Protecting Publishing: The Real Cost of AI Bots
AI fetcher bots are severely impacting the publishing industry by scraping proprietary content in real-time to feed AI chatbots, leading to a drastic reduction in referral traffic and revenue. Organizations are advised to implement advanced bot management and monetization strategies rather than relying solely on default blocking to mitigate infrastructure strain and financial losses.
Source:
Akamai
Key Takeaways
- AI bot activity surged 300% in 2025, with the media and publishing industry being the second most targeted sector.
- AI fetcher bots, which collect real-time content, constitute 25.28% of AI bots and significantly reduce referral traffic to original sources.
- Referral traffic from AI chatbots was reported to be 96% lower than traditional Google search traffic in Q4 2024.
- Unwanted automated scraping increases infrastructure, server, and CDN costs while degrading site performance.
- Instead of default blocking, publishers are encouraged to use platforms like Skyfire and TollBit to monetize and license content access to AI companies.
Affected Systems
- Web Servers
- Content Delivery Networks (CDNs)
- Publishing Platforms
Attack Chain
AI fetcher bots crawl publishing websites to collect proprietary content in real-time based on user prompts. The scraped data is ingested into large language models or served directly to users via AI chatbots. This bypasses the original source, depriving the publisher of ad revenue and subscriptions while simultaneously increasing the publisher's infrastructure and CDN costs due to high automated traffic volumes.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
The article discusses high-level bot management strategies but does not provide specific detection rules or queries.
Detection Engineering Assessment
EDR Visibility: None — The activity involves external web scraping and bot traffic, which is visible at the network and WAF level, not the endpoint level. Network Visibility: High — Bot traffic can be identified through CDN, WAF, and web server access logs by analyzing user agents, request rates, and behavioral patterns. Detection Difficulty: Moderate — Distinguishing between legitimate user traffic, sanctioned AI bots, and unauthorized fetcher bots requires advanced behavioral analysis and bot management solutions.
Required Log Sources
- Web Server Access Logs
- WAF Logs
- CDN Logs
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Identify high-volume, repetitive requests to content pages originating from known AI vendor ASNs or utilizing AI-associated user agents. | WAF/CDN Logs | Collection | Medium |
Control Gaps
- Lack of granular bot management
- Inability to distinguish between different types of AI agents (e.g., fetchers vs. standard crawlers)
Key Behavioral Indicators
- Anomalous spikes in page views from single IP addresses or subnets
- Requests lacking typical browser rendering artifacts
- User agents associated with known AI crawlers
False Positive Assessment
- High
Recommendations
Immediate Mitigation
- Implement bot management solutions to monitor and categorize incoming AI bot traffic.
- Analyze web traffic to identify the top AI agents scraping content.
Infrastructure Hardening
- Configure WAF and CDN rules to rate-limit aggressive scraping behavior.
- Ensure sufficient infrastructure scaling to handle automated traffic spikes without degrading user experience.
User Protection
- N/A
Security Awareness
- Evaluate partnerships with platforms like Skyfire and TollBit for content licensing and monetization.
- Develop a comprehensive organizational policy on AI bot access and content scraping.
MITRE ATT&CK Mapping
- T1119 - Automated Collection
- T1593 - Search Open Websites/Domains