AI Bots Drive Majority of Internet Traffic

Multiple security vendors and industry reports document a step change in automated internet activity during 2025. Imperva's 2025 Bad Bot Report found 51% of web traffic came from automated agents in 2025, according to Imperva promotional material (Imperva snippet). Thales' 2026 Bad Bot Report, covered by SecurityBrief UK and InterestingEngineering, reported 53% of web traffic was bot-driven in 2025 and stated 40% of that bot traffic was classified as malicious (SecurityBrief UK; InterestingEngineering). Thales' report also said AI-driven bot attacks surged 12.5x year over year (InterestingEngineering; SecurityBrief UK). Human Security's State of AI Traffic report, cited by CNBC, found automated traffic grew roughly eight times faster than human traffic in 2025 and that traffic from AI agents such as OpenClaw grew nearly 8,000% year over year (CNBC).

Editorial analysis - technical context: Public reporting emphasizes three technical shifts rather than a single technique. First, vendors describe the emergence of AI agents as a distinct category of traffic that interacts directly with applications and APIs, complicating bot classification (SecurityBrief UK; InterestingEngineering). Second, reports highlight an increasing share of attacks targeting APIs, with Thales reporting about 27% of bot attacks focused on APIs in its coverage (SecurityBrief UK). Third, attackers are combining accessible generative AI, headless browsers, residential proxies, and credential reuse to create high-volume, humanlike request streams that evade legacy blocking rules (CyberPress; SecurityBrief UK).

For security teams and platform engineers, the shift documented by Imperva, Thales, and Human Security changes the signal defenders must extract from traffic. Reports show not only higher volume but also more sophisticated automation that can use valid credentials and normal-looking requests, which reduces the effectiveness of rules that rely on obvious anomalies (InterestingEngineering; CNBC; CyberPress). Thales and SecurityBrief UK highlight that sectors with immediate financial value, notably financial services, received outsized attention, with Thales reporting finance accounted for 24% of bot attacks and 46% of account takeover incidents in its coverage (SecurityBrief UK).

For practitioners: Monitor three measurable indicators reported by vendors. 1) vendor telemetry on bot-versus-human traffic share (Imperva/Thales), 2) API-targeted request volume and new endpoints being probed (Thales), and 3) rapid growth in named agent fingerprints or agent-driven traffic such as OpenClaw reported by Human Security (CNBC). Also watch vendor methodologies for measuring automated traffic, since Human Security noted that estimating bot activity from agent strings is noisy and that platform coverage varies (CNBC).

Tim Chang, Global Vice President and General Manager, Application Security at Thales, said, "AI is transforming automation from something organizations try to block into something they must also manage," as quoted in InterestingEngineering. Stu Solomon, CEO of Human Security, said, "The internet as a whole was created with this very basic notion that there's a human being on the other side of the computer screen, and that notion is very rapidly being replaced," as quoted in CNBC.

Editorial analysis: Reported numbers come from vendor telemetry and differ between vendors. Imperva and Thales report slightly different bot-share figures (51% vs 53%), and vendors acknowledge measurement challenges when extrapolating from customer telemetry to the entire internet (CNBC). Practitioners should treat vendor figures as directional and combine multiple telemetry sources when making risk assessments.