2025年欺诈与滥用报告：在人工智能欺诈迷雾中破局寻路

Charting a Course Through AI’s Murky Waters State of the Internet/Security Contents Introduction The rapid evolution of threat methodologies and a significant uptick in malicious activityprompted the Akamai State of the Internet (SOTI) team to update its analysis of theabuse and fraud landscape. In 2025, the level of innovation and complexity in this For clarity, this report definesfraudas the use of deception for unlawful gain, andabuseas the engagement in unauthorized activities. Although these definitions may appearstraightforward, the increasing complexity of AI-powered technologies has blurred This report focuses on a subset of large language model (LLM) AI bots that we codifiedas “Akamai categorized” by using authentication methods that rely on self-identificationand bot telemetry. Our research aims to provide organizations with actionable insights Fraud and abuse risks are amplified by AI The growing adoption of AI has introduced new opportunities for cybercriminals, whichinclude highly convincing impersonation and automated scams. Although humansdirect the use of AI, bots are primarily responsible for generating impersonation content In previous SOTI reports, we highlighted the impact of AI-driven web scraping on thecommerce sector, noting that AI-powered scrapers have become more sophisticatedand challenging to detect. This year, our analysis extends to the broader LLM AI bot Akamai researchers have observed that several industries beyond commerce are nowexperiencing significant increases in AI scraper activity. From an abuse standpoint, someAI bots are capable of intensifying risks in applications and APIs by automating advanced Additionally, the rise of fraud as a service (FaaS) in underground markets has furtheraccelerated these threats by lowering the barriers to entry for cybercriminals and facilitatingthe execution of diverse online fraud schemes. Organizations cannot simply block all bot This report provides an in-depth examination of the expanding fraud and abuse landscape,including a guest column from the Chief Information Security Officer at the FinancialServices Information Sharing and Analysis Center (FS-ISAC), key highlights from the Working together Leaders in every sector of the economy are concernedabout fraud conducted via cyber methods. The threshold to Attacks come in many different forms, so it is importantthat information security teams consistently adhere tothree basic cyber hygiene practices. That will help them As you’ll read in this report, much of that fraud isconducted by bots in order to commit a wide variety ofcrimes. In financial services, we’ve seen bots automate loginattempts with stolen username/password combinations,test ill-gotten credit card numbers or common passwords, 1.Layered defenses: Think of bot detection like spamfiltering and use a defense-in-depth approach withconstant tuning. IP blocking isn’t enough, so incorporate 2.Response playbooks: Any event can escalate to asevere incident in minutes, so it’s crucial to plan, test, These frauds are enabled by adaptive, distributed botspowered by AI that are often rented from FaaS platforms.These technologies are built to bypass your defensive A coordinated takedown process involvinghosting providers, domain registrars, or law A documented and practiced process to preservelogs and evidence that civil and criminal courtscan accept — fraud is a crime, and a compromised In this threat landscape, we must prepare by comparingthreat actor capabilities and behaviors with our deployeddefenses. We need to practice incident response, share Mechanisms to communicate with customersif their accounts are compromised or your Methods for containing and/or disablingaccounts, invalidating sessions, or adjusting 3.All-sourcethreatintelligence: Consider using botnetidentification feeds to detect botnets, proxy networks,or fraud tools that are targeting your sector or company,and employ indicator of compromise (IOC) ingestiontools to spot IP ranges, autonomous system number A great example of intelligence sharing is provided byFS-ISAC’s Cyber Fraud Prevention Framework WorkingGroup — a cross-sector group of cyber experts who developstrategies to reduce the risk of fraud. Their expertise is Only by working together can we achieve the promise ofcollective defense. Fraud actors cross borders and sectors,and each successful fraud chips away at profitability and The most valuable threat intelligence comes from trustedpeers and colleagues in your sector and others. Myorganization, Financial Services Information Sharing andAnalysis Center (FS-ISAC), is a trusted partner that helpsthe financial sector share threat intelligence, understand John “JD” DenningChief Information Security Officer, FS-ISAC Akamai is a founding member of FS-ISAC Critical Provider Program and maintains a strong researchrelationship with FS-ISAC by collaborating and sharing data. We invited them to contribute to thisreport in a continued e