It's official - the majority of visitors to online shops and retailers are now bots, not humans: here's why it matters to you and me

News
By published

Bots now account for more online shop traffic than real humans

Security
(Image credit: Shutterstock)
  • Report warns sophisticated bots mimic human behavior so well outdated defenses don’t stand a chance
  • Mobile apps are under siege, with a 160% rise in targeted bot traffic year over year
  • CAPTCHA farms and rotating proxies help bots bypass basic defenses

The internet has entered a new era where automated traffic now accounts for more web activity than human users, new research says.

Radware's 2025 ecommerce Bot Threat Report claims the majority of traffic to online stores during the 2024 holiday season didn’t come from people. It came from bots.

For the first time, automated programs - ranging from simple scripts to AI-enhanced digital agents - accounted for 57% of all traffic, surpassing human visitors on e-commerce websites.

A smarter generation of bad bots

The report highlights the ongoing evolution of malicious bots, as nearly 60% now use behavioral strategies designed to evade detection, such as rotating IP addresses and identities, using CAPTCHA farms, and mimicking human browsing patterns, making them difficult to identify without advanced tools.

The only effective counter is equally intelligent detection - AI-powered defenses that can learn and adapt. Businesses must reassess their security stack and look beyond basic filters to solutions offering advanced DDoS protection and intelligent traffic monitoring.

“Bad bots are no longer just based on simple scripts - they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defenses,” said Ron Meyran, Vice President of Cyber Threat Intelligence at Radware.

“E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”

Mobile platforms have become a critical battleground, with a staggering 160% rise in mobile-targeted bot activity between the 2023 and 2024 holiday seasons. Attackers are deploying mobile emulators and headless browsers that imitate legitimate app behavior.

The report also warns of bots blending into everyday internet traffic. A 32% increase in attack traffic from residential proxy networks is making it much harder for ecommerce sites to apply traditional rate-limiting or geo-fencing techniques.

Perhaps the most alarming development is the rise of multi-vector campaigns combining bots with traditional exploits and API-targeted attacks. These campaigns go beyond scraping prices or testing stolen credentials - they aim to take sites offline entirely.

For businesses relying on the best ecommerce website builders or user-friendly platforms, the threat is clear. Security must evolve in step with the attackers. Platforms must also adopt dedicated mobile protections to defend against these increasingly sophisticated threats.

You might also like

Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.