- Automated bots now account for more than half of global internet traffic, with malicious bots accounting for almost 40%.
- AI-powered bot attacks increased twelvefold in 2025, blurring the lines between legitimate automation and abuse.
- A growing share of attacks target APIs, with financial services accounting for almost half of last year’s account takeovers.
Automated bot activity has been cornering most of the world’s web traffic for a few years now, but “bad bots” are taking an ever-increasing slice of that pie, and with the addition of AI agents into the mix, the problem is only getting more complex.
A new report on bot activity, collected from Thales’s threat research teams and security analyst services over 2025, reveals that automated activity now accounts for more than 53% of all internet traffic, while the remaining 47% is human interaction.
In contrast, malicious bots now account for almost 40% of all global web traffic.
Article continues below
Blur the lines
AI-based bot attacks have increased 12.5 times over the past year, Thales added. This evolution has gone beyond simple credential stuffing or price-scraping scripts and transformed bots into sophisticated entities capable of mimicking human behavior with alarming accuracy.
These “AI agents” now belong to a category of their own, interacting directly with applications and APIs to perform complex tasks.
As such, they are increasingly blurring the lines between legitimate business automation and malicious intent.
“AI is transforming automation from a problem that organizations are trying to block into one that they must also manage,” said Tim Chang, global vice president and general manager of application security at Thales.
“The challenge is no longer identifying bots. It’s understanding what the bot, agent or automation does, whether it aligns with business intentions, and how it interacts with critical systems.”
A significant portion of this malicious activity (around 27%) now targets APIs specifically. Bypassing traditional user interfaces, bots can interact with backend systems at machine speed, leveraging business logic and manipulating workflows. The trend is seemingly most evident in the financial services sector, where 46% of all account takeover incidents last year occurred.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
