Attackers Start Simple, Then Escalate

Last quarter, over half of all bot traffic came from basic scripts — cheap and noisy, but devastating at scale. When those failed, adversaries quickly pivoted to more advanced tactics.

55%
Basic Bots

Low-skill, high-volume attacks that still overwhelm defenses.

31%
Mid‑Level Bots

Evasive, stealthier attacks using proxies and headless browsers.

13%
Advanced Bots

Adaptive, human‑like attacks designed to beat detection.

Three Critical Threats Emerged

Kasada’s research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

Three Critical Threats Emerged

Our research identified three dominant attack vectors that are reshaping the cybersecurity landscape in 2025, including scraping, account takeover (ATO), and automated checkout.

AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

Download full report



AI Scrapers Flooded Sites

Over 120M AI scraper requests detected in Q2 — most from the OpenAI user agent, peaking at 950K/day. These tools bypass robots.txt to repurpose your content without consent.

Account Takeovers Soared

Retail, QSR, and webmail made up ~72% of stolen account sales in Q2. Airline ATO activity spiked 80%, while accommodation sector revenue soared 196%.

Hype Bots Fueled Markups

Bot-powered resale surged as 3,160 Labubu doll checkouts drove markups of +25% to +127% — fueled by just two cook groups.

Download full report


Who’s at Risk

Six key industries were most targeted by bots in Q2 – here’s how attackers profited from each.

Retail

Loyalty points & stored payment data targeted.

Airlines

Frequent flyer accounts sold at scale.

Gaming

Bots exploiting limited‑release items.

Hospitality

Premium hotel loyalty accounts in demand.

QSR

Mobile order accounts as low‑risk, high‑volume targets.

Real Estate

Listing data scraped for competitive advantage.

About the Data

KasadaIQ provides an inside view into the adversary ecosystem — analyzing millions of automated interactions each quarter across 2,000+ collection points and 23M+ messages from open and closed sources. This intelligence informs our defenses and helps enterprises stay ahead of evolving threats.

Learn more about KasadaIQ

The latest from Kasada

Get the Newsletter
Images of Kasada's 2025 Q3 Threat Intelligence Report on a midnight blue background with text

Q3 2025 Threat Intelligence Report

New intelligence from Kasada highlights the resurgence of online reselling communities, the persistence of Account Takeover, and how AI and proxy networks are redefining the automated threat landscape.

pages of Kasada's Q2 2025 Threat report with a button to download to read the report

Q2 2025 Threat Report

Discover Q2 2025’s top bot attack trends — scraping, credential stuffing, and fraud tactics — with insights from Kasada’s threat intel team.

Decorative navy blue image that says "A CISO's Guide to Bot Mitigation"

A CISO’s Guide to Bot Protection Effectiveness – Breaking Open the Black Box

Learn how to validate bot protection effectiveness, mitigate business risks, and ensure your defenses align with operational and regulatory needs.

Text on the image reads: "Kasada's Reflections on the 2024 Forrester Wave™" with abstract shapes in white, pink, yellow, and blue background.

Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.

  • Images of Kasada's 2025 Q3 Threat Intelligence Report on a midnight blue background with text

    Q3 2025 Threat Intelligence Report

    New intelligence from Kasada highlights the resurgence of online reselling communities, the persistence of Account Takeover, and how AI and proxy networks are redefining the automated threat landscape.

  • pages of Kasada's Q2 2025 Threat report with a button to download to read the report

    Q2 2025 Threat Report

    Discover Q2 2025’s top bot attack trends — scraping, credential stuffing, and fraud tactics — with insights from Kasada’s threat intel team.

  • Decorative navy blue image that says "A CISO's Guide to Bot Mitigation"

    A CISO’s Guide to Bot Protection Effectiveness – Breaking Open the Black Box

    Learn how to validate bot protection effectiveness, mitigate business risks, and ensure your defenses align with operational and regulatory needs.

Are bots sneaking past your defenses?