CMS resources   Technology insights

Exclusive report: Responding to the surge in automated bot traffic

Brightspot has observed a dramatic increase in non-human web traffic across our customer base — largely driven by scraping bots harvesting content for AI model training. See our findings and recommendations from a recent initiative to evaluate and respond to the growing risk and impact of “bad bot” traffic.

August 4, 2025
16 min read
Brightspot

Brightspot’s digital content management platform serves millions of requests per day for some of the world’s best-known media and corporate brands. In recent months, we’ve observed a sharp rise in non-human web traffic hitting our customers’ sites, and a significant portion of this surge comes from automated “bots” — in particular, content-scraping programs likely harvesting data to train large language models (LLMs) and other AI systems.

With bots now accounting for nearly half of all web traffic (per our own internal survey data and Imperva’s Bad Bot Report), and LLM-related scrapers growing in volume and sophistication, publishers face rising costs, data exploitation and degraded analytics integrity. Here, we present analysis, findings and recommendations from a 2025 Brightspot initiative to understand, evaluate and respond to the growing risk and impacts of “bad bot” traffic on our customers’ digital properties.

This in-depth report examines the nature of this automated traffic, the risks it poses to infrastructure and intellectual property and key findings from Brightspot’s evaluation of bot management solutions. We’ll also reference other insights on the rise of LLM-related web scraping, the limitations of current anti-bot measures and best practices for managing bot traffic on content-rich websites.

Key report findings
LLM-fueled scraping surging
Over 40% of traffic to major content sites now comes from automated agents. Many ignore robots.txt and other voluntary standards, exposing limitations in existing controls.
Operational impact is tangible
Bot traffic inflates infrastructure costs, degrades site performance and pollutes analytics — posing cross-functional risks for IT, editorial and business teams alike.
Defensive tools fall short
Brightspot’s evaluation of leading bot mitigation tools found that most perimeter defenses (CDNs, WAFs) struggle against advanced bots. CMS-integrated approaches proved more effective, offering context-aware detection with lower false positives.
Bot strategy should be business-led
Effective bot management depends on aligning defenses with organizational priorities — whether that means aggressively blocking LLM scrapers to protect IP, or enabling selected bots to drive syndication and discovery.
Bots behaving badly: By the numbers
40%
Data from Imperva’s 2024 Bad Bot Report found that scraping bots designed to feed AI training models grew to nearly 40% of total traffic, up from ~33% in 2022.
50%
According to Imperva, bots accounted for 49.9% of total web traffic last year—surpassing human traffic for the first time.
40%+
Brightspot data found that more than 40% of all traffic to high-profile media and commerce websites in its internal survey came from automated agents.

The rise of automated web traffic and LLM scraping

The explosion of generative AI has created a kind of “gold rush” for data. Bots that crawl the web to index and copy content are not new — search engines have done this for decades — but the scale and aggressiveness of recent crawlers is unprecedented. Companies, students, state actors and other organizations are now deploying bots to scrape text and media to feed LLM training processes. Industry research confirms that automated traffic is reaching new heights,1 and Brightspot’s own 2025 survey of customer sites found that over 40% of traffic on some major media websites was generated by automated agents rather than human readers.

This surge is directly tied to the demand for training data. According to Imperva’s 2024 Bad Bot Report, the rapid adoption of generative AI led to a significant jump in basic web scraping bots — simple “LLM feeder” crawlers increased to nearly 40% of overall traffic in 2023 (up from ~33% in 2022).2

Report snapshot: Understanding the surge in bot traffic
Automated bots are reshaping web traffic — and not always for the better. Below are some of the key challenges from Brightspot’s 2025 analysis of the rise in bot traffic and the ways companies need to prepare, respond and adapt.
Why is automated traffic on the rise, and what’s driving it?

The explosive growth of generative AI has triggered a spike in bots scraping web content to train large language models (LLMs). These bots operate around the clock and increasingly ignore traditional controls like robots.txt, leading to a surge in non-human traffic across content-rich websites.
What are the risks of unchecked bot traffic?

