Automated internet traffic will now overtake human activity, presenting sophisticated cyber threats in 2025. New AI‑powered botnets, browser‑extension hijacking, and credential stuffing campaigns call for advanced detection and defence techniques. This article examines recent trends, real‑world incidents, mitigation strategies, and the trade‑offs between blocking accuracy and user experience.

Surge in Automated Traffic

The 2025 Imperva Bad Bot Report reveals that automated traffic now exceeds 50 per cent of web sessions, with malicious bots representing 37 per cent and AI‑built bots driving their growth. Earlier studies from Security Magazine observed 47 per cent of bot traffic in 2022, with bad bots causing a 5 per cent year‑over‑year rise 47 per cent of internet traffic came from bots in 2022. This shift highlights the scale and sophistication of modern bot threats.

Browser Extension Botnets

Recent investigations uncovered 245 malicious browser extensions installed on nearly one million devices. Driven by the MellowTel‑js library linked to Olostep, these extensions skip security headers, inject hidden iframes, and offload scraping tasks through infected browsers. Nearly a million browsers are affected by malicious extensions. The resulting distributed botnet enabled large‑scale scraping, compromising both personal and corporate systems.

Sector‑Specific Botnet Impact

In travel, 48 per cent of web traffic is bot-driven, utilised for inventory hoarding and price scraping. Retail sees similar abuse: Akamai reports 65 per cent of bot traffic is malicious, impacting inventory, brand reputation, and cloud costs. Bots compose 42 per cent of overall web traffic, 65 per cent of which is malicious. Financial services face credential stuffing and API breaches, with advanced bot attacks rising by 40 per cent in 2024.

AI‑Driven Botnets and DDoS Evolution

Attackers are now using AI to automate bot behaviours, evade detection, and mimic human patterns. ByteSpider, ClaudeBot, and ChatGPT‑user bots together account for over 50 per cent of malicious bot traffic according to Thales Imperva 2025 Imperva Bad Bot Report. Meanwhile, CSO Online and GreyNoise uncovered router‑based AI botnets abusing Asus AiProtection modules, repurposing them for persistence and post‑compromise scraping. A New botnet hijacks AI security tool on Asus routers. NETSCOUT warns that AI‑driven DDoS campaigns are growing in scale and stealth, leveraging both IoT and corporate resources NETSCOUT warns of AI‑driven DDoS attacks.

Detection Methods and Operational Considerations

Effective defenses include behavioural fingerprinting, device profiling, WAF tuning, API token validation, and progressive mitigation. F5 Labs found up to 10 per cent of protected traffic remained automated after filtering, underscoring the persistence of advanced botnets 2025 Advanced Persistent Bots Report | F5 Labs. Balancing blocking accuracy with customer experience requires techniques like grey‑listing, confidence thresholds, and gradual escalation.

Emerging Hybrid Botnet Trends

Hybrid botnets employing AI for automation and humans for tasks like CAPTCHA solving are gaining traction. Reports also note the rise of influence operations using AI-generated accounts—some U.S. election interference attempts have seen Iranian-style social media bots leveraging AI for realistic deepfake content Iran’s AI‑driven social media botnets.

Trade‑Offs and Best Practices

• Start with monitoring mode to establish a baseline before enforcing blocks
• Apply tiered response controls from alerts to CAPTCHA to blocking
• Use A/B policy testing and analyse metrics for false positives
• Maintain allow‑lists for verified bots (search engines, partners)
• Incorporate threat intelligence feeds for shared bot patterns

Continuous tuning is essential to minimise disruption while maintaining security posture.

Future Outlook

As AI‑driven and hybrid botnets continue to evolve, defenders must match with real‑time behavioural analytics, fingerprinting, intelligent throttling, and machine learning. Explainable AI tools (XAI) like LIME or SHAP can provide transparency in automated detections, especially necessary for IoT botnet defence. Explainable artificial intelligence for botnet detection. Information sharing between vendors and community threat feeds will be crucial in fighting these adaptive adversaries.

Bot traffic now dominates the web, but layered defence models combining fingerprinting, progressive challenges, WAF tuning, and ML‑based analysis offer a path to security without sacrificing usability.