Automation driven by artificial intelligence is becoming a fundamental element of Internet traffic, resulting in a structural change in the functioning of the digital space and a high increase in risk.

Thales Cybersecurity Products, distributed by Exclusive Networks, analyzes the main conclusions of the Bad Bot 2026 Report: ‘Bad Bots in the Agentic Age’the annual benchmark study of malicious bot activity on the Internet, which identifies three main changes: the dominance of automated activity over human interaction; the emergence of AI agents as a new category of Internet traffic; and the rapid expansion of attacks targeting application programming interfaces (APIs) and identity systems, which serve as the foundation of digital businesses.

AI rewrites the rules of malicious automation

The report reveals that AI increases the volume of bot activity and transforms its nature. In 2025, AI-powered bot attacks increased 12.5 times compared to the previous year, increasing from 2 million to 25 million. And, for the first time, AI agents become the third category of automated traffic – alongside traditional ‘good’ and ‘malicious’ bots – that interact directly with applications and APIs on behalf of real users to obtain data and execute tasks, blurring the line between legitimate and malicious automation.

“We are facing a profound transformation of the threat landscape. AI is not inventing new types of attacks, but rather empowering existing ones at a speed and scale that traditional controls cannot absorb. The way of thinking about protection must evolve: it is no longer enough to identify if something is a bot, we must understand its intent and what critical systems it interacts with.”he states Eutimio Fernández, Regional Sales Manager for Iberia at Thales Cybersecurity Products.

More than half of Internet traffic is already automated

The report reveals that in 2025 bots represented 53% of all global Internet traffic, while human traffic fell to 47%. Of this automated total, 40% corresponded to malicious bots (three percentage points more), which means that four out of every ten requests received by organizations’ applications and websites come from agents with adverse intentions. Throughout 2025, Thales blocked a total of 17.2 billion (European) bot requests.

APIs and identity: the new perimeter under siege

As digital services rely on APIs for their core functions, attackers are following suit. 27% of bot attacks already target APIs, where bots completely bypass user interfaces and interact with internal systems at machine speed. These attacks are especially difficult to detect because they appear legitimate: they use valid authentications and requests that do not have anomalies.

For its part, fraud in user accounts – Account Takeover (ATO) – registered a year-on-year growth of 70%, with financial services in the spotlight: 24% of all bot attacks and 46% of ‘account takeover’ incidents were concentrated in this sector. A successful ATO attack can lead to penalties under GDPR, DORA, NIS2 or PSD2, as well as reputational damage and loss of customer trust.

The challenge of unauthorized AI agents

The report also reflects a new dimension: the risk of AI agents that do not identify themselves as such. Of the AI ​​traffic detectable in 2025, 85% corresponded to crawlers of AI (model training) and 15% to fetchers AI (execution of tasks in response to user prompts). More than 10% of AI fetcher sessions and almost 9% of crawler sessions triggered malicious bot detection rules, indicating that AI automation is already evolving towards behaviors typically associated with threats.

Traditional security approaches, focused on identifying and blocking bots, are no longer sufficient in an environment where automation is ubiquitous and often legitimate. Organizations must move toward governance models that combine visibility, policy enforcement, and behavioral analytics to differentiate between acceptable and malicious automation. This involves defining which AI agents can interact with systems, implementing controls at the API and identity level, and designing defenses capable of adapting to the evolution of bots.

“Effective response to next-generation bots cannot depend on a single product. It requires an integrated platform that connects malicious automation detection with identity protection and API security. That is what we offer at Thales Cybersecurity Products in combination with Imperva: unified visibility, policy enforcement and behavioral analysis at every layer where attackers try to operate.”concludes Fernández.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.