Gray bots from generative AI services are an increasing threat to websites and applications. A new report from Barracuda Networks highlights this trend. Gray bots are automated programs that aren’t overtly malicious but systematically crawl the internet to collect information. According to Barracuda, their activity has intensified and often results in millions of requests. This surge can cause issues such as overloads, slower response times and distorted web analytics.
Millions of requests per month
Between December 2024 and February 2025, Barracuda analyzed bot traffic from names like ClaudeBot and TikTok’s Bytespider. In one instance a site recorded 9.7 million requests in a single month. Another web application received more than 500,000 bot requests in a single day. The activity ran around the clock, averaging about 17,000 requests per hour.
AI bots distort decision-making data
“We see a clear increase in AI-based bots operating on the borderline between legitimate and harmful traffic. Their activity can overload systems, affect response times and lead to inaccurate decision-making because web analytics become distorted,” says Klas Palmér, security expert at Barracuda Networks.
Robots.txt offers no real protection
Relying on robots.txt—a file that indicates which parts of a site should not be crawled—is not sufficient. It is a guideline rather than a legal protection, and AI actors rarely comply with it.
The need for stronger bot defenses
“Gray bots blur the lines of acceptable online behavior. They harvest large volumes of sensitive, commercial and protected data and can severely impact a website’s performance and reliability. Increasingly, organizations consider bot protection a core element of application security.”
How to protect yourself against gray bots
Effective defense against gray bots requires advanced solutions that leverage AI and machine learning. By analyzing behavior patterns, applying adaptive models and identifying digital fingerprints, unwanted bot traffic can be detected in real time—before it causes damage.
What is a bot?
Bots are automated software programs that perform online activities at scale. There are “good” bots—such as search engine crawlers, SEO tools and customer service bots—and there are “bad” bots designed to steal data, break into accounts or commit fraud.
Gray bots sit in the middle. They are not necessarily malicious, but they can still produce significant negative effects.
Read more »