Excessive bot traffic strains infrastructure, inflates cloud and CDN costs, disrupts analytics accuracy and threatens intellectual property. Some bots mimic human behavior to avoid detection, making them difficult to block with standard network filters.
Can companies rely on tools like firewalls or CDNs to stop bots?

Not entirely. Brightspot’s evaluation found that perimeter tools like WAFs and CDN-based solutions often fail against advanced scrapers. More effective defenses are tightly integrated into the CMS or application layer, where behavioral signals provide richer context for detection..
Should companies block all bots to protect their content?

Not necessarily. Some bots deliver business value (e.g., search engine crawlers, monitoring services). Bot management should be strategic — deciding which bots to allow, block or throttle based on business priorities, content value and partnership opportunities.
What best practices should organizations follow to manage bot traffic?

Adopt a multi-layered defense strategy combining network, application and client-side protections. Continuously monitor traffic and tune defenses. Use adaptive serving for suspected bots and maintain clear Terms of Service and allow/deny lists to support enforcement.
How can businesses align bot strategy with their digital goals?

Treat bots as another user segment. Collaborate across security, operations, editorial and legal teams to define content exposure policies. Decide whether your goal is strict IP protection, broader visibility or selective access, and configure your bot controls accordingly.

Graphic depicting 3 bad bots with arrows pointing to a webpage, image graphic, text graphic, and blocks representing copyrighted content, along with a red stop hand sign on a red stop sign.

Ignoring bot guidelines and intellectual property concerns

Traditional controls meant to govern web crawling — such as the robots.txt standard and honest self-identification via user-agent strings — are increasingly being ignored by these new scraping bots. Under the Robots Exclusion Protocol, website owners can publish a robots.txt file to indicate which parts of the site should not be crawled and by which bots, and well-behaved bots (like Google’s crawler) generally comply. Adherence to robots.txt is purely voluntary, however, and malicious or opportunistic scrapers often disregard it, as well as other directives like nofollow and noindex, entirely. Recent evidence shows multiple AI companies deliberately bypassing robots.txt rules to grab content without permission.

In mid-2024, Reuters reported that analytics from a content licensing startup revealed “numerous AI agents are bypassing the robots.txt protocol” across publisher websites.3 In one case, an AI search startup was found likely ignoring Forbes’ robots.txt directives in order to scrape articles, sparking accusations of plagiarism. These incidents underscore that bad actors can easily crawl wherever they please, since the robots standard has no legal enforcement and is essentially based on an honor system.4

Compounding the issue, sophisticated scrapers employ techniques to evade detection and blocking. Many disguise themselves by spoofing popular browser user-agent strings or cycling through random IP addresses and residential proxies to appear as ordinary visitors. Some bots even run actual browsers, mimicking human-like interactions (such as mouse movements or realistic pauses between page loads) to slip past basic bot filters. These tactics make it difficult for network-level defenses that rely on simple patterns (like IP reputation or user-agent blocking) to reliably distinguish scrapers from real users.

Beyond the technical circumvention of guidelines, the unbridled scraping of content raises serious copyright and intellectual property (IP) concerns. News and media outlets, whose content is a prime target for LLM training, are increasingly alarmed that AI developers are harvesting their articles without compensation or attribution. In late 2023, The New York Times filed a landmark lawsuit against OpenAI, alleging that the company infringed copyright by using Times articles to train ChatGPT without permission.5 OpenAI argued that mass web scraping for AI training falls under “fair use,” but the Times and other publishers strongly dispute this, claiming there is nothing “transformative” about using their content wholesale in a new AI product. This legal battle highlights the growing tension between content creators and AI firms.6

illustration depicting Brightspot CMS security protocols
Technology insights
Brightspot identifies new trend in content scraping
Brightspot’s Chief Information Officer, David Habib, discusses the next frontier of information piracy on the internet: site scraping of content for use in AI models.

