Fastly, Inc. has released its Q2 2025 Threat Insights Report, exposing a striking shift in the nature and scale of automated web traffic. Analysis of traffic from mid-April to mid-July shows that AI crawlers made up almost 80% of all AI bot traffic observed, with Meta generating more than half and eclipsing both Google and OpenAI combined.
Fetcher bots–those that access website content in response to user actions–including those used by ChatGPT and Perplexity, are also driving massive real-time request volumes. In some cases, fetcher request volume exceeds 39,000 requests per minute. This surge is putting pressure on unprotected origin infrastructure, consuming bandwidth, overwhelming servers and mimicking the effects of DDoS attacks, even without malicious intent. North America receives a heavy skew of AI crawler traffic, accounting for nearly 90% of observed activity. Every other region, including Europe, Asia, and Latin America, sees a significantly smaller share, signalling a growing geographic bias in LLM training datasets and raising questions about the long-term neutrality of AI model outputs.
Fastly’s Q1 2025 report found that automated bot traffic already represented 37% of observed activity across Fastly’s global network. While previous concerns centered on the volume of automated traffic, the Q2 data highlights the nature of that traffic, with AI bots now presenting a more complex challenge to security, performance, and operational resilience.
Drawing on 6.5 trillion monthly requests across Fastly’s Next-Gen WAF and Bot Management products, the findings offer a detailed view of how AI-driven automation is reshaping online traffic. With visibility into over 130,000 applications and APIs across a wide range of industries including e-commerce, media, financial services, and technology, Fastly’s insights shed light on the evolving battleground for web security and control.
Additional findings include:
- Meta’s AI bots alone generate 52% of AI crawler traffic, more than double that of Google (23%) or OpenAI (20%).
- Commerce, media & entertainment, and high-tech sectors face the highest levels of scraping for training AI models.
- ChatGPT generates the most real-time traffic to websites, with 98% of fetcher bot requests attributable to OpenAI’s bots.
- Lack of bot verification persists, making it difficult for security teams to distinguish between legitimate automation and malicious impersonation.
“AI Bots are reshaping how the internet is accessed and experienced, introducing new complexities for digital platforms,” said Arun Kumar, Senior Security Researcher at Fastly. “Whether scraping for training data or delivering real-time responses, these bots create new challenges for visibility, control, and cost. You can’t secure what you can’t see, and without clear verification standards, AI-driven automation risks are becoming a blind spot for digital teams. Businesses need the tools and insights to manage automated traffic with the same precision and urgency as any other infrastructure or security risk.”
The report calls for more transparent bot verification, clearer signalling by bot operators, and smarter bot management strategies. Without them, organisations face growing exposure to shadowy automation, attribution gaps and escalating infrastructure costs.
To read the complete report, visit here
