Notifications
Clear all
Topic starter
12/06/2026 9:54 pm
TL;DR: Total attacks from bots and fraud farms rose 121% in Q2 versus Q1 2023, while malicious bot attacks increased 167% and intelligent bot attacks rose 291%, according to Arkose Labs. The core issue is not just volume but economics: attackers are industrialising fraud faster than many enterprise controls can adapt.
NHIMG editorial — based on content published by Arkose Labs: Breaking (Bad) Bots: Bot Abuse Analysis and other Fraud Benchmarks
By the numbers:
- Arkose Labs observed a 121% increase in total attacks from bots and fraud farms in Q2 over Q1 2023.
- 167% in Q2 over Q1 2023., calated 167% in Q2 over Q1 2023.
- 291% in Q2 over Q1 2023., increased 291% in Q2 over Q1 2023.
Questions worth separating out
Q: How should security teams reduce bot abuse without blocking legitimate users?
A: Use layered detection and adaptive friction rather than blunt blocking.
Q: Why do fake account creation attacks matter to IAM programmes?
A: Fake account creation pollutes the identity base that IAM, fraud, and analytics systems rely on.
Q: What breaks when account recovery is easier than primary authentication?
A: Attackers target the recovery path because it often carries enough trust to bypass stronger login controls.
Practitioner guidance
- Harden registration and recovery paths Add layered verification to sign-up, password reset, and support-assisted recovery flows.
- Instrument bot-specific identity signals Feed device intelligence, behavioural biometrics, velocity checks, and abuse-pattern telemetry into fraud and IAM decisions.
- Measure abuse cost, not only block rate Track how many attempts are required for an attacker to complete a fake registration, password reset, or takeover sequence.
What's in the full report
Arkose Labs' full analysis covers the operational detail this post intentionally leaves for the source:
- Breakdowns of attack mix by industry, including the sectors most heavily targeted by bot-led incursions.
- Details on the report’s behaviour-based detection and dynamic interdiction approach for suspicious traffic.
- The underlying customer-base observations behind the quarter-over-quarter attack growth figures.
- Examples of the risk signals Arkose Labs says it uses to drive decisioning in downstream fraud controls.
👉 Read Arkose Labs' quarterly report on bot abuse and fraud benchmarks →
Bot abuse and fraud farms: what security teams need to act on?
Explore further
13/06/2026 12:19 am
Bot abuse is an identity governance problem disguised as fraud volume. The article shows that the real issue is not only scale, but trust management across registration, login, recovery, and support workflows. When automated actors can repeatedly test the same paths, the organisation is no longer governing individual sessions, it is governing a machine-driven abuse economy. Practitioners should treat bot pressure as a signal that identity assurance has become too permissive at the edges.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who should own bot abuse response across fraud and IAM teams?
A: Responsibility should be shared, but ownership of control design must sit with the teams that govern identity, recovery, and step-up policy. Fraud teams can detect patterns, while IAM teams control the workflows attackers target. The most effective programmes align both so one team is not optimising detection while the other leaves the doorway open.
👉 Read our full editorial: Bot abuse is scaling faster than enterprise fraud controls
