AI-Driven Gray Bots Flood Web Applications with 17,000+ Requests Per Hour

Web applications are facing an unprecedented surge in traffic from “gray bots,” a category of automated software programs that occupy the ambiguous space between legitimate and malicious activity.

These bots, often powered by generative AI, are designed to scrape large volumes of data from websites, typically to train AI models or aggregate content.

Recent data from Barracuda reveals that these bots are generating a staggering 17,000 requests per hour on average for targeted web applications, posing significant challenges for businesses.

The Rise of Gray Bots

Unlike traditional “good” bots like search engine crawlers or “bad” bots used for fraud and data breaches, gray bots operate in a legal and ethical gray zone.

Generative AI scraper bots such as ClaudeBot and TikTok’s Bytespider exemplify this trend.

These bots are not overtly malicious but aggressively collect proprietary data, often without permission.

For instance, one tracked web application received over 9.7 million requests from generative AI scraper bots in just 30 days, while another experienced over half a million requests in a single day.

This relentless activity is reshaping the landscape of online bot traffic.

Previously, bot traffic was expected to occur in bursts, but gray bots now maintain consistent request patterns throughout the day.

This constant bombardment can overwhelm web servers, degrade application performance, and distort website analytics.

The aggressive data scraping by gray bots has far-reaching consequences for businesses:

1. Operational Disruption: The high volume of bot traffic increases server load, leading to slower response times and degraded user experiences.
2. Increased Costs: Elevated cloud CPU usage and bandwidth consumption drive up hosting expenses for affected organizations.
3. Analytics Distortion: By inflating website traffic metrics, gray bots make it difficult for businesses to track genuine user behavior and derive actionable insights.
4. Data Privacy Risks: Industries like healthcare and finance face compliance challenges if sensitive customer data is scraped without authorization.
5. Erosion of Trust: Users may lose confidence in platforms where their data is exploited or where AI-generated content dominates.

Furthermore, the use of scraped data to train AI models raises legal questions about copyright infringement and intellectual property rights.

Leading Offenders: ClaudeBot and Bytespider

Among the most active gray bots identified in early 2025 are ClaudeBot and TikTok’s Bytespider.

ClaudeBot, developed by Anthropic to train its generative AI tool Claude, has been particularly prolific in targeting web applications.

TikTok’s Bytespider bot aggressively scrapes data to refine its content recommendation algorithms and advertising features, reflecting the growing role of AI in shaping user experiences on platforms with billions of users.

Other notable generative AI scraper bots include PerplexityBot and DeepSeekBot, which have also contributed to the surge in bot-driven web traffic.

To combat the growing threat posed by gray bots, organizations are advised to adopt advanced security measures such as behavior-based detection systems and adaptive machine learning tools capable of identifying and blocking unauthorized bot activity in real time.

Solutions like Barracuda Advanced Bot Protection offer comprehensive fingerprinting techniques to mitigate these threats effectively.

While measures like implementing robots.txt files can signal scrapers to avoid certain sites, they rely on voluntary compliance and are easily bypassed by less scrupulous actors who conceal or frequently change their bot identities.

Gray bots are no longer an emerging trend but a persistent reality of online ecosystems.

As they continue to blur ethical boundaries while exploiting proprietary data at scale, businesses must remain vigilant and proactive in safeguarding their digital assets against this new wave of automated threats.

Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates