The evolving roles of AI bots and scrapers in fraud and abuse are highlighted in the report, emphasizing their impact across various regions and industries.
Both helpful and harmful bots impact online businesses, leading to polluted key metrics, degraded site performance, and increased expenses.
Extensive content scraping is likely the reason 63% of AI bot triggers were attributed to the publishing segment within the broader other digital media industry.
The commerce industry experienced the most significant volume of AI bot activity, with more than 25 billion bot requests observed from July through August 2025.
In the healthcare industry, more than 90% of AI bot triggers were associated with scraping, primarily from search and training bots.
The OWASP Top 10 frameworks provide essential security guidance to prevent fraud and abuse.
Frequently Asked Questions
AI has opened new avenues for cybercriminals, allowing for highly convincing impersonation and automated scams, and has lowered the barrier to entry for both skilled and novice threat actors to conduct fraudulent activities.
AI bots extensively scrape content, which heavily impacts the publishing industry by causing traffic and ad revenue to plummet.
On Saturday, July 19, 2025, there was a significant spike in AI bot triggers that reached 1.1 billion.
The report features a security spotlight from David Sénécal, Akamai’s Director of Engineering and author of The Reign of Botnets: Defending Against Abuses, Bots, and Fraud on the Internet. It also includes insights from FS-ISAC’s Chief Information Security Officer, John “JD” Denning, who emphasized the importance of collective defense through collaboration.
Best practices include adopting a risk-based bot management approach, monitoring and responding to AI scraper activity, deploying AI-specific security controls, using security guidelines and frameworks, and implementing a comprehensive API security strategy.
We recommend a tiered risk assessment that distinguishes between high‑risk AI (customer decisions, open chatbots), medium‑risk AI (security and threat detection), and low‑risk uses (content creation, marketing) to apply proportional governance.
It is crucial to maintain a balance between regulatory compliance and effective cybersecurity as overly stringent controls might inadvertently undermine an organization’s resilience against AI-driven fraud and abuse.