Radware: Bad Actors Spoofing AI Agents to Bypass Malicious Bot Defenses
None
<p>The rapid introduction of Ai agents that can crawl the web like typical search engines is creating a security gap that is allowing threat actors to develop and deploy bots that impersonate legitimate AI agents from major AI companies.</p><p>This is allowing hackers to bypass traditional detections systems to launch large-scale account takeover (ATO) and financial fraud attacks, according to threat intelligence researchers at cybersecurity and application delivery firm Radware.</p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>Security teams will have to adapt their bot verification practices to address the growing threat, which is further enabled by what the Radware researchers say is a fractured environment, with different AI vendors offering AI agents with different verification standards.</p><p>“Although search engines still act as the central nodes of the internet, AI agents – the future of the web – are coming to replace them,” the researchers <a href="https://www.radware.com/security/threat-advisories-and-attack-reports/the-ai-identity-dilemma-malicious-bots-in-disguise/" target="_blank" rel="noopener">wrote in a report</a>. “With more and more users searching via AI services, we expect to see a drop in typical search engine crawler traffic and a sharp rise AI bot traffic which, unlike crawlers, interacts with the business logic of websites and applications.”</p><h3>Bot Mitigations Not Keeping Up</h3><p>Bots have become a significant presence on the web in recent years, account for much as 70% of traffic on websites, driving the need for bot mitigation solutions to block bad bots from accessing the sites, according to Akamai.</p><p>“While many bots serve valuable functions, others are designed to steal intellectual property, impersonate legitimate users, or play a role in brute-force attacks, account takeover, and other devastating cyberattacks,” <a href="https://www.akamai.com/glossary/what-is-bot-mitigation" target="_blank" rel="noopener">the company wrote</a>. “In this environment, bot mitigation technology is essential to distinguish good bot traffic from harmful bots, and to manage the impact of malicious bot traffic on the performance of your websites and the experiences of your customers.”</p><p>Bot mitigation strategies traditionally have classified bots as “good” or “bad” through three parameters: user agent verification, IP address validation against published ranges, and restricting the good bots to GET-only requests, Radware researchers wrote. This has worked well in a world of web scrapers and malicious crawlers.</p><p>“However, the landscape fundamentally changed in 2024-2025 with the introduction of interactive AI agents,” they wrote. “OpenAI launched ChatGPT Agent Mode in January 2025, featuring virtual browser capabilities, business system connectors and multi-agent orchestration. Google Gemini introduced real-time web interaction with URL context tools supporting up to 20 URLs per request. Anthropic Claude deployed Computer Use capabilities, enabling desktop interaction via mouse and keyboard.”</p><h3>The Threat of POST Requests</h3><p>The problem is that such AI agents require POST-request permissions to run such interactive functions as booking hotels, buying tickets, and completing transactions, they wrote. OpenAI says ChatGPT agents shouldn’t be limited to only GET requests because POST requests are critical to their Responses API and tool-calling capabilities.</p><p>This creates an environment ripe for bad actors to create bots that impersonate legitimate AI agents from the likes of Google, OpenAI, Grok, and Anthropic, which Radware said with “high confidence” is happening. Businesses will weaken their security to ensure AI agents drive traffic to them even as bot mitigation systems are inadequate to the threats that come with them, the researchers wrote.</p><p>In addition, legitimate AI bots can get access to interactive components like login portals and account dashboards, reducing the gap between the traffic patterns of legitimate and malicious bots, and it’s easier for attackers to have their bots classified as “good” with the POST permissions that AI vendors are demanding for their agents.</p><p><strong>“</strong>Application owners anticipate significant increases in legitimate AI agent traffic, creating a detection blind spot where malicious bots masquerading as AI agents are more likely to pass unnoticed by security and marketing teams monitoring anomalies,” they wrote.</p><h3>Financial Services, Healthcare at Risk</h3><p>This puts a lot of companies at risk, particularly those in financial services – like payment processors and banking platforms – where ATO attacks can lead to significant monetary losses, e-commerce businesses like retail platforms that already are being hit by bot-driven purchases and inventory manipulation, and ticking and travel agencies, whose event ticketing systems, airline bookings, and hotel reservations are vulnerable to attacks on automated purchasing operations.</p><p>Healthcare organizations, whose patient portals and telemedicine platforms rely on identity verification, also are at high risk.</p><p>There are a number of steps security teams can take, including adopting zero-trust policies for state-changing requests, treat user-agents as untrustworthy, and enforce stringent DNS and IP-based checks, particularly for Claude and Grok, which are easiest to spoof. The researchers also recommended cryptographic verification and moving from static to dynamic detection.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/radware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses/" data-a2a-title="Radware: Bad Actors Spoofing AI Agents to Bypass Malicious Bot Defenses"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fradware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses%2F&linkname=Radware%3A%20Bad%20Actors%20Spoofing%20AI%20Agents%20to%20Bypass%20Malicious%20Bot%20Defenses" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fradware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses%2F&linkname=Radware%3A%20Bad%20Actors%20Spoofing%20AI%20Agents%20to%20Bypass%20Malicious%20Bot%20Defenses" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fradware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses%2F&linkname=Radware%3A%20Bad%20Actors%20Spoofing%20AI%20Agents%20to%20Bypass%20Malicious%20Bot%20Defenses" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fradware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses%2F&linkname=Radware%3A%20Bad%20Actors%20Spoofing%20AI%20Agents%20to%20Bypass%20Malicious%20Bot%20Defenses" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fradware-bad-actors-spoofing-ai-agents-to-bypass-malicious-bot-defenses%2F&linkname=Radware%3A%20Bad%20Actors%20Spoofing%20AI%20Agents%20to%20Bypass%20Malicious%20Bot%20Defenses" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>