AI & LLM crawler trends
Find out how fast LLM traffic is growing across the web, including which AI bots are hitting websites and the endpoints most targeted.
REPORT
2025 Global Bot Security Report
We tested nearly 17,000 websites across 22 industries to assess their vulnerability to unwanted bots, agentic AI, and LLM crawlers.
1
6
0
0
3
6
8
4
9
9
,
3
9
6
3
9
9
7
8
8
0
5
5
5
6
0
6
7
1
8
Websites tested
We compared 22 industries, major geographies, and 4 bot attack vectors.
9
8
9
9
3
7
6
8
1
3
.
3
0
5
6
2
1
9
0
5
Are vulnerable
Only 2.8% of websites were fully protected—down sharply from 8.4% in 2024.
6
6
8
5
1
1
9
2
1
2
.
8
9
7
2
2
8
1
5
9
Unprotected
A majority of domains failed every bot test, including basic scripted bots.
Get the full report
By clicking on « Download now » you acknowledge that you have read and agreed to our Privacy policy and Terms of use, including how DataDome processes your personal data.
Preview what's inside the report
2024
2025
Domain protection year-over-year
Percentage of domains with full protection in 2025
2.8%
of domains fully protected in 2025
0%
5%
10%
Jan 2025
Aug 2025
LLM crawler traffic growth
Percentage of verified bot traffic from AI crawlers in August 2025
10.1%
of all verified bot traffic was from LLM crawlers
0%
5%
10%
15%
How does your industry stack up?
Protection rates by industry
Unprotected
Partially protected
Protected
What’s inside the report?
This year’s Global Bot Security Report goes deeper than ever, covering everything from rising AI traffic to protection gaps by industry, region, and endpoint.
AI crawler rules in robots.txt
See which AI bots are most frequently disallowed in robots.txt files, and why most businesses are trying—but often failing—to control AI scraping.
Real-world protection rates
Learn how prepared websites really are, with data on detection rates by traffic size, company type, and bot sophistication, including how 3 in 5 sites blocked nothing at all.
Industry-level protection rates
Discover which sectors are leading or falling behind in bot protection, and where fraud risks are highest.
Regional insights
Explore how bot defenses compare across major regions, and which geographies are most exposed to advanced bots and AI threats.
Actionable takeaways
Walk away with practical recommendations to improve your defenses, from stopping basic bots to preparing for the growing wave of AI-powered automation.
Want to know if your website would’ve passed our study?
Use the same non-intrusive testing method from the report, completely free, with no impact on performance and instant results.
- Safe and low-volume
- Real-world bot profiles
- See if you’re protected, partially protected, or exposed
FAQs
How does the Global Bot Security Report help my business?
The report gives you exclusive insight into today’s evolving bot, AI, and cyberfraud landscape so you can understand where your business stands, how your industry compares, and what steps to take to strengthen your defenses.
What are the most common types of bot attacks businesses face today?
Bot attacks continue to evolve, but common forms include:
- Scraping: Bots extract content, pricing, or proprietary data.
- Account Takeover (ATO): Bots use stolen credentials to hijack accounts.
- Payment Fraud: Automated abuse of checkout and transaction systems.
- DDoS Attacks: Bots flood websites with traffic to cause outages.
- AI fraud: Malicious traffic from AI-powered bots or agents—even LLM crawlers—that mimic human behavior to evade detection and commit fraud at scale.
How vulnerable are businesses to bot and AI threats in 2025?
According to this year’s report, only 2.8% of websites were fully protected—down from 8.4% in 2024. Over 61% failed every test, leaving them vulnerable to both basic bots and sophisticated, AI-powered threats.
Which industries are most at risk of bot attacks?
In 2025, government, non-profit, and telecoms showed the lowest levels of protection. Sectors like travel, gambling, and real estate performed best, but no industry was fully protected.
How can I test my website’s protection level?
You can use our free Vulnerability Scan tool to run the exact same tests used in the report—no performance impact, and instant results. You’ll see whether your site is fully protected, partially protected, or exposed.
How can I protect my business from bot and AI attacks?
Deploying a real-time, AI-powered protection platform like DataDome is key. Our solution analyzes intent—not just identity—to block both traditional and AI-driven bots across websites, mobile apps, and APIs. The earlier you detect and block, the better you reduce risk and protect revenue.
More from DataDome Advanced Threat Research
How DataDome Stopped a 2.45B-Request DDoS Attack Against a High-Traffic Content Platform
Tell me more
How Chrome’s New AI Web APIs Are Enabling Hardware Fingerprinting
Tell me more
How DataDome Blocked an 80M-Request Scraping Attack on a Leading Review Platform
Tell me more
The AI Traffic Report: High Volume, Low Visibility, and a Growing Risk
Tell me more
Inside Kimwolf Traffic: How Residential Proxies Fuel Credential Stuffing, Web Scraping, & Fraud
Tell me more
How Threat Actors Turned OpenClaw Into a Scraping Botnet
Tell me more
TEST YOUR SITE
We tested over 16,900 sites—now let’s test yours
See how your site stacks up against bot attacks compared to the 16,900+ covered in the Global Bot Security Report. Test your site now for free.