In fact, a backlash against AI scraping has begun.7 Over the last year, many major websites have taken active measures to shield their content. A recent analysis by MIT’s Data Provenance Initiative found a “rapid crescendo of data restrictions” being implemented — about 5% of 14,000 sampled websites (and 28% of the most actively updated sites) have now added rules in robots.txt to block AI-specific crawlers, and many sites have also updated their Terms of Service to explicitly forbid AI training uses of their data. These numbers jumped dramatically from mid-2023 to mid-2024, indicating a new emphasis on protecting content from uncompensated AI mining. Some high-profile sites went as far as blocking OpenAI’s own GPTBot crawler when it was introduced in 2023. However, the landscape continues to evolve — notably, several publishers that initially blocked AI scrapers reversed course after securing licensing deals with the AI companies. For example, when firms like OpenAI struck agreements with media companies (Dotdash Meredith, Vox Media, Condé Nast and others), those publishers promptly removed or eased the blocks on OpenAI’s crawler in their robots.txt. This seems to indicate that content owners are willing to allow AI access on their own terms — i.e. if there is a fair exchange of value, or strategic benefit, for doing so.8

The scale of the problem: Automated traffic by the numbers

The data make it clear that automated bot traffic is not a minor nuisance but a material (and growing) component of web activity. Brightspot’s internal survey found that some major news and e-commerce sites are seeing over 40% of their total requests coming from bots rather than human users. This aligns with broader industry findings. Imperva reports that in 2023 bots accounted for 49.9% of all website traffic, exceeding human traffic for the first time in their records.9 Within that, about one-third of total traffic was attributed to “bad bots” engaged in malicious or unwanted actions (as opposed to “good” bots like legitimate search-engine crawlers).

The rise of LLM-related scraping is a major contributor to these trends. Simple scraping bots used for AI data collection grew sharply in prevalence as generative AI took off, and the rush to build ever-larger AI models has unleashed an army of crawlers on the web. These bots often operate 24/7 at high request rates, far beyond what a human browser would do, in order to vacuum up as much data as possible. For popular content sites, the result is that a large chunk of their traffic — in some cases approaching or exceeding half — now comes from automated agents that provide no direct business value (no ad impressions, no product purchases, no newsletter sign-ups) and often ignore the site’s rules.

Operational impacts: Infrastructure strain and site reliability

I’ve spoken to a lot of our customers about this topic — customers that are concerned about reliability, cost and content ownership rights. This kind of thing is so new they don’t even know if they should consider it a security issue, an operational issue or a strategy issue — I think it’s all three.
David Habib, CIO, Brightspot

For organizations running content-rich websites, this flood of non-human traffic can have significant operational and business impacts. Infrastructure costs can grow disproportionately to revenue when a sizable portion of traffic is essentially unwanted load. Web servers, databases and CDNs must scale to handle the volume of requests, meaning extra capacity (and cost) is needed merely to serve bots that likely shouldn’t be there in the first place.11

Site performance and reliability can also suffer. Automated scrapers tend to hit pages as fast as they can, and multiple bots may crawl in parallel. That approach defeats solutions like network and application caches that are designed to handle the typical bell curve of content popularity on a given site. Caches are cost-savers as well as performance improvements, and when they get bypassed, things can get expensive.

It’s not just the content misappropriation and the cost/revenue imbalance. It’s also things like analytics pollution — a surge in traffic that appears to be human could be good news, or it could be the latest round of scraping; article popularity data or A/B testing results can become worthless if the nature of the site visitors is in question.

In short, the surge in automated traffic translates to real costs and risks: extra infrastructure spend, potential outages or slowdowns and indirect business harm (like lost engagement or tainted analytics). It is a problem that threatens both the technical performance and the content value proposition of digital publishers. This is why Brightspot and its clients have made addressing malicious and excessive bots a top priority.

illustration depicting website features to help news sites scale for high-traffic events
Technology insights
Protecting the news on Election Night: An inside look at Brightspot’s cyber defenses
Brightspot CIO David Habib shares behind-the-scenes details about a series of coordinated DDoS attacks during the U.S. presidential election on November 5 — and how our security protocols thwarted a massive global botnet attack targeting one of Brightspot’s largest news customers.

