The rise of the 'gray bots' targeting websites for data


We all know about good bots like search engine crawler bots, SEO bots, and customer service bots. And we know about bad bots, designed for malicious or harmful online activities like breaching accounts to steal personal data or commit fraud.
New research from Barracuda identifies an additional breed of 'gray bots', and these include GenAI scraper bots, designed to extract or scrape large volumes of data from websites, often to train generative AI models. Other examples of gray bots are web scrapers and automated content aggregators that collect web content such as news, reviews, travel offers and more.
While these aren't actively malicious they do push the boundaries of acceptable behavior. Barracuda's data shows that between December last year and the end February 2025, millions of requests were received by web applications from Gen AI bots, including ClaudeBot and TikTok's Bytespider bot.
One tracked web application received 9.7 million Gen AI scraper bot requests over a period of 30 days, while another tracked web application received over half a million GenAI scraper bot requests in a single day.
Analysis of the gray bot traffic targeting a further tracked web application finds that requests remained relatively consistent over 24 hours -- averaging around 17,000 requests an hour.
Rahul Gupta, senior principal software engineer, application security engineering at Barracuda, writes on the company's blog, "Gray bots can be aggressive when collecting data and may remove information without permission. Gray bot activity can overwhelm web application traffic, disrupt operations, and gather up vast volumes of proprietary creative or commercial data."
Scraping and use of copyright-protected data by AI training models may be in violation of the owners' legal rights. Frequent scraping by bots also increases server load, which can degrade the performance of web applications and affect the user experience. This can also increase application hosting costs due to the increase in cloud CPU use and bandwidth consumption.
You can read more along with advice on protecting against gray bots on the Barracuda blog.
Image credit: Pixelery.com/depositphotos.com