Attackers Start Simple, Then Escalate

Last quarter, over half of all bot traffic came from basic scripts — cheap and noisy, but devastating at scale. When those failed, adversaries quickly pivoted to more advanced tactics.

55%
Basic Bots

Low-skill, high-volume attacks that still overwhelm defenses.

31%
Mid‑Level Bots

Evasive, stealthier attacks using proxies and headless browsers.

13%
Advanced Bots

Adaptive, human‑like attacks designed to beat detection.

Three Critical Threats Emerged

Kasada’s research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

Three Critical Threats Emerged

Our research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

Download full report



AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

Download full report


Who’s at Risk

Six key industries were most targeted by bots in Q2 – here’s how attackers profited from each.

Retail

Loyalty points & stored payment data targeted.

Airlines

Frequent flyer accounts sold at scale.

Gaming

Bots exploiting limited‑release items.

Hospitality

Premium hotel loyalty accounts in demand.

QSR

Mobile order accounts as low‑risk, high‑volume targets.

Real Estate

Listing data scraped for competitive advantage.

About the Data

KasadaIQ provides an inside view into the adversary ecosystem — analyzing millions of automated interactions each quarter across 2,000+ collection points and 23M+ messages from open and closed sources. This intelligence informs our defenses and helps enterprises stay ahead of evolving threats.

Learn more about KasadaIQ

The latest from Kasada

Get the Newsletter
Title: Kasada Launches Account Intelligence

Kasada Introduces Account Intelligence to Address a Gap in Fraud Prevention

New product detects costly human-driven fraud and abuse that existing tools catch too late

Navy blue blurred background with kasada logo in white with the title: $20 Million Raise Les by EQT"

Kasada Secures $20 Million Round to Accelerate Global Expansion and Broaden Platform Offerings

New Funding Will Strengthen Kasada’s Growth Momentum as Enterprises Prioritize Resilient Bot and Agentic Defense to Safeguard Digital Trust

AI Agent Trust webinar title with featured product photo

AI agent trust: What to allow, what to block, and what to prepare for

As AI agents blur the line between real customers and automated abuse, this live session with Kasada's Head of Product breaks down how teams manage agent trust across discovery, accounts, and checkout—without sacrificing revenue or security.

  • Title: Kasada Launches Account Intelligence

    Kasada Introduces Account Intelligence to Address a Gap in Fraud Prevention

    New product detects costly human-driven fraud and abuse that existing tools catch too late

  • Navy blue blurred background with kasada logo in white with the title: $20 Million Raise Les by EQT"

    Kasada Secures $20 Million Round to Accelerate Global Expansion and Broaden Platform Offerings

    New Funding Will Strengthen Kasada’s Growth Momentum as Enterprises Prioritize Resilient Bot and Agentic Defense to Safeguard Digital Trust

  • AI Agent Trust webinar title with featured product photo

    AI agent trust: What to allow, what to block, and what to prepare for

    As AI agents blur the line between real customers and automated abuse, this live session with Kasada's Head of Product breaks down how teams manage agent trust across discovery, accounts, and checkout—without sacrificing revenue or security.

Are bots sneaking past your defenses?