Evaluating bot management solutions: Brightspot’s approach

To combat the rising tide of non-human traffic, Brightspot undertook an evaluation of leading bot detection and mitigation tools. The goal was to identify how well current solutions can handle the new wave of sophisticated scrapers — and to guide Brightspot’s strategy for protecting its platform and customers. Rather than rely on vendor claims alone,12 Brightspot set up a real-world test using a commercial web scraper known for its ability to bypass bot defenses. This tool, essentially a stealth crawling engine marketed to researchers and grey-area software engineers, was configured to mimic human-like browsing (randomized headers, varying click rates) and to rotate through numerous IP addresses. Brightspot then unleashed this simulated “bad bot” against our own website and evaluated multiple bot management solutions on their ability to detect or block the scraper.

“This thing is nasty,” said Chris Cover, Program Director and the head of the ‘Red’ team in our experiment. “They claim right up front that they can bypass the big-name filters out there — and from what I can see I don’t doubt it.”

The solutions tested included both edge-level defenses (such as a leading CDN’s bot management add-ons and a cloud WAF service) and an application-level approach integrated within the Brightspot CMS (leveraging JavaScript, a specialized server and a SaaS component). Over several weeks of testing, the team gathered data on detection rates, false positives, performance impact and the effort required to tune each solution. The results were telling. Most tools failed to catch any of the unwanted traffic out-of-the-box, and none were close to seeing all of it. The differences in approach yielded notable trade-offs.

Graphic depicting charts, dashboards, and graphs with labels for "human" and "bot".

Key findings from Brightspot’s bot management evaluation

  1. No “set-it-and-forget-it” solution: Ongoing tuning is essential.

    A clear lesson from the evaluation is that effective bot defense requires active management and tuning over time. None of the tested solutions could simply be enabled and left alone without oversight. In initial runs, every tool let almost all scraper traffic through and produced false positives (blocking a bit of legitimate traffic) until adjustments were made. This aligns with industry intelligence that shows that bots are constantly evolving and adapting; rules that worked last month might miss a new bot variant this month. Brightspot observed that regular tuning of bot signatures, thresholds and allow/block lists was necessary with all solutions. This finding underscores that bot management is an ongoing process, not a one-time deployment.13 Organizations should plan for continuous calibration – whether by internal teams, vendor support or automated learning — to adapt to new bot behaviors and minimize false positives. Set-it-and-forget-it is not realistic in the face of determined adversaries.

  2. Edge vs. integrated: CMS-integrated solutions show better effectiveness.

    Another takeaway is that bot defenses deployed outside the application (at the CDN, load balancer or firewall layer) were generally less effective against advanced scrapers than solutions tightly integrated with the CMS. The evaluation found that the Brightspot CMS-integrated prototype caught more of the stealth bot traffic and did so with fewer inadvertent blocks of real users. Why? The integrated approach could leverage application-specific knowledge — for instance, understanding normal content fetch patterns, user session behaviors and CMS-specific query patterns — which allowed more nuanced detection. In contrast, the edge solutions had a limited view (mostly network and HTTP metadata) and struggled to flag the bot when it behaved very much like a human browser. External tools often rely on generic heuristics (like known bad IP lists or anomaly detection at the network layer). These are important techniques, but sophisticated bots that mimic human behavior can easily slip past purely edge-based defenses.

    The integrated solutions, on the other hand, are able to analyze user behavior in context — for example, detecting that the scraper never loaded images or executed certain client-side scripts that real users would, and spotting anomalous navigation paths. This deeper, context-aware analysis gave it an edge in identification. External solutions also tended to be reactive (block after a threshold is exceeded), whereas the CMS could proactively challenge suspicious clients (e.g. serve a CAPTCHA or a slowly loading page to suspected bots). The bottom line: defenses closer to the application and content can make more fine-grained decisions, so integrating bot mitigation into the CMS or application logic can yield superior results to solely perimeter-based tools.

