AI is erasing the line between legitimate and malicious activity, as per the report.

A French company has revealed that the bots now dominate the internet, accounting for over half of all traffic, with 40% classified as malicious. Thales stated in a report that in 2025, AI-driven bot attacks surged 12.5x compared to the previous year.
Titled “2026 Bad Bot Report: Bad Bots in the Agentic Age”, the report revealed a fundamental shift in how the internet operates, as AI-accelerated automation becomes a defining feature of modern digital infrastructure.
The report shows that AI is not just increasing the volume of bot activity, but fundamentally changing its nature.
AI erasing the line between legitimate and malicious activity
It also highlighted that AI is erasing the line between legitimate and malicious activity, making intent – not identity – the new security challenge. APIs and identity systems are primary targets, with attackers bypassing front-end defenses to exploit core business logic at scale, according to the report.
The findings highlight three major structural changes: the emergence of AI agents as a new category of internet traffic, the dominance of automated activity over human interaction, and the rapid expansion of attacks targeting APIs and identity systems that serve as the backbone of digital business.
More significantly, AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to retrieve data and perform tasks. This shift is blurring the line between legitimate and malicious automation, making it increasingly difficult for organizations to determine intent, as per the report.
AI transforming automation
“AI is transforming automation from something organizations try to block into something they must also manage,” said Tim Chang, Global Vice President and General Manager, Application Security at Thales.
“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
The report shows automation tightening its grip on the internet, with bots continuing to outpace human activity. In 2025, bots made up more than 53% of all web traffic, up from 51% the previous year, while human activity fell to 47%. This reflects a structural shift rather than a temporary trend, with bots no longer tied to specific events like scraping or credential stuffing campaigns, but instead operating as a persistent and expected presence across digital environments, according to Thales.
Thales report also highlighted that 27% of bot attacks now target APIs, where bots can bypass user interfaces and interact directly with backend systems at machine speed.
These attacks often appear legitimate, using valid authentication and well-formed requests, but exploit business logic, extract sensitive data, or manipulate workflows at scale. The impact is especially pronounced in high-value sectors. Financial services accounted for 24% of all bot attacks and 46% of account takeover incidents, underscoring how automation is being used to directly monetize cyberattacks, as per the release.
Get the latest in engineering, tech, space & science - delivered daily to your inbox.
Prabhat, an alumnus of the Indian Institute of Mass Communication, is a tech and defense journalist. While he enjoys writing on modern weapons and emerging tech, he has also reported on global politics and business. He has been previously associated with well-known media houses, including the International Business Times (Singapore Edition) and ANI.

























