More than 40% of corporate fraud is now AI-driven, designed to mimic real users, bypass traditional defenses and scale at speeds that overwhelm even the best-equipped SOCs.
In 2024, nearly 90% of enterprises were targeted, and half of them lost $10 million or more.
Bots emulate human behavior and create entire emulation frameworks, synthetic identities, and behavioral spoofing to pull off account takeovers at scale while slipping past legacy firewalls, EDR tools, and siloed fraud detection systems.
Attackers weaponize AI to create bots that evade, mimic, and scale
Attackers aren’t wasting any time capitalizing on using AI to weaponize bots in new ways. Last year, malicious bots comprised 24% of all internet traffic, with 49% classified as ‘advanced bots’ designed to mimic human behavior and execute complex interactions, including account takeovers (ATO).
Over 60% of account takeover (ATO) attempts in 2024 were initiated by bots, capable of breaching a victim’s credentials in real time using emulation frameworks that mimic human behavior. Attacker’s tradecraft now reflects the ability to combine weaponized AI and behavioral attack techniques into a single bot strategy.
That’s proving to be a lethal combination for many enterprises already battling malicious bots whose intrusion attempts often aren’t captured by existing apps and tools in security operations centers (SOCs).
Malicious bot attacks force SOC teams into firefighting mode with little or no warning, depending on the legacy of their security tech stack.
“Once amassed by a threat actor, they can be weaponized,” Ken Dunham, director of the threat research unit at Qualys recently said. “Bots have incredible resources and capabilities to perform anonymous, distributed, asynchronous attacks against targets of choice, such as brute force credential attacks, distributed denial of service attacks, vulnerability scans, attempted exploitation and more…”
Continue reading on VentureBeat
By Louis Columbus