  3. Strategic bot management: Align policies with business goals.

    A final key finding is that decisions about which bots to block, throttle or allow should be guided by an organization’s broader business strategy and content goals. There is no one-size-fits-all answer to the question of “block all bots or not?” — it truly depends on the type of content, the value of that content and the company’s objectives (and obligations) around it. Brightspot’s evaluation highlighted that the most successful bot management programs were those that were purposeful and selective about automated traffic, rather than applying a blanket ban without nuance. For example, one media group may decide to allow a particular news-aggregator bot that drove traffic to their site (essentially treating it as a partner), while blocking other bots that simply republished their content without benefit. In practice, this means maintaining an allowlist of “good” bots (search engines, monitoring bots, authorized partners, etc.) and a dynamic denylist of unwanted bots.14

    Business stakeholders should be involved in classifying bots: is a given crawler helping our business (by increasing our reach or visibility), or hurting it (by exploiting our IP or straining our systems)? For instance, some companies may choose to permit certain AI scrapers because they want their content to be visible in AI-driven search results or chat answers — which can result in inclusion in reports like this one, where we made use of AI to help with our research — essentially an investment in future discoverability.

    Others will decide to block all AI training bots to protect proprietary data or seek licensing fees. Both approaches are valid; what’s important is that the bot management strategy aligns with the company’s goals and risk tolerance.15

