Traffic peaks, rising access figures and busy servers are still regarded by many organizations as indicators of high demand and economic success. In practice, however, the picture is increasingly different. A growing proportion of measured data traffic does not originate from real users, but from automated systems. Bots, scripts and AI-supported agents imitate human behavior so precisely that traditional analysis tools can hardly distinguish between them reliably. The result is a structural distortion of operational key figures that influences operational decisions, security concepts and business models in equal measure.
Shopping events such as Black Friday and Cyber Week are traditionally seen as a stress test for digital retail platforms. Forecasts from industry associations and IT associations regularly paint a picture of a high propensity to buy and rising online sales. Billions in sales were once again expected for 2025, accompanied by surveys that suggested a strong shift in consumption to online retail. In many cases, however, these expectations fell short of actual sales, even though the number of hits and page views increased significantly in some cases. This discrepancy cannot be explained solely by changes in consumer behavior, but is increasingly linked to automated traffic.
Several international security reports and operators of large networks point out that automated traffic now accounts for a significant proportion of all web traffic. Individual evaluations assume that automated systems have surpassed human traffic for the first time. Of particular relevance here is the increasing proportion of so-called malicious bots that specifically access trading platforms, booking systems and APIs. It is not possible to independently verify concrete percentage figures on the proportion of malicious bots in 2025, as some of the relevant reports are proprietary or have only been published in excerpts.
From the perspective of platform operators, bots generate a deceptive form of activity. They call up pages, create sessions and distribute their requests across numerous IP addresses without pursuing real purchasing intentions. In analytics dashboards, these visits appear as increasing reach or demand, while conversion rates fall or stagnate. At the same time, these automated accesses consume computing power, network resources and memory without contributing to added value. In extreme cases, they lead to performance losses that directly affect real customers.
Modern bots no longer act through massive data streams or obvious attack patterns. Instead, they often limit themselves to retrieving HTML content and bypass resource-intensive elements such as images, scripts or multimedia files. As a result, bandwidth consumption remains comparatively low, while the number of simultaneous connections and sessions rises sharply. For the infrastructure, this creates the impression of many individual visitors with little activity. This form of traffic increases latencies, puts a strain on load balancers and application servers and can exceed internal thresholds without triggering classic alarm signals.
Although online retail is particularly affected, the phenomenon is not limited to this sector. Media portals, software-as-a-service providers and public platforms are experiencing similar patterns. Automated access is not only used to retrieve content or monitor prices, but increasingly also to train AI systems, test security vulnerabilities or prepare targeted attacks. This makes it increasingly difficult to distinguish between legitimate automation and abusive bot traffic.
Conclusion
Platforms are increasingly operating machines without immediately recognizing this. Automated traffic distorts operational key figures, puts a strain on infrastructures and undermines the significance of classic success metrics. For operators, this means that growth can no longer be assessed on the basis of access figures alone. Without differentiated analysis, adaptive protection mechanisms and a better understanding of modern bot strategies, there is a risk of basing strategic decisions on artificial demand that does not exist in the real economy.
| Source | Key message | Link to |
|---|---|---|
| Imperva, Imperva Bad Bot Report 2025 | Automated traffic surpasses human traffic for the first time, malicious bots make up a high proportion of web traffic and AI support facilitates bot creation | https://www.imperva.com/resources/resource-library/reports/2025-bad-bot-report/(imperva.com) |
| German Retail Association (HDE) Black Friday and Cyber Monday 2025 | Forecast for sales around Black Friday and Cyber Monday 2025 expected to reach 5.8 billion euros despite subdued consumer sentiment | https://einzelhandel.de/presse/aktuellemeldungen/14999-black-friday-und-cyber-monday-hde-rechnet-zu-aktionstagen-mit-umsatz-von-5-8-milliarden-euro(Retail) |
| Bitkom Black Friday: half go bargain hunting | Survey: 69% want to shop exclusively online, average spend around 312 euros | https://www.bitkom.org/Presse/Presseinformation/Black-Friday-Haelfte-auf-Schnaeppchenjagd(bitkom.org) |
Bisher keine Kommentare
Kommentar
Lade neue Kommentare
Artikel-Butler
Alle Kommentare lesen unter igor´sLAB Community →