Security & Riskbad botsapi securitythalesimperva

AI Bots Drive Majority of Internet Traffic

||By LDS Team
7.9
Relevance Score
AI Bots Drive Majority of Internet Traffic
Photo: cms.interestingengineering.com · rights & takedowns

Multiple industry reports show automated traffic now matches or exceeds human web visits. Imperva's 2025 Bad Bot Report found 51% of web traffic came from automated agents in 2025, while Thales' 2026 Bad Bot Report reported 53% of web traffic and said 40% of that traffic was classified as malicious (SecurityBrief UK; Imperva). Thales also reported AI-driven bot attacks rose 12.5x year over year (InterestingEngineering; SecurityBrief UK). Human Security's State of AI Traffic report showed automated traffic grew about eight times faster than human traffic in 2025 and that AI agent traffic, including OpenClaw, spiked nearly 8,000% (CNBC). Editorial analysis: These numbers reflect an industry-wide shift where automated agents and API-targeted abuse are becoming the primary operational threat vector for online services, forcing defenders to rethink detection by intent rather than identity.

What happened

Multiple security vendors and industry reports document a step change in automated internet activity during 2025. Imperva's 2025 Bad Bot Report found 51% of web traffic came from automated agents in 2025, according to Imperva promotional material (Imperva snippet). Thales' 2026 Bad Bot Report, covered by SecurityBrief UK and InterestingEngineering, reported 53% of web traffic was bot-driven in 2025 and stated 40% of that bot traffic was classified as malicious (SecurityBrief UK; InterestingEngineering). Thales' report also said AI-driven bot attacks surged 12.5x year over year (InterestingEngineering; SecurityBrief UK). Human Security's State of AI Traffic report, cited by CNBC, found automated traffic grew roughly eight times faster than human traffic in 2025 and that traffic from AI agents such as OpenClaw grew nearly 8,000% year over year (CNBC).

Technical details

Editorial analysis - technical context: Public reporting emphasizes three technical shifts rather than a single technique. First, vendors describe the emergence of AI agents as a distinct category of traffic that interacts directly with applications and APIs, complicating bot classification (SecurityBrief UK; InterestingEngineering). Second, reports highlight an increasing share of attacks targeting APIs, with Thales reporting about 27% of bot attacks focused on APIs in its coverage (SecurityBrief UK). Third, attackers are combining accessible generative AI, headless browsers, residential proxies, and credential reuse to create high-volume, humanlike request streams that evade legacy blocking rules (CyberPress; SecurityBrief UK).

Context and significance

For security teams and platform engineers, the shift documented by Imperva, Thales, and Human Security changes the signal defenders must extract from traffic. Reports show not only higher volume but also more sophisticated automation that can use valid credentials and normal-looking requests, which reduces the effectiveness of rules that rely on obvious anomalies (InterestingEngineering; CNBC; CyberPress). Thales and SecurityBrief UK highlight that sectors with immediate financial value, notably financial services, received outsized attention, with Thales reporting finance accounted for 24% of bot attacks and 46% of account takeover incidents in its coverage (SecurityBrief UK).

What to watch

For practitioners: Monitor three measurable indicators reported by vendors. 1) vendor telemetry on bot-versus-human traffic share (Imperva/Thales), 2) API-targeted request volume and new endpoints being probed (Thales), and 3) rapid growth in named agent fingerprints or agent-driven traffic such as OpenClaw reported by Human Security (CNBC). Also watch vendor methodologies for measuring automated traffic, since Human Security noted that estimating bot activity from agent strings is noisy and that platform coverage varies (CNBC).

Quoted perspectives

Tim Chang, Global Vice President and General Manager, Application Security at Thales, said, "AI is transforming automation from something organizations try to block into something they must also manage," as quoted in InterestingEngineering. Stu Solomon, CEO of Human Security, said, "The internet as a whole was created with this very basic notion that there's a human being on the other side of the computer screen, and that notion is very rapidly being replaced," as quoted in CNBC.

Limitations

Editorial analysis: Reported numbers come from vendor telemetry and differ between vendors. Imperva and Thales report slightly different bot-share figures (51% vs 53%), and vendors acknowledge measurement challenges when extrapolating from customer telemetry to the entire internet (CNBC). Practitioners should treat vendor figures as directional and combine multiple telemetry sources when making risk assessments.

Key Points

  • 1Industry context: Vendor reports (Imperva, Thales, Human Security) show automated agents now constitute roughly half of web traffic, shifting attacker scale and tactics.
  • 2Industry context: AI-driven automation increases API-focused abuse, making business-logic and identity systems higher-priority detection targets.
  • 3For practitioners: Diverse vendor telemetry and noisy agent strings mean defenders should monitor multiple signals and instrument APIs for intent analysis.

Scoring Rationale

Multiple vendor reports documenting that automated agents account for roughly half of web traffic and that AI-driven attacks jumped sharply constitute a notable shift in the threat landscape. This materially affects detection, API protection, and fraud risk for practitioners.

Practice with real Ad Tech data

90 SQL & Python problems · 15 industry datasets

250 free problems · No credit card

See all Ad Tech problems