Report recommendations: Best practices for bot management on content-rich websites
Given the insights above, what practical steps can organizations take to better manage automated web traffic? Below are several best practices and recommendations for content platforms grappling with a surge in bot activity:
1. Implement multi-layered bot detection
Relying on a single mechanism (be it a CDN’s bot filter or a basic JavaScript challenge) is not sufficient against today’s bots. Use a combination of techniques across different layers. Network-level defenses (IP rate limiting, WAF rules, CDN bot management) provide a first line of filtering. Application-level strategies add a deeper layer of scrutiny for anything that gets through. And client-side signals (in-browser scripts that detect automation, fingerprinting, etc.) can further help differentiate human versus bot behavior. For example, you might configure your CDN to block known bad bot user-agents and known malicious IPs, while your application code monitors for abnormal navigation patterns or hidden link clicks that only a bot would trigger.
2. Continuously monitor traffic and tune defenses
Make log analysis and traffic monitoring a regular operational task. By regularly reviewing server logs and traffic patterns, you can spot anomalies — such as sudden spikes from certain user agents or IP ranges — that may indicate a scraper at work. As noted earlier, all bot management solutions require fine-tuning. Plan to update bot signatures, adjust detection thresholds and refine rules on an ongoing basis. It can be useful to schedule periodic “bot review” meetings between development, ops and security teams to go over recent bot activity and calibrate responses. Over time, this iterative tuning will hone your defenses to be more accurate. Also, keep an eye on industry threat intel (many vendors provide updates on new bot tactics) so you can proactively adapt. In short: treat bot defense as a living program that evolves with the threat landscape.
3. Deploy bot mitigation closest to high-value content
Identify which parts of your site or application are most sensitive or valuable (e.g., a proprietary database, premium articles, pricing info) and consider integrating bot protections directly into those areas. For example, some sites choose to put critical content behind user authentication or implement dynamic tokens that are issued to real browsers but hard for bots to reuse. The CMS can employ business logic — such as requiring a valid session or JavaScript-rendered token for certain requests — that thwarts simple scrapers. Also leverage your CMS’s ability to serve different responses: for suspected bots, you might serve a lightweight page or an error, while humans get the normal page. This adaptive serving, guided by bot detection signals, can reduce strain caused by scrapers repeatedly loading heavy content. The principle is to enforce anti-bot measures as close as possible to the target data, where you have full context.
4. Preserve “good bots” and key integrations
Not all automated traffic is harmful. It’s important to allow known good bots that benefit your business. These typically include search engine crawlers (Googlebot, Bingbot, etc.), uptime monitoring services, SEO or social-media preview bots, and partner APIs. Modern bot management tools usually come with a directory of recognized bots and can let these through by default. Double-check that your defenses are not unintentionally blocking such bots — for example, if you see a sudden drop in Google indexing, ensure Googlebot isn’t getting caught in a new rule. Many solutions offer an “allow list” feature; use it to permit reputable bots by their user-agent (and IP ranges if possible). Additionally, if you syndicate content via feeds or APIs, those consumers might appear as bots; coordinate with those partners to identify their traffic so you don’t cut them off. In summary, maintain an allowlist for beneficial automation. This keeps your site visible and functional to the services you want interacting with it, while you clamp down on the rest.
5. Establish clear content use policies and legal preparedness
From an IP protection standpoint, make sure your website’s Terms of Service explicitly address unauthorized scraping and AI data usage. While not technically preventing bots, strong legal terms strengthen your position if you need to pursue an abuser or join industry legal actions. We’ve seen that many sites now include clauses prohibiting the use of their content to train AI without consent. Implementing a robust that disallows known AI agents (e.g., user-agent: GPTBot) is also recommended — even though not all bots honor it, it serves as an important signal of your intent and can support future legal arguments that a scraper willfully ignored your policies. Encourage industry moves toward better standards: for instance, the IETF’s new “AIPREF” working group is devising a modern mechanism to let publishers indicate how their content can (or cannot) be used for AI training. Stay abreast of these developments, and be ready to adopt new “AI meta” tags or protocols that emerge (similar to how and meta tags evolved for search engines). By clearly signaling your preferences both in machine-readable form and in legal terms, you put your site in the best position to either deter scrapers or enforce consequences if they violate your rights.16
6. Balance bot blocking with business impact
Finally, approach bot management as a business decision as much as a technical one. Define what success looks like for your organization: Is it absolute IP protection at all costs? Is it maximizing human audience and even AI exposure? Is it somewhere in between, like allowing certain aggregation for visibility but protecting specific data aggressively? Once your priorities are clear, configure your bot management stance accordingly. If intellectual property protection is priority number one (as it might be for a research publisher or exclusive content provider), you will lean towards strict blocking, aggressive bot challenges and even pursuing violators legally. If broad visibility is more important (say you’re a marketing content site that wants as many eyes as possible on your info), you might tolerate more bots or offer paid licensing to AI firms rather than blocking them. Many companies will have a nuanced middle ground: for example, blocking direct competitors’ scrapers while cooperating with aggregators that send traffic back. The key is to regularly review and align your bot policies with your current business goals. It can be helpful to include stakeholders from editorial, marketing and product teams in these reviews, since they can provide perspective on the value or harm of certain bots. By treating bots as another category of “user” that needs management, you can make conscious choices that support your strategy (much like you’d cater to different user segments differently). Bot management should not happen in a silo — tie it into your overall digital strategy and adjust as that strategy evolves.

Conclusion

The rise of automated web traffic — fueled in large part by AI’s voracious appetite for data — presents a complex challenge for digital content platforms. On one hand, bots are overwhelming infrastructure and quietly exfiltrating the hard-earned content that organizations produce. On the other, not all bots are inherently bad — and in fact some level of automated access is integral to the open web and to business growth. As we have explored, there is no silver-bullet solution.

Liz Burgess, Brightspot’s Senior Manager, Service Delivery, who led our Blue team, said, “I told our Red team to ‘come at me!’ and was repeatedly disappointed by the performance of single-source solutions that promised comprehensive bot management. I was pretty chuffed when our multi-layer integrated approach proved effective.”

Combating unwanted bots requires a combination of smart technology and smart policy. Technical defenses must be multi-faceted and continuously updated to keep up with evolving scrapers. Equally, organizational strategies must be well-defined to distinguish between the automated traffic that should be welcomed and that which must be shown the door.

