AI-Driven Bot Attacks Surge 12.5x, Dominate Internet Traffic in 2025

The report explicitly mentions AI-driven bots causing a surge in malicious internet traffic and attacks, including account takeovers in financial services, which constitute harm to property and communities. The AI systems' use in these attacks directly leads to realized harm, fitting the definition of an AI Incident. The involvement of AI in the bots' sophisticated behavior and the resulting malicious outcomes confirms this classification.

The article explicitly mentions AI-driven bots and their surge, implying the use of AI systems in automated attacks. While it does not detail specific incidents of harm, the context of 'bad bots' and the challenge of managing their actions on critical systems implies a credible risk of harm or ongoing harm to digital infrastructure or users. Therefore, this event qualifies as an AI Hazard because it plausibly leads to AI Incidents involving harm through AI-powered malicious automation, but no specific realized harm is detailed in the article.

The article explicitly mentions AI-driven bots causing a 12.5x increase in attacks, with malicious activity directly impacting critical digital infrastructure such as APIs and identity systems. These attacks result in data breaches, account takeovers, and manipulation of workflows, which constitute harm to property, communities, and potentially violate rights. The AI systems' use in these attacks is a direct cause of harm, fitting the definition of an AI Incident. The report's focus on realized attacks and their impacts confirms this classification rather than a mere potential risk or complementary information.

The article explicitly mentions AI systems (AI agents and AI-driven bots) and their increasing activity in cyberattacks, which is a clear AI system involvement. However, it does not describe any direct or indirect harm that has already occurred due to these AI-driven bots, such as data breaches, service disruptions, or other damages. Instead, it focuses on the evolving threat landscape and the challenges organizations face in identifying and managing these AI-driven activities, indicating a credible potential for future harm. Therefore, this event fits the definition of an AI Hazard, as it plausibly could lead to AI Incidents if the risks are not addressed.

The report explicitly states that AI-driven bots have surged and are responsible for a large portion of malicious activity targeting APIs and identity systems, which are critical components of digital infrastructure. These attacks exploit business logic and manipulate workflows at scale, leading to harm such as account takeovers and data breaches. Since the AI systems' use has directly led to these harms, this qualifies as an AI Incident under the framework, specifically harm to property, communities, or the environment (digital property and community trust). The article does not merely warn of potential harm but documents ongoing, realized malicious AI-driven activity.

The report explicitly states that AI-driven malicious bots constitute 40% of web traffic and are responsible for a large share of mitigated attacks, including account takeovers and exploitation of APIs. These activities represent direct harm to property and communities through cybercrime and disruption. The AI systems' use and adaptation in these attacks directly lead to these harms, fulfilling the criteria for an AI Incident. The event is not merely a potential risk or a complementary update but documents ongoing realized harm caused by AI systems.

The article explicitly mentions AI-driven bot attacks that have surged 12.5 times, with bots now constituting over half of web traffic and being used to conduct malicious activities such as data extraction and account takeovers. These activities constitute violations of security and privacy, harm to digital infrastructure, and harm to communities relying on these systems. Since the AI systems (bots) are directly involved in causing these harms, this qualifies as an AI Incident under the framework, as the AI system's use has directly led to harm.

The article explicitly mentions AI systems (AI bots and AI agents) dominating internet traffic and being responsible for a surge in malicious activities, including attacks on APIs and identity systems that lead to account takeovers and data breaches. These harms align with disruption of critical infrastructure and harm to communities through cyberattacks. The AI systems' use and misuse have directly led to these harms, fulfilling the criteria for an AI Incident rather than a hazard or complementary information. The report's focus on ongoing malicious AI bot activity confirms realized harm rather than potential future harm.

The presence of AI systems is explicit, as the report discusses AI-accelerated automation and AI agents driving bot attacks. The use of these AI systems has directly led to an increase in harmful automated attacks, which can disrupt critical digital infrastructure and cause harm to users and organizations. Therefore, this event qualifies as an AI Incident due to the realized harm caused by AI-driven malicious activity.

The report explicitly states that AI-driven bot attacks have surged 12.5 times, with bots now constituting over half of internet traffic and 40% classified as malicious. These AI agents interact directly with applications and APIs to exploit business logic, extract sensitive data, and manipulate workflows at scale, causing harm to digital business operations and security. The involvement of AI systems in these attacks is clear and central to the harm described. The harms include disruption of digital infrastructure, violation of data security, and financial sector impacts, fitting the definition of an AI Incident. The event is not merely a potential risk or a complementary update but a description of ongoing realized harm caused by AI systems.

The report explicitly states that AI-driven bots have increased attacks 12.5 times, targeting APIs and identity systems to exploit business logic and perform account takeovers, which are concrete harms to property, communities, and potentially individuals' rights. The AI systems are actively used maliciously, causing direct harm. This meets the definition of an AI Incident because the AI system's use has directly led to violations and harm. The event is not merely a potential risk or a governance update but documents ongoing harmful activity involving AI systems.

The report explicitly states that AI-powered bots have increased their attacks more than tenfold, targeting various industries and causing disruptions. The AI systems are directly involved in malicious activities that harm property, infrastructure, and potentially individuals or organizations. This fits the definition of an AI Incident as the AI system's use has directly led to harm through cyber attacks.

The article explicitly mentions AI-driven bots causing a 12.5x increase in attacks, including account takeovers and data theft, which are clear harms to property, communities, and potentially individuals' rights. The AI systems are used maliciously and have directly led to these harms, fitting the definition of an AI Incident. The report's focus on the actual surge and impact of these attacks confirms that harm is occurring, not just potential harm or general AI developments.

The report explicitly mentions AI-driven bots causing a substantial increase in malicious attacks that exploit business logic and sensitive data, which directly harms organizations and users by compromising security and trust. The AI systems (bots) are actively used in attacks that have materialized harm, fulfilling the criteria for an AI Incident. The event involves the use and impact of AI systems leading to violations of security and harm to digital infrastructure and communities relying on these systems.