AI-driven Bot Attacks Surged 12.5x According to Thales Bad Bot Report
29.4.2026 09:00:00 CEST | Business Wire | Press release
AI-driven automation is accelerating machine activity online as bots outpace humans and redefine how the internet operates Bots now dominate the internet, accounting for over half of all traffic, with 40% classified as malicious. AI is erasing the line between legitimate and malicious activity, making intent - not identity - the new security challenge. APIs and identity systems are primary targets, with attackers bypassing front-end defenses to exploit core business logic at scale.
Thales today released the 2026 Bad Bot Report: Bad Bots in the Agentic Age, revealing a fundamental shift in how the internet operates, as AI-accelerated automation becomes a defining feature of modern digital infrastructure.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260428783532/en/
©Thales
The findings highlight three major structural changes: the emergence of AI agents as a new category of internet traffic, the dominance of automated activity over human interaction, and the rapid expansion of attacks targeting APIs and identity systems that serve as the backbone of digital business.
AI Is Redefining Internet Traffic and Security
The report shows that AI is not just increasing the volume of bot activity, but fundamentally changing its nature. In 2025, AI-driven bot attacks surged 12.5x compared to the previous year.
More significantly, AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to retrieve data and perform tasks. This shift is blurring the line between legitimate and malicious automation, making it increasingly difficult for organizations to determine intent.
“AI is transforming automation from something organizations try to block into something they must also manage,” Tim Chang, Global Vice President and General Manager, Application Security at Thales, said. “The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
This evolution is creating a growing visibility gap. Much of today’s AI-driven activity remains unverified or indistinguishable from legitimate traffic, meaning organizations are operating with an incomplete view of the risks they face.
Bots Increasingly Outnumber Humans Online
The report shows automation tightening its grip on the internet, with bots continuing to outpace human activity. In 2025, bots made up more than 53% of all web traffic, up from 51% the previous year, while human activity fell to 47%. This reflects a structural shift rather than a temporary trend, with bots no longer tied to specific events like scraping or credential stuffing campaigns, but instead operating as a persistent and expected presence across digital environments.
APIs and Identity Systems Become the Primary Attack Surface
As digital services increasingly rely on APIs to power core functionality, attackers are following suit. The report finds that 27% of bot attacks now target APIs, where bots can bypass user interfaces and interact directly with backend systems at machine speed.
These attacks often appear legitimate, using valid authentication and well-formed requests, but exploit business logic, extract sensitive data, or manipulate workflows at scale. The impact is especially pronounced in high-value sectors. Financial services accounted for 24% of all bot attacks and 46% of account takeover incidents, underscoring how automation is being used to directly monetize cyberattacks.
A New Era of Machine-Driven Interaction
As AI adoption accelerates, the report reveals that the internet is now fundamentally machine driven. Bots are no longer simply tools used by attackers; they are active participants in digital systems, shaping traffic patterns, influencing business metrics, and interacting with systems in real time. In this environment, the ability to manage automation at scale with precision is critical to maintaining security, performance, and trust