AI Bots in Q2 2025: Trends from Fastly's Threat Insights Report

Fastly’s Q2 2025 Threat Insights Report reveals how Meta, OpenAI, and other AI giants are driving massive crawler and fetcher traffic and what organizations must do to stay in control.

AI isn’t just trending; it’s reshaping internet traffic in real-time. As large language model (LLM) based apps like ChatGPT fuel demand for content, they’re straining networks, intensifying scraping, and forcing organizations to rethink how they protect their assets while still reaching their audiences.

From massive crawlers vacuuming up the web to fetchers delivering answers in real time, AI bots are introducing additional performance, cost, and security challenges. Fastly’s latest edition of our Threat Insights Report focuses exclusively on AI bots, so you can find out what’s really happening under the hood of AI-driven traffic - and what it means for the future of your site.

AI’s Web Appetite: 80% Crawlers, 20% Fetchers

The internet is (now more than ever) dominated by bots, with AI bot traffic continuing to grow. Between April and July, AI crawlers accounted for almost 80% of all AI bot traffic as observed across the Fastly network. The big surprise? Meta’s AI crawlers alone generate 52% of that traffic, more than Google (23%) and OpenAI (20%) combined!

The geographic split is even more striking. Nearly 90% of all North American AI bot traffic came from crawlers, while Latin America (72%), Asia (58%), and Europe (41%) had far smaller crawler percentages. Popular crawlers had even more drastic splits, with Meta and Google having over 90% of their crawler traffic hitting North American sites. This concentration of crawler traffic in North America could influence datasets feeding today’s most popular LLMs, and by extension, the output they generate.

Fetchers: Fast, Focused, and Heavy on Volume

AI fetcher bots, which retrieve specific content in real time based on user queries, accounted for the other 20% of AI bot traffic. Here, OpenAI stands out: their bots (including ChatGPT) generated a whopping 98% of fetcher requests. While this finding could indicate ChatGPT’s popularity in the consumer LLM market, some AI fetchers use previously indexed data from search engines rather than directly fetching in real time. 

In some cases, fetcher traffic hit 39,000 requests per minute – high enough to overwhelm unprotected origin infrastructure. Even without malicious intent, these spikes can mimic DDoS conditions for sites that do not regularly reach these traffic volumes, consuming resources and impacting site performance. Rising AI bot traffic is not necessarily bad news; having your content indexed or used in AI-powered results can drive visibility to your site. Without visibility and bot verification, even well-intended automation can become a hidden drain on resources.

Other AI Bot Traffic Trends and How to Respond

While crawlers and fetchers dominate the conversation, our Q2 data highlights other important trends in AI bot behavior:

• Commerce, media & entertainment, and high-tech sectors see the highest levels of AI scraping activity.

• Lack of bot verification remains a major challenge, making it harder for security teams to distinguish legitimate automation from impersonators.

• AI bots add operational complexity - without transparent signaling and identification, they become a growing blind spot for digital teams.

• Fetcher bots are reshaping user experience, delivering real-time content at volumes that can mimic attack patterns even without malicious intent.

But what does this mean for you?

• Don’t ignore “friendly” bots: Even legitimate crawlers and fetchers can overload infrastructure without policies in place.

• Control your exposure: Decide which bots you want accessing your content and at what rate. (Check out how Fastly Bot Management gives your team the power to manage and control the behavior of bots that crawl and scrape your content.)

• Be mindful of geographical bias: Content is primarily being crawled in North America, and this may influence how AI models represent your industry, brand, or products.

• Verify (and then verify again): Without clear bot identification standards, bad actors can masquerade as legitimate AI bot activity. Invest in solutions that can tell the difference, and request AI bot operators to provide verification avenues.

Staying in Control of AI-Driven Web Traffic

Fastly’s quarterly threat insights report draws from 6.5 trillion monthly requests* across Fastly’s Next-Gen WAF, Bot Management, and DDoS Protection solutions, which collectively help secure over 130,000 apps and APIs** across a wide range of industries, including leading e-commerce, streaming, media and entertainment, financial services, and technology companies.

Stay up to date with the Fastly Security Research Team, who continuously publishes a range of valuable resources, including blogs, CVE notices, threat insights, tutorials, and more, aimed at keeping our customers informed about the latest security developments.

AI bots are now a defining force in internet traffic, shaping everything from infrastructure load to the data that fuels tomorrow’s LLMs. The challenge, and opportunity, lies in deciding how your content is accessed, and by whom.

Read the full Q2 2025 Threat Insights Report to explore the complete data, industry impacts, and strategies for staying in control of your traffic in the AI era.

* Trailing six-month average as of April 22, 2025

** As of April 22, 2025