AI-Powered bot attacks: CISOs respond to a new threat class

AI-powered bot attacks are escalating. Find out how CISOs and enterprise leaders are adapting security strategies to defend against this growing concern.

AI-powered bot attacks are growing in speed and sophistication. This article explores how CISOs and enterprise leaders are adapting API security, digital trust strategies, and defensive AI to meet the challenge.

Artificial intelligence is reshaping the digital world—and not just for entrepreneurs and innovators. While enterprises deploy AI to streamline operations, attackers are using it to launch increasingly sophisticated, AI-powered bot attacks. These bots probe systems, mimic user behaviour, and exploit weaknesses at machine speed.

According to Thales’ 2025 Bad Bot Report, automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51 percent of all web traffic in 2024. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes. As AI tools become more accessible, cyber criminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37 percent of all internet traffic.

Governments are taking notice. In a joint bulletin issued in August 2023, the NSA, CISA, FBI and allied agencies warned of adversaries using AI to scale attacks and even poison the training data of machine learning systems. Their message: the automation threat is immediate, growing, and strategic in nature.

For cybersecurity leaders, this marks a shift from defending the perimeter to defending against intelligent, adaptive threats already inside the walls. And two years on, it also marks a business-critical agenda item for CEOs and their boards. 

AI-Powered bot attacks: Overview

• Bot surge: Smarter, faster, and ever-evolving
  
• APIs: The new front line of exploitation
• Digital trust and the strategic response
• AI-powered bot attacks: Closing thoughts

Bot surge: Smarter, faster, and ever-evolving

One of the most pressing themes raised during a recent C-Suite Exchange virtual roundtable, hosted by HotTopics and Thales, was the alarming sophistication of malicious bots. Once considered a nuisance, these automated agents have evolved into fully-fledged adversaries.

Today’s bots use AI to learn from failed attempts. If blocked during a credential stuffing attack, for example, they can instantly adjust their tactics—rotating IPs, changing user agents, and imitating human mouse movements to bypass behavioural detection. In one notable case, bots targeting a retail login page were observed mimicking genuine user journeys so closely that even anomaly detection systems struggled to flag them.

These bots aren’t just reacting. They are also improving. Some even come equipped with machine learning models trained to predict what defensive systems might do next. As one roundtable participant noted, “Yesterday’s best practices are today’s baseline. The bar has been raised—and it’s still rising.”

The implication is clear: static defences are no longer enough. Mitigating these threats requires layered, adaptive strategies that evolve at the speed of the threat.

APIs: The new front line of exploitation

As digital services become increasingly modular and interconnected, APIs are fast becoming the attack vector of choice. Bots exploit unsecured or poorly configured APIs to scrape data, bypass application logic, or overwhelm endpoints.

A widely reported example from late 2023 involved attackers using botnets to exploit an exposed API in a financial services application, extracting customer data in a matter of hours. The attack went undetected for longer than it should have—not because defences weren’t in place, but because the traffic looked legitimate.

API traffic often bypasses conventional perimeter controls, which is why security must move closer to runtime environments and include continuous behavioural monitoring. As Thales notes in its digital trust frameworks, API security cannot be treated as a downstream developer issue. It’s now a CISO-level concern that reaches the very top of the business in its regular strategic meets.

Digital trust and the strategic response

As threats evolve, so too must the architecture designed to stop them. Digital trust has emerged as the foundation for modern enterprise defence—where every user, device, and request must be continuously verified.

The roundtable highlighted that reactive, rule-based controls are no longer enough to cope with adversaries moving at machine speed. Instead, organisations are adopting context-aware models: using AI defensively to detect intent, verify identity, and respond dynamically.

This shift also marks a transformation in the CISO’s role. 

They’re not just defenders of infrastructure; they are enablers of secure innovation. According to Gartner, by 2026 60 percent of large enterprises will view digital trust as a critical business objective, directly influencing customer loyalty and brand reputation.

Leading CISOs are already embedding adaptive security into product lifecycles and building cross-functional coalitions with engineering, legal, and operations teams. Their mandate is clear: architect for resilience, not just compliance.

AI-powered bot attacks: Closing thoughts

The rise of AI-enabled threats—and the bots that carry them out—is not hypothetical. It’s happening now. Bots are probing for weaknesses faster than security teams can patch them, often slipping past legacy defences with ease.

For organisations to survive and thrive, they must treat malicious automation as more than a technical nuisance. It’s a strategic, board-level issue. The path forward demands agility; that means adapting architectures, deepening visibility, and embedding digital trust into the core of the enterprise.

As one Chief Risk Officer voice put it: “We used to worry about bots knocking at the door. Now they’re inside, pretending to be us…and sometimes they’re more convincing.”

Key takeaways:

• AI-powered bots now represent a significant share of malicious traffic.
  
  
• Bots can learn, adapt, and bypass traditional security controls.
  
  
• API security and real-time detection are critical defence layers.
  
  
• Digital trust is emerging as a strategic pillar for CISOs.
  
  
• Enterprises must evolve from static controls to adaptive security architectures.

Questions for the C-suite to consider next:

1. How do we measure ‘digital trust’ across our services today and who owns that metric internally?
   
   
2. How prepared are we to handle the reputational fallout of an automated attack that mimics legitimate users?
   
   
3. Do we have full visibility into the API traffic traversing our infrastructure—and how do we distinguish between good and bad actors?
   
   
4. What signals do we rely on to detect bot activity—and could those signals be spoofed?
   
   
5. Are we using AI defensively, and if not, what’s holding us back?

The Global CISO 100

Hosted by HotTopics in partnership with Thales, the Global CISO 100 recognises the most impactful Chief Information Security Officers worldwide. These leaders are redefining cybersecurity—turning complex threats into strategic business value. Discover the list of this year's winners now.