Internet Traffic Dominated by Bots
AI-driven bot attacks surged 12.5 times in 2025, according to Thales’ latest ‘Bad Bot Report’. This significant increase highlights how bots are now a predominant force on the internet.
The report identifies that over 53 per cent of web traffic in 2025 was generated by bots, up from 51 per cent the previous year, with 40 per cent of this traffic deemed malicious. The dominance of automated activity now surpasses human interaction online.
Tim Chang, Global Vice President and General Manager, Application Security at Thales, stated, “AI is transforming automation from something organisations try to block into something they must also manage.”
APIs and Identity Systems Under Attack
The report highlights that APIs and identity systems are prime targets for these attacks. Approximately 27 per cent of bot attacks now exploit APIs, bypassing user interfaces to directly engage with backend systems.
Financial services faced the brunt of these attacks, accounting for 24 per cent of all bot attacks and 46 per cent of account takeover incidents, indicating a trend where bots are used to monetize cyberattacks. Thales’ report emphasises that this trend is not a transient phenomenon but a structural shift in how the internet operates.
AI agents are emerging as a distinct category of internet traffic, blurring the lines between legitimate and malicious automation. This development complicates efforts to discern intent.
In 2025, AI-driven bot attacks surged 12.5 times compared to the previous year. This rapid expansion of attacks has shifted the internet’s landscape significantly.
Smith, a cybersecurity analyst, noted, “The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
Thales recommends a governance-based model for security, combining visibility, policy enforcement, and behavioral analysis to differentiate between acceptable and harmful automation.
The report also notes the emergence of AI agents as a new category of internet traffic. These agents interact directly with applications and APIs, retrieving data and performing tasks autonomously.
According to Thales, much of today’s AI-driven activity remains unverified, making it difficult for organisations to have a complete view of the risks they face.
As AI agents become more prevalent, they are expected to continue changing the landscape of internet traffic, further complicating security measures. By 2026, AI-driven bots are projected to account for an even larger share of internet activity, putting additional pressure on cybersecurity frameworks to adapt rapidly.
Last updated: 29 April 2026, 11:04 pm
