SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Application Security
#
GenAI
#
AI

Rise of Gen AI 'gray bots' threatens online platforms

Yesterday
Author image
By Melania Watson, Interview Editor

Generative AI 'gray bots' are targeting websites around the clock, making millions of requests for data, according to a report from cybersecurity firm Barracuda.

The report highlights the emerging class of bots, which are automated programs designed to extract information from various online platforms, including websites and web applications.

These activities are not overtly malicious but can cause significant disruptions to web application traffic and business operations.

Barracuda's findings point to a notable increase in this activity, citing data from December 2024 to February 2025.

During this period, a substantial number of web applications were inundated with requests from Gen AI bots, such as ClaudeBot and TikTok's Bytespider bot.

Specifically, one web application was besieged with 9.7 million Gen AI scraper bot requests over 30 days, while another dealt with over half a million requests in just a single day.

An analysis of another application revealed a consistent attack pattern, with an average of 17,000 requests per hour. Such persistent activity from gray bots underscores the complex challenge that organisations face in distinguishing legitimate web traffic from bot-generated data scraping activities.

Rahul Gupta, Senior Principal Software Engineer, Application Security Engineering at Barracuda, commented on the impact of these bots, "Gen AI gray bots are blurring the boundaries of legitimate online activity."

"They can scrape vast volumes of sensitive, proprietary, or commercial data and can overwhelm web application traffic and disrupt operations. Frequent scraping by these bots can degrade web performance, and their presence can distort website analytics leading to misleading insights and impaired decision-making. For many organisations, managing gray bot traffic has become an important component of their application security strategies."

To mitigate the threat posed by these gray bots, websites can utilise a file known as robots.txt, which indicates to bots not to collect data from the site.

However, this measure is not legally enforceable and requires the inclusion of the specific bot name, which may not always be respected by the bot operators.

For heightened security against Gen AI gray bots, Barracuda recommends deploying advanced bot protection solutions.

These include AI and machine learning technologies capable of behaviour-based detection and real-time blocking, thereby addressing the distinct challenges grey bots present.

Gray bots are not restricted to Gen AI scraper bots. Other examples include web scraper bots and automated content aggregators that gather various types of online content such as news, reviews, and travel offers.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
F5 unveils VELOS upgrades for AI in service providers
The bot battle: How to defend against scraping attacks
Kaspersky discovers & patches zero-day Chrome flaw
ThreatAware unveils Version 3.0 of its cyber security platform
Exabeam unveils Nova AI agent for enhanced security ops
Top stories
Revolut report highlights surge in Telegram, WhatsApp scams
Sophos report highlights urgency of active cyber defence
Identity Management Day focuses on digital security future
i-PRO set to secure new AI management certification
Datadog to open first Australian data centre by mid-2025