AI-driven bot attacks surge 12.5x as automation reshapes the internet

A new report from Thales warns that artificial intelligence is rapidly transforming the internet into a machine-dominated environment, with bot-driven activity now surpassing human traffic and cyberattacks becoming more sophisticated than ever.

According to the 2026 Bad Bot Report: Bad Bots in the Agentic Age, AI-driven bot attacks surged 12.5 times in 2025 compared to the previous year, marking a dramatic escalation in automated threats.

Bots now dominate online activity

The report highlights a fundamental shift in internet usage, with bots accounting for more than 53% of all web traffic in 2025, up from 51% the year before. Human activity, by contrast, fell to just 47%.

Of that automated traffic, roughly 40% is classified as malicious, underscoring the growing scale of cyber risks facing organisations worldwide.

Unlike previous years, where bot activity was often tied to specific attack campaigns, automation is now a constant presence across digital systems, shaping how businesses operate online.

AI blurs the line between good and bad bots

One of the most significant developments identified in the report is the emergence of AI agents as a new category of internet traffic. These agents operate alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to perform tasks and retrieve data.

This evolution is making it increasingly difficult for organisations to distinguish between legitimate and harmful activity.

“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems,” he added.

APIs and identity systems under growing threat

The report also finds that attackers are increasingly targeting APIs, the backbone of modern digital services. Around 27% of bot attacks are now directed at APIs, where automated systems can bypass front-end interfaces and interact directly with backend infrastructure.

These attacks often mimic legitimate behaviour, using valid credentials and structured requests to exploit business logic, extract sensitive data, or manipulate workflows at scale.

High-value sectors are particularly exposed. Financial services accounted for 24% of all bot attacks and nearly half (46%) of account takeover incidents, demonstrating how automation is being used to directly monetise cybercrime.

A shift toward machine-driven infrastructure

The findings point to a broader transformation in how the internet functions. Bots are no longer just tools used by attackers, they are active participants in digital ecosystems, influencing traffic patterns, business metrics, and system performance in real time.

This shift is creating what Thales describes as a “visibility gap,” where much AI-driven activity remains difficult to verify or classify, leaving organisations with an incomplete understanding of their risk exposure.

Rethinking cybersecurity strategies

The report concludes that traditional approaches focused on blocking bots are no longer sufficient. Instead, organisations must adopt governance-based strategies that prioritise visibility, behavioural analysis, and policy enforcement.

This includes defining which automated agents are allowed to interact with systems, strengthening protections at the API and identity level, and developing adaptive defences capable of keeping pace with evolving AI-driven threats.

As AI adoption accelerates, the report warns that managing – not just stopping – automation will be critical to maintaining security, trust, and performance in an increasingly machine-driven digital world.