- Automated bots now account for more than half of global Internet traffic, with malicious bots approaching 40%.
- AI-powered bot attacks increased more than twelvefold in 2025, blurring the line between legitimate automation and abuse
- An increasing proportion of attacks target APIs, with financial services suffering nearly half of last year’s account takeovers.
It’s been a few years since automated bot activity took up the majority of the world’s web traffic, but “bad bots” are taking an increasing slice of that pie, and with the addition of artificial intelligence agents to the mix, the problem is becoming increasingly complex.
A new report on bot activity, produced by the teams at Thales Research and Security Analyst Services during 2025, found that automated activity now accounts for more than 53% of all Internet traffic, with the remaining 47% being human interaction.
Bad bots, on the other hand, now account for almost 40% of all global web traffic.
Article continues below.
Blurring the lines
AI-powered bot attacks have increased 12.5-fold over the past year, Thales added. This evolution has gone beyond simple scripts for filling in credentials or scratching prices and has turned robots into sophisticated entities that can imitate human behavior with alarming precision.
These “AI agents” are now in a category of their own and interact directly with applications and APIs to perform complex tasks.
As such, they are increasingly blurring the line between legitimate business automation and malicious intent.
“AI is transforming automation from something organizations try to block to something they must also manage,” said Tim Chang, global vice president and general manager of application security at Thales.
“The challenge is no longer identifying bots. It’s understanding what the bot, agent or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
A significant portion of this malicious activity (around 27%) is now specifically targeting APIs. By bypassing traditional user interfaces, bots can interact with backend systems at machine speed, exploiting business logic and manipulating workflows. The trend is apparently most obvious in the financial services sector, where 46% of all account takeover incidents occurred last year.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
