As the internet becomes increasingly interwoven into the fabric of American life, new research suggests that the majority of online traffic is no longer human. In an era where artificial intelligence (AI) is becoming more prevalent, this shift raises significant concerns about cybersecurity and the protection of personal data for U.S. citizens.
Table of Contents
The Ascendancy of Bots: The American Context
Software programs known as bots have been a constant presence on the web for years. However, according to a 2025 report from application security company Imperva, for the first time, bot-generated traffic has surpassed human traffic. This surge in bot activity is largely due to advancements in generative AI, the same technology that now automates online interactions and even crafts emails on our behalf. But not all bots are benign, and many are designed with malicious intent. (Also see Imperva’s 2024 Bad Bot Report. )
Good Bots vs. Bad Bots: What’s the Difference?
Imperva’s research indicates that “bad bots”—those created for harmful purposes—first overtook good bot traffic in 2016, and the situation has been worsening. Bad bots accounted for 37% of internet traffic in 2024, up from 32% the previous year. Good bots, in contrast, made up a mere 14% of internet traffic. This rise in malicious bot activity poses significant risks to online security and privacy.
Analysis: The Dark Side of Bots
Bad bots can cause a myriad of problems. Many attempt to hijack online accounts through “credential stuffing,” a process where a bot uses stolen passwords and email addresses to gain unauthorized access to various services. The number of these account takeover attacks has skyrocketed, with around 330,000 incidents reported in December 2024, up from approximately 190,000 the previous year. This increase may be due to a surge in data breaches, providing these bots with more stolen credentials to exploit.
How Bots Impact Industries: The U.S. Perspective
Imperva’s report also found that bots target specific sectors. The travel industry was hit hardest in 2024, accounting for 27% of bad bot traffic, up from 21% in 2023. These bots often manipulate online bookings to skew pricing. The retail sector was the second most affected, followed by education. With these industries playing crucial roles in the U.S. economy, the rise in bot activity could have far-reaching implications.
What Can Americans Do to Protect Themselves?
While combating bad bots is primarily the responsibility of companies operating web applications, there are steps individuals can take to protect themselves and the wider community. Using unique, complex passwords for each online service can help thwart credential stuffing bots. Employing a trusted password manager can keep these passwords safe and readily available. Installing anti-malware software and following basic cyber hygiene measures can also help prevent attackers from compromising your devices.
A Call for Vigilance in the Digital Age
As bots become more sophisticated and prevalent, the need for robust cybersecurity measures and public awareness becomes increasingly vital. The rise of malicious bots not only threatens individual privacy and security but also poses significant risks to industries integral to the U.S. economy. As we continue to navigate the digital age, it’s clear that vigilance and proactive cybersecurity measures are more important than ever.
