Subj : Major AI agents are being spoofed - and it could put your site at
To   : All
From : TechnologyDaily
Date : Mon Nov 10 2025 15:30:08

Major AI agents are being spoofed - and it could put your site at risk

Date:
Mon, 10 Nov 2025 15:23:00 +0000

Description:
Bad bots are trawling the web, impersonating legitimate agents to get 
permissions, experts warn.

FULL STORY
======================================================================AI 
Agents are skyrocketing in popularity - and sites are accommodating them This 
means they are forced to also accommodate 'bad bots' Sites must tighten 
security to protect themselves and users 

AI comes in many forms, and dominating the tech world right now is AI agents, 
which are evolving fast, often outpacing the security measures put in place 
to control them - but thats just one side of the story, as security teams not 
only have rogue but legitimate agents posing security risks, but also fake 
agents. 

New research from Radware reveals these malicious bots disguise themselves as 
real AI chatbots in agent mode, like ChatGPT, Claude, and Gemini - all good 
bots that, crucially, require POST request permissions for any transactional 
capabilities such as booking hotels, purchasing tickets, and completing 
transactions - all central to their advertised usage. 

Legitimate agents can interact with web page components like account 
dashboards, login portals, and checkout processes - which means websites now 
have to allow POST requests from AI bots in order to accommodate these 
legitimate agents. Only read, never write 

The issue here is that previously, a fundamental assumption in cybersecurity 
was that good bots only read, never write. This weakens security for site 
owners, as malicious actors can much more easily spoof legitimate agents, as 
they need the same website permissions. 

Legitimate AI agent traffic is surging, making it all the more likely that 
these fraudulent bots will pass through undetected. Most exposed are, of 
course, the high risk industries; finance, ecommerce, healthcare, and also 
the ticketing/travel companies AI agents are specifically designed to use. 

Chatbots all use different identification and verification methods, making it 
even more difficult for security teams to detect malicious traffic - and 
easier for threat actors who will just impersonate the agent with the weakest 
verification standard. 

Researchers recommend adopting a zero-trust policy for state-changing 
requests, like implementing AI-resistant challenges like advanced CAPTCHAs. 
They also recommend treating all user-agents as untrustworthy as standard, 
and adopting robust DNS and IP-based checks to ensure the IP addresses match 
the bots claimed identity. 

 Follow TechRadar on Google News and add us as a preferred source to get our 
expert news, reviews, and opinion in your feeds. Make sure to click the 
Follow button! 

 And of course you can also follow TechRadar on TikTok for news, reviews, 
unboxings in video form, and get regular updates from us on WhatsApp too.



======================================================================
Link to news story:
https://www.techradar.com/pro/security/major-ai-agents-are-being-spoofed-and-i
t-could-put-your-site-at-risk


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.