Brightspot’s investigation into bot management tools revealed that while technology is improving (with advanced behavior analysis, AI-driven detection, etc.), human oversight and tuning remain vital. It also highlighted the advantages of weaving bot awareness into the fabric of the CMS and application itself, rather than treating it as an external afterthought. Ultimately, effective mitigation will come from a layered defense and an adaptive mindset. We encourage IT leaders to audit their current traffic and ask: How much of it is non-human, and what is it doing? From there, business leaders and technologists can collaborate on a plan to protect their content’s value, ensure their sites stay reliable, and decide how — or if — they want their data to contribute to the AI ecosystems that are emerging.17

In navigating this new era of automated web traffic, knowledge is power. By understanding the scale, knowing the tools available and aligning actions with goals, organizations can regain control of their web traffic mix. Brightspot remains committed to helping our customers face these challenges. Through continued research, platform innovations and partnerships with leading bot mitigation providers, we aim to ensure that your valuable content serves your human audience first and foremost, while unwanted bots are kept at bay. The web may be increasingly populated by bots, but with the right approach, we can keep the bots in check and the digital experience thriving for everyone involved.

Sources:
1. Imperva – 2024 Bad Bot Report
2. ManagedServer – Bots make up approximately 50% of global web traffic.
3. Reuters – Exclusive: Multiple AI companies bypassing web standard to scrape publisher sites, licensing firm says
4. PromptCloud – Read and Respect Robots Txt File
5. Imperva – The New York Times vs. OpenAI: A Turning Point for Web Scraping?
6. Reuters – Exclusive: Multiple AI companies bypassing web standard to scrape publisher sites, licensing firm says
7. 404 Media – The Backlash Against AI Scraping Is Real and Measurable
8. Wired – The Race to Block OpenAI’s Scraping Bots Is Slowing Down
9. ManagedServer – Bots make up approximately 50% of global web traffic.
10. ManagedServer – Bots make up approximately 50% of global web traffic.
11. AI Journal – Google and OpenAI Are Slowing Down Your Website
12. SecureAuth – Elevate Your Bot Detection: Why Your WAF Needs Our Intelligent Risk Engine
13. Approov – Streamlining the Defense Against Mobile App Bots
14. Akamai – Managing AI Bots as Part of Your Overall Bot Management Strategy
15. Cloudflare – How to manage good bots | Good bots vs. bad bots - Cloudflare; United States Cybersecurity Magazine - Bots: to Block or Not to Block? Effective Bot Management Strategy
16. Computerworld – IETF hatching a new way to tame aggressive AI website scraping
17. AWS Documentation – Example scenarios of false positives with AWS WAF Bot Control; Akamai - Top 10 Considerations for Bot Management

CMS security & infrastructure Artificial intelligence (AI)
Brightspot
Brightspot Brightspot
At Brightspot we believe technology should enable content-focused teams to work smarter, faster, and more seamlessly to move businesses forward. With decades of experience in publishing and media, we help companies transform their business content and digital experiences by creating enterprise applications at scale with astonishing speed.
Related stories
graphic illustration depicting AI workflows and measurement features for content creation using AI
Content insights
6 ways to use AI responsibly in your content workflow
Technology insights
Botnets, scrapers and AI attacks: Why web security must evolve
image showing web accessibility features and capabilities
Content insights
The European Accessibility Act deadline is coming: What digital teams need to know
graphic depicting essential CMS features for news websites
CMS insights
11 of the best: Essential CMS features for news media publishers
Get more technology insights here
Explore our CMS guides
red icon of workflow and publishing modules
CMS architecture guide
Explore our CMS architecture guide to understand the differences between coupled CMS, decoupled CMS and headless CMS, as well as the pros and cons for each.
red icon of document with eyeball graphic
CMS selection guide
Take the guesswork out of finding the right content management system for your needs with our guide to choosing the right CMS.
red icon of tech stack symbol
Digital transformation guide
Digital transformation refers to the use of technology to create new or improved processes and customer experiences to drive better business outcomes. Learn more here.
red icon of photo gallery collage
Digital asset management guide
A digital asset management (DAM) system helps organizations and publishers manage and access all of their digital assets in one centralized place. Learn more in our guide.