← Back to Guides

How to protect your AI app from bots

Learn how to protect your AI app from bots, scrapers, and abuse using Firewall, BotID, and more.
Last updated on August 19, 2025
AI

If you are building an AI app, whether it is a chat interface, API, or content generation tool, you are in the crosshairs of automated abuse. Bots can drain your compute budget, scrape your training data, and flood your app with fraudulent activity.

This guide walks through the most common ways bots attack AI applications and the Vercel features you can use to block them. From Web Application Firewall (WAF) to Verified Bot allowlists, learn exactly how to keep your app secure.

AI applications are prime targets because they offer expensive, valuable functionality that's often accessible through simple API calls. Attackers use bots to:

  • Steal your prompts: They'll grab your system prompts and templates to build competing services
  • Farm your API: Running thousands of requests to generate content at your expense
  • Scrape your data: Harvesting your content to train their own models without permission

Vercel gives you multiple layers of protection to detect, block, and manage unwanted automated traffic. You can apply these defenses from the Vercel dashboard in real time or integrate them directly into your code, with changes and protections taking effect globally in milliseconds.

Tool

When to use it

DDoS protection

When you need to shield your AI app from large-scale traffic floods that could overwhelm infrastructure or spike compute costs

Web Application Firewall (WAF)

When you want to block, challenge, or rate limit requests based on IP, user agent, geolocation, or request patterns, ideal for stopping specific scrapers, blocking malicious regions, or rate limiting expensive endpoints.

BotID (Invisible Verification)

When you want to silently detect and block automated traffic without CAPTCHAs.

Verified Bots

When you need to ensure trusted crawlers or webhooks bypass your bot protections without being blocked.

Attack Challenge Mode

When you want to automatically challenge users (for example CAPTCHA) only during suspicious traffic spikes or abnormal patterns.

Vercel automatically mitigates L3/L4 and L7 DDoS attacks, protecting your app from massive traffic floods that can overwhelm your infrastructure.

This protection is especially critical for AI applications because each request can trigger expensive operations like GPU inference, model loading, or complex data processing. While a traditional web app might handle thousands of requests cheaply, AI endpoints can see costs spike dramatically from just hundreds of malicious requests hitting expensive routes like text generation or image processing.

The WAF lets you apply custom rules and managed rulesets to stop suspicious or malicious HTTP traffic. You can block, challenge, or rate limit requests based on IP address or range, user agent, geolocation, request patterns, and more.

This means you can block specific crawlers like GPTBot by user agent, challenge suspicious signups that may lead to free-tier abuse, and rate limit access to expensive endpoints.

Screenshot 2025-08-15 at 11.49.46 AM.png

Beyond basic blocking, the WAF helps you implement sophisticated protection strategies tailored to AI workloads. You might challenge users from regions with high fraud rates or block specific patterns that indicate prompt injection attempts. This flexibility means you can adapt your defenses as new attack patterns emerge, keeping your AI app secure without disrupting legitimate usage.

BotID silently validates traffic without CAPTCHAs or friction. It analyzes thousands of request signals in real time to detect advanced automation, spoofed browsers, and replay attacks.

This is especially valuable for endpoints where every request has a cost. For instance, if your AI app has an /api/completion route, you can integrate BotID with a lightweight server-side check (in addition to some client-side and redirect configuration):

import { checkBotId } from 'botid/server';


export async function POST(req: Request) {
  const { isBot } = await checkBotId();
  if (isBot) {
    return new Response("Access Denied", { status: 403 });
  }
  return new Response(await generateAIOutput(req), { status: 200 });
}

Not all bots are bad. Verified Bots are trusted automated services, such as search engine crawlers, payment webhooks, or analytics integrations, that you want to allow through security defenses.

These bots are identified and allowed using:

  • IP verification: Matching requests to known ranges owned by the service
  • Reverse DNS lookup: Ensuring IPs resolve to the correct domain
  • Cryptographic validation: Confirming identity via signed requests or authentication protocols

Vercel maintains an allowlist of verified bots ensures that essential workflows continue uninterrupted, even when other bot protections are active.

Attack Challenge Mode detects abnormal traffic surges or suspicious request patterns and issues a challenge—such as a CAPTCHA—before allowing access. This disrupts high-intensity bot activity without impacting legitimate users.

By introducing a verification step only when threats are detected, Attack Challenge Mode helps protect expensive endpoints, preserve compute resources, and safeguard proprietary data.

Your AI app should serve people, not scripts pretending to be them. With Vercel, you have all the tools you need to protect your models, data, and infrastructure.

- Delve into an overview of managing bots in Vercel

- Configure WAF Rules, IP Blocks, and more

- Start using BotID

- Allow trusted crawlers and integrations via Verified Bots

Couldn't find the guide you need?