Akamai’s Fraud and Abuse Report 2025 shows AI bots rapidly reshaping fraud, scraping, and abuse across industries, with traffic up 300% year over year and commerce, publishing, and healthcare among the most affected sectors. The report highlights how tools like FraudGPT, WormGPT, GPTBot, ChatGPT-User, Bytespider, and Meta-ExternalAgent are driving new detection and governance challenges, while organizations increasingly rely on monitoring, layered defenses, and risk-based controls to respond. #FraudGPT #WormGPT #GPTBot #ChatGPTUser #Bytespider #MetaExternalAgent #ClaudeBot #OAISearchBot #Akamai #FSISAC
Keypoints
- Annual cybersecurity fraud-and-abuse reports typically begin with an introduction that defines the threat landscape, explains why the study matters, and summarizes the reporting period, data sources, and scope.
- They usually include a key insights section that surfaces the most important statistics, major trends, and headline findings for quick executive review.
- Most reports then break into detailed technical analysis chapters covering threat types, attacker tradecraft, affected industries, regional activity, and changes in detection or mitigation methods.
- Supporting sections often include case studies or spotlights on notable threat actors, tools, or families, along with practical defensive guidance and mitigation recommendations.
- Many reports also map threats to frameworks such as OWASP, regulatory or compliance considerations, and methodology notes to explain how data was collected and interpreted.
- This report shows AI bots have become a major driver of fraud and abuse, with AI bot traffic rising 300% year over year and reaching 0.27% of all traffic and 0.9% of known bot traffic on Akamai’s platform.
- Commerce was the most targeted industry, with more than 25 billion AI bot requests during the two-month observation window, while publishing accounted for 63% of AI bot triggers in the broader other digital media segment.
- Healthcare stood out for bot activity dominated by scraping, with more than 90% of AI bot triggers attributed to search and training bots.
- Regional analysis showed North America generated the largest share of bot activity at 60.0%, but AI bot activity was distributed globally, with APAC at 19.5%, EMEA at 16.6%, and LATAM at 3.6%.
- Within AI bot traffic, training bots were the dominant category in every region, ranging from 65.3% in LATAM to 77.5% in EMEA, underscoring that scraping and data collection remain central to the ecosystem.
- Top AI bots seen across regions included GPTBot, ChatGPT-User, Bytespider, Meta-ExternalAgent, ClaudeBot, and OAI-SearchBot, reflecting the prominence of major AI platforms in web access patterns.
- The report notes that defenders overwhelmingly chose monitoring over blocking, with monitor actions exceeding 90% in every region and delay/deny used more selectively.
- Detected spikes and regional enforcement patterns suggest organizations are increasingly using visibility, telemetry, and policy tuning to distinguish helpful bots from harmful automation.
- Notable abuse examples include FraudGPT and WormGPT, which are associated with phishing, forged documents, malware generation, and other cybercrime-enabling content.
- Ad fraud traffic and return fraud were highlighted as emerging bot-enabled fraud types, with ad fraud projected to exceed US$50 billion globally.
- The report emphasizes that bot detection is an ongoing arms race, requiring real-time adaptation as adversaries adopt headless browsers, evasive infrastructure, and behavior-mimicking automation.
- OWASP Web App, API, and LLM Top 10 mappings are used to connect fraud risks to common weaknesses such as broken access control, authentication failures, prompt injection, SSRF, misconfiguration, and resource exhaustion.
- Recurring themes across the report include the convergence of AI, automation, scraping, and fraud-as-a-service, plus the need for cross-functional coordination between security, legal, compliance, and fraud teams.
- The main takeaway is that organizations should not blanket-block all bots; instead, they need risk-based bot management, AI-specific controls, continuous monitoring, and trusted information sharing to keep pace with evolving threats.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)