Artificial intelligence (AI) and automation have changed the playing field of devising and defending against distributed denial-of-service (DDoS) attacks.
The same reasons why enterprises turn to AI, for speed, simplicity, innovation, scaling and to plug skills gaps, are now being exploited by cybercriminals to supercharge their attacks.
Richard Hummel
Social Links Navigation
Director of threat intelligence at NETSCOUT.
Businesses must adapt to this new reality of AI-enhanced cybercrime and respond with equally intelligent defenses, or risk being overwhelmed by more sophisticated attacks.
You may like
The prevalence and impact of DDoS attacks
DDoS attacks wreak havoc on businesses, critical infrastructure and nation states. They draw on unwittingly compromised systems, or botnets, to put servers or networks out of action by flooding them with traffic. The operational, financial and reputational damage can be severe.
Attacks are prolific. In the first half of 2025, NETSCOUT observed more than 8 million, with 40 percent of those (3.2 million) taking place in EMEA. Vast botnets of tens of thousands of hardware components delivered sustained attacks which lasted for an average of 18 minutes.
DDoS is now more accessible to would-be perpetrators. Sophisticated DDoS-for-hire services have removed barriers to entry so even relative novices can now launch campaigns. At the same time, new techniques and tools are bypassing established defense measures and raising the stakes on risk mitigation.
Yet, what is behind this accelerated rise in attack accessibility? The answer increasingly appears rooted in AI and automation.
AI-powered DDoS: the latest threat in town
AI is changing the DDoS landscape. The technology has transformed attack capabilities, with cybercriminals using it to supercharge their assaults, making attacks stronger and more agile than ever before. Here are five key ways in which AI is enhancing DDoS attacks:
1. Plugging skills gaps through accessible tools
It used to be that you needed advanced technical skills to devise and launch a DDoS attack. Indeed, alongside extortion, cyberwarfare and other motivations, some DDoS offenders do it because they just love to demonstrate their capabilities.
You may like
Those capabilities include determining attack vectors, understanding how to exploit server or network weaknesses and using bespoke infrastructure, botnets, malware and other tools. Serious technical skills.
Now, DDoS-for-hire services, also known as ‘booters’ or ‘stressers’, provide ready-made IT infrastructure incorporating advanced features to rent. These services can integrate attack scheduling, dynamic vector adjustment and repetition for multi-target campaigns.
2. Simplifying with AI assistant integration
AI assistants in DDoS-for-hire platforms further negate the need for technical skills. Attackers can simply describe what they want to an AI chatbot, such as, “I want to take this platform offline during this period.” This chilling theoretical example illustrates the extent to which cybercriminals no longer need to understand DDoS mechanics, or the infrastructure of their targets, to launch attacks.
3. Speeding up with AI-enhanced automation
With automation, cybercriminals can launch an attack in just minutes. They can also schedule attacks to run at times when they are likely to inflict maximum damage on targets.
4. Scaling through real-time adaptation
Automation helps with scaling too, through repeatable attacks that can continue for days or weeks, delivering more value with little intervention. Using AI, attackers can adjust and fine-tune their attacks based on real-time data to bypass defenses, pinpointing vulnerabilities and increasing output. Threat actors can learn from a target’s response, adapting attacks as a way of prolonging them and maintaining their impact.
5. Innovating through CAPTCHA solving and behavior mimicking
Now, bots exist that can mimic human behavior and evade CAPTCHA systems designed to identify bot activity. AI-driven bots can imitate individuals’ browsing behavior, making it increasingly difficult for established defense measures to thwart attacks.
Detecting and defending against AI-powered DDoS attacks
As the saying goes, ‘fight fire with fire.’ Whilst attackers use AI to be more aggressive and effective in their attacks, businesses can use it too to ramp up their DDoS defenses.
A proactive, AI-driven approach starts with advanced monitoring tools that themselves use automation to detect patterns of automated behavior. These patterns could be unusual traffic or subtle signs that traditional security defenses may miss but that could suggest the start of an attack.
One of AI’s strengths is its ability to analyze huge data sets; given this, it makes sense to put it to work on traffic data to detect anything anomalous. Whilst AI-boosted DDoS attacks can adapt according to how security measures respond, so too can security capabilities adapt in real time.
Then there is day-to-day threat intelligence. AI-powered insights can identify new and emerging attack techniques so that businesses can prepare by adjusting their defense strategies.
When they discover an attack in progress, insights can supply the necessary intelligence so security teams can, for example, block the IP address range of known botnets.
The way forward: from AI attack to defense
Supercharged AI-powered DDoS attacks threaten everything and everyone, from critical infrastructure and national security to businesses and individuals.
Cybercriminals are exploiting AI and automation to be more agile and make their DDoS attacks more effective. Traditional defenses risk being swept aside in the flood.
There is a way forward though, in the ongoing battle against cyberattacks. Organizations must act through proactive and intelligent mitigation that turns AI from attack to defense, helping them stay ahead of sophisticated and enduring DDoS threats.
We’ve featured the best online cybersecurity courses.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
