025 Imperva Bad Bot Report released by Thales. The report reveals that bots now account for 51% of global internet traffic, with Singapore closely mirroring this trend at 50.4%.
The 12th edition of the annual study by cybersecurity firm Thales highlights how generative AI has significantly lowered the barrier for cyber attackers. By using tools such as ChatGPT, ClaudeBot, Google Gemini, and ByteSpider Bot, even less experienced threat actors can now deploy bots at scale and with greater sophistication. These AI-driven bots are not only automating attacks but also learning from failed attempts, adjusting their tactics to bypass security systems more effectively.
Surge in malicious bots across key sectors
Singapore saw a marked rise in bad bot activity, with bot traffic making up 45% of total web traffic in 2024 – up from 35% the previous year. Locally, the highest concentration of malicious bots was recorded in the gambling (99.96%), gaming (97%), and automotive (89%) industries. The travel, retail, and gaming sectors were among the hardest hit by advanced bots, with respective shares of 33%, 32%, and 13%.
Globally, the travel industry was the most targeted by bot attacks, making up 27% of all such incidents – an increase from 21% in 2023. However, there has been a notable shift in the nature of these attacks. While advanced bots targeting travel sites decreased from 61% to 41%, simpler bots rose sharply from 34% to 52%, indicating the growing accessibility of bot deployment through AI tools. Instead of relying on complex evasion methods, attackers now increasingly flood websites with large volumes of basic bots.
Tim Chang, General Manager of Application Security at Thales, warned that this shift poses new challenges. “The surge in AI-driven bot creation has serious implications for businesses worldwide. As automated traffic accounts for more than half of all web activity, organisations face heightened risks from bad bots, which are becoming more prolific every day.”
Targeted attacks on APIs threaten core digital infrastructure
A key trend highlighted in the report is the rapid growth in bot attacks directed at APIs. In Singapore, 33% of advanced bot traffic focused on API endpoints. These attacks are no longer limited to basic interference but have evolved to exploit the complex business logic behind APIs. As a result, industries that rely on APIs for crucial functions – such as payment processing and data sharing – are increasingly vulnerable to fraud, data theft, and account hijacking.
Daniel Toh, Chief Solutions Architect for Asia Pacific & Japan at Thales, stressed the need for a shift in how organisations view API security. “The business logic inherent to APIs is powerful, but it also creates unique vulnerabilities that malicious actors are eager to exploit. As Singapore organisations embrace cloud-based services and microservices architectures, it’s vital to understand that the very features that make APIs essential can also leave them susceptible to fraud and data breaches.”
APIs are vital to modern businesses, enabling cross-platform services and real-time data processing. However, as their use becomes more widespread, the potential impact of bot-led attacks on these systems continues to grow.
High-risk industries face growing threat from account takeovers
The financial services, healthcare, and e-commerce sectors remain the most at risk, with their reliance on APIs for handling sensitive data making them prime targets. According to the report, financial services were the top industry affected by account takeover (ATO) attacks in 2024, accounting for 22% of global incidents. Telecoms and ISPs followed at 18%, with computing and IT at 17%.
Financial institutions, in particular, are attractive to cybercriminals due to the large amounts of personal and financial data they hold. Attackers use bots to exploit weaknesses in authentication systems, leading to unauthorised access and data breaches. The increased use of APIs within banking and fintech platforms has expanded the attack surface, making it easier for cyber attackers to conduct ATOs using automated bots.
Thales has called on businesses to strengthen their cybersecurity posture by adopting adaptive bot management systems and proactive threat detection strategies. As bot attacks continue to evolve, staying ahead will require organisations to combine AI-based defences with robust API security frameworks.
