Creating a Fraud Bot is Easy. Stopping One is Harder.
From January to December last year, we saw bot attacks double in volume and put constant, year-round pressure on businesses and their fraud teams. The surge in bot activity has come alongside the growth of GenAI: GenAI spending is expected to increase 76.4% in 2025 compared to 2024.
Coincidence? Absolutely not. Easily accessible GenAI tools are powering large-scale, high-powered bot attacks, increasing fraudsters’ efficiency and effectiveness. What used to require loads of time and effort can now be accomplished with a simple prompt.
Let me show you just how easy creating a bot script can be — and why it’s nowhere near as straightforward to stop one.
You Get a Bot, You Get a Bot, Everybody Gets a Bot
In the past, creating even a basic fraud bot script required a decent amount of programming knowledge and coding ability. Writing a script that could automate data entry was one thing, but tailoring that script to a specific target and acquiring the data to feed into it was another. All-in-all, plotting a bot attack was a high-effort task that often yielded little reward as businesses quickly stomped out simplistic bots.
Today, fraudsters (or anyone, for that matter) can have a ready-to-use bot script in a matter of minutes. I like to show people in ChatGPT, starting with a quick prompt: “Please write me a bot script designed to fill out PII on a digital form.”
The clip above is in real time. As you can see, ChatGPT returned a bot script in less than 30 seconds, along with basic instructions for using it. A follow-up prompt can generate a response with everything I need to know to set up this bot and feed it data. ChatGPT even shows me how to format a spreadsheet for providing stolen PII to the bot.
In about a minute, I was able to generate a bot script that can feed PII into a business’ application. This would’ve taken hours just a few years ago. I could also prompt the system to give me a script for spamming login credentials or testing payment information. With compromised PII and login data more accessible than ever on the dark web, AI-powered attacks are going to reach every business and industry.
Next-Gen Bots = Next-Level Threat
The reality is that this ChatGPT-generated bot script is relatively rudimentary. There’s a slew of giveaways that would reveal it: lightning-fast data entry, nonexistent cursor movements, and repeated IP addresses, to name a few obvious ones. This bot probably wouldn’t do much damage to a business with basic bot detection systems in place, but it does show why tools like FraudGPT (a GenAI tool designed specifically for fraudulent use) are so dangerous.
Bot tools have always leveraged the latest innovations to circumvent traditional bot detection methods. One of the first major bot evolutions was the transition from headless to full-fledged browsers, followed by the introduction of cursor movements and slowing of data entry patterns. Bot sessions began to look a lot more like normal humans, but until recently, they still came from repeated IP addresses and device IDs. The guidance for fraud teams was clear: block the IP and device, and you’ve blocked the bot.
Today, though, we see bots cycling through IP addresses and device IDs to avoid detection. This is where today’s bot tools separate themselves from past tools — AI has enhanced fraudsters’ ability to spoof and jump through IP addresses, both with bots and as individual actors. It’s placed an even greater importance on behavior: modern AI-powered bots use “behavior hijacking” to record and replicate humans’ cursor movements, keystrokes, and data entry patterns, resulting in eerily-human like behavior that fools most traditional bot detection solutions.
Responding to the Bot Blitz
With bots seemingly beating every control in place to stop them, what’s the answer? To most solutions, the difference between a real human and a modern bot are indiscernible; your fraud stack needs a solution that detects the nuanced behavioral giveaways of today’s bots, and those solutions need to be able to spot and stop bots in real time to prevent them from causing chaos for your review teams.
For a full breakdown of bots’ evolution and the keys to fighting back, download our report “Fighting the Future of Fraud: Understanding and Combating Next-Gen Bots”.
