AkiraBot: The AI-Powered Spam Threat Targeting Over , Websites

In an alarming new discovery, cybersecurity researchers at SentinelLabs have identified a widespread spam campaign that’s taken the online world by storm. Dubbed AkiraBot, this botnet is exploiting large language models (LLMs), including OpenAI’s, to craft highly convincing spam messages that target small and medium business websites. Since September 2024, this operation has successfully infiltrated over 80,000 websites—leveraging AI to bypass traditional security filters and cause major disruptions across platforms like Shopify, GoDaddy, Wix, and Squarespace.

The sophistication of this campaign marks a significant evolution in cybercriminal tactics. By generating unique, AI-crafted spam for every message and rotating through attacker-controlled domains, AkiraBot is sidestepping even the most advanced spam detection systems. The bot’s integration with CAPTCHA bypass services and use of proxy networks further enhances its stealth and reach.

This isn’t just another spam operation—AkiraBot represents a serious shift in the cyber threat landscape. Let’s break down what’s really happening behind the scenes and what it means for online businesses everywhere.

AkiraBot: A New Era of AI-Driven Spam Campaigns

SentinelLabs has exposed a large-scale spam campaign called AkiraBot, impacting over 400,000 websites to date.
AkiraBot promotes two suspicious SEO services—Akira and ServiceWrap—through spam messages generated using an OpenAI LLM.
The spam targets SME websites built on popular platforms like Shopify, GoDaddy, Wix, and Squarespace.
Over 80,000 websites have already been successfully spammed since the campaign began in September 2024.
The use of LLMs enables each spam message to be uniquely generated, making traditional spam filters largely ineffective.
Attackers rotate domains used in the spam messages, complicating detection and blocking by security software.
The bot is built to evade CAPTCHA challenges using services like Capsolver, FastCaptcha, and NextCaptcha.
It also employs advertising proxy networks to mask its origins and avoid network-level detection.
AkiraBot initially focused on spamming contact forms but has since expanded to live chat widgets and comment sections.
The bot operates using two hardcoded OpenAI API keys, with several versions appearing since the start of the campaign.
The bot maintains logs of its activities, which enabled SentinelLabs to determine its spam success rate.
According to SentinelLabs, 80,000 websites had already been successfully compromised by January 2025.
This spam framework highlights the growing use of AI tools for malicious activities in cyberspace.
Traditional spam indicators no longer apply, as message content is now unpredictable and AI-generated.
Blocking domains used by Akira and ServiceWrap remains one of the few effective mitigation strategies.
Jim Walter of SentinelLabs urges website administrators to move beyond simple CAPTCHA and adopt more interaction-heavy user challenges.

What Undercode Say:

AkiraBot signals a fundamental shift in how spammers are using AI to advance their reach, effectiveness, and evasion tactics. Where once spam was relatively easy to identify through repetitive content and known blacklisted domains, AI has changed the game completely. The spam messages are not only grammatically correct—they’re diverse, human-like, and often persuasive enough to fool users and bypass even enterprise-level spam filters.

One of the most concerning elements is AkiraBot’s ability to evolve quickly. It now targets not just contact forms but also live chat widgets and public comment sections, broadening the attack surface for every business website. The transition from static to dynamic AI-generated spam makes blacklisting efforts nearly obsolete.

The bot’s reliance on multiple CAPTCHA bypass services is also a sobering reminder of how attackers are commodifying tools once reserved for legitimate uses like marketing and automation. AkiraBot’s use of advertising proxies to cloak its origin further complicates mitigation efforts, especially for small and mid-sized companies that lack dedicated security teams.

From an SEO standpoint, this campaign is particularly nefarious. The bot aims to push visibility for shady SEO services, and by injecting links into hundreds of thousands of websites, it may be manipulating search engine algorithms at scale. If successful, this could undermine trust in legitimate SEO practices and contribute to a flood of low-quality or even malicious search results.

Website owners can no longer rely solely on traditional tools like CAPTCHA to defend against spam. SentinelLabs’ recommendation to implement more complex, behavior-based interaction filters is critical. This could include honeypots, multi-step form submissions, or dynamic JavaScript challenges that are difficult for bots to complete.

Beyond defense, this event serves as a wake-up call for regulators, developers, and AI providers. OpenAI’s LLMs are being used in unintended, harmful ways. This creates a strong argument for stricter API usage policies, stronger monitoring of how keys are used, and possibly the introduction of bot behavior detection tools integrated into AI platforms themselves.

Ultimately, AkiraBot is not just a cybersecurity issue—it’s a sign of how AI misuse can ripple through digital infrastructure, erode trust in the internet, and blur the lines between human and machine-generated content. Businesses and security vendors must act fast to stay ahead of these evolving tactics, or risk becoming yet another statistic in the ever-growing list of AI-assisted cyberattacks.

Fact Checker Results:

The AkiraBot campaign is confirmed by reputable cybersecurity research from SentinelLabs.
Evidence supports the use of OpenAI LLMs and CAPTCHA bypass services in this attack.
Over 80,000 websites have verifiably been affected since September 2024.