Malicious Automation at Scale: Why Bad Bots Are Now a National Security Threat

By Moira Jones
, Washington Bureau Chief | World Media – UK

Earlier this spring, cybersecurity firm Imperva released its twelfth annual Bad Bot Report, a benchmark analysis that has become essential reading for security professionals. Released on 15 April 2025, the report confirms a new record: malicious bots now account for 37.4% of all internet traffic, up from 30.2% the previous year.

“Bots today are not simply scraping data or probing logins—they’re mimicking real users with advanced evasion techniques,” the report notes.

Persistent, Stealthy, Automated

Imperva categorises bots by sophistication, noting that 65.4% of all bad bots in 2024 were “advanced”, utilising techniques like headless browsers, mouse movement simulation, and proxy rotation.

Critical Infrastructure and National Security

Public sector websites experienced an 88.8% year-over-year increase in bad bot traffic, a figure the report highlights as evidence of growing interest in government targets. Officials in the UK and US have also confirmed increased bot-based reconnaissance against infrastructure targets.

Disinformation and Electoral Risk

Bots are central to modern disinformation campaigns. During recent elections, coordinated botnets were used to amplify misleading narratives and hijack trending topics.

“Bots today shape discourse. They swarm hashtags, skew analytics, and simulate consensus,” says Dr. Farah Singh, Institute for Digital Democracy.

Credential Abuse and Economic Impact

The report notes a 65% increase in credential stuffing attacks, many targeting sectors including finance, healthcare, and education1. These bots harvest leaked credentials, bypass 2FA protections, and facilitate fraud and ransomware.

Rise of AI-Enhanced Bots

The convergence of AI and bot development has blurred the lines between automation and synthetic identity. Bots generate convincing text and perform live phishing attacks.

“We are seeing the rise of synthetic actors—bots with plausible language, behavioural nuance, and even emotional affect,” warns the report.

Regulatory and Strategic Response

UK initiatives include partnerships with GCHQ, review of the Computer Misuse Act, and discussions on multilateral standards. However, experts argue that fragmented approaches limit effectiveness.

Conclusion

As the 2025 Bad Bot Report makes clear, malicious bots have evolved into sophisticated agents of cyber conflict. Governments, the report makes clear, must accelerate their defences or risk ceding control of critical digital infrastructure to automated, invisible threats.