What is the Q2 2025 Threat Report?

Kasada’s Q2 2025 Threat Report reveals the latest bot attack trends, including credential stuffing, scraping, and AI-driven automation. It provides insights into how adversaries are evolving their tactics and what security and fraud teams need to know to stay ahead.

Who should read the Q2 2025 Threat Report?

This report is designed for cybersecurity and fraud teams at large digital enterprises, including CISOs, security engineers, fraud leaders, and product protection teams who need actionable threat intelligence on bot attacks.

What industries are most impacted by bot attacks?

The Q2 2025 Threat Report highlights bot attacks across industries such as retail, airlines, hospitality, fintech, gaming, and digital marketplaces—sectors that are most frequently targeted due to high-value accounts and digital transactions.

What types of bot attacks does the report cover?

The report covers credential stuffing, data scraping, hype sale bots, AI-assisted automation, and other adversarial techniques used to bypass defenses and exploit digital businesses.

What were the top bot attack trends in Q2 2025?

The report highlights a surge in AI-powered scraping, a spike in account takeover activity across airlines and webmail, and resale bots fueling hype product markups.

How did AI scrapers impact businesses in Q2?

Over 120 million AI scraper requests were detected, with OpenAI user agents peaking at 950K per day. These tools bypassed robots.txt to repurpose content at scale.

What industries were hit hardest by bots?

Retail, QSR, and webmail accounted for most stolen account sales, while airlines saw an 80% increase in ATO activity and the accommodation sector’s revenue losses jumped nearly 200%.

How are hype sale bots evolving?

Bot-powered resale attacks intensified, with just two cook groups driving thousands of automated checkouts, causing aftermarket prices to spike as much as 127%.

Why should security and fraud teams read this report?

The Q2 2025 Threat Report gives practitioners a front-line view of attacker behavior — how adversaries test cheap bots first, then escalate to advanced tactics when blocked.

Q2 2025

The Bots That Hit Hardest in Q2

Bot attacks are draining profits and overwhelming defenses. The Q2 2025 Threat Report gives security and fraud teams a clear look at the adversaries and bot economy fueling it all.

Q2 2025

Bots that Hit Hardest in Q2

Bot attacks are draining profits and overwhelming defenses. The Q2 2025 Threat Report gives security and fraud teams a clear look at the adversaries and bot economy fueling it all.

Attackers Start Simple, Then Escalate

Last quarter, over half of all bot traffic came from basic scripts — cheap and noisy, but devastating at scale. When those failed, adversaries quickly pivoted to more advanced tactics.

55%

Basic Bots

Low-skill, high-volume attacks that still overwhelm defenses.

31%

Mid‑Level Bots

Evasive, stealthier attacks using proxies and headless browsers.

13%

Advanced Bots

Adaptive, human‑like attacks designed to beat detection.

Three Critical Threats Emerged

Kasada’s research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

Three Critical Threats Emerged

Our research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

Who’s at Risk

Six key industries were most targeted by bots in Q2 – here’s how attackers profited from each.

Retail

Loyalty points & stored payment data targeted.

Airlines

Frequent flyer accounts sold at scale.

Gaming

Bots exploiting limited‑release items.

Hospitality

Premium hotel loyalty accounts in demand.

QSR

Mobile order accounts as low‑risk, high‑volume targets.

Real Estate

Listing data scraped for competitive advantage.

About the Data

KasadaIQ provides an inside view into the adversary ecosystem — analyzing millions of automated interactions each quarter across 2,000+ collection points and 23M+ messages from open and closed sources. This intelligence informs our defenses and helps enterprises stay ahead of evolving threats.

Learn more about KasadaIQ

The latest from Kasada

Get the Newsletter

Q2 2025 Threat Report
Automated threats are growing smarter, faster, and more difficult to detect. Kasada’s Quarterly Threat Report reveals what to watch for and what to do next – powered by millions of real-time signals analyzed through KasadaIQ.
Read More
A CISO’s Guide to Bot Protection Effectiveness – Breaking Open the Black Box
Learn how to validate bot protection effectiveness, mitigate business risks, and ensure your defenses align with operational and regulatory needs.
Read More
Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation
Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.
Read More

Are bots sneaking past your defenses?

Check my site

Use Cases

Industries

Retooling: How Attackers Bypass Traditional Bot Management

Resources

Webinar 9/17: Invisible Security for Modern Apps, APIs, & AI with Vercel & Forrester

Q2 2025 Threat Report

The Bots That Hit Hardest in Q2

Bots that Hit Hardest in Q2

Attackers Start Simple, Then Escalate

Three Critical Threats Emerged

Three Critical Threats Emerged

AI Scrapers Flooded Sites

Account Takeovers Soared

Hype Bots Fueled Markups

AI Scrapers Flooded Sites

Account Takeovers Soared

Hype Bots Fueled Markups

Who’s at Risk

Retail

Airlines

Gaming

Hospitality

QSR

Real Estate

About the Data

The latest from Kasada

Q2 2025 Threat Report

A CISO’s Guide to Bot Protection Effectiveness – Breaking Open the Black Box

Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

Q2 2025 Threat Report

A CISO’s Guide to Bot Protection Effectiveness – Breaking Open the Black Box

Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

Are bots sneaking past your defenses?

Solutions

Resources

Company

Get In Touch

Solutions

Resources

Company

Get In Touch

Retooling: How Attackers Bypass Traditional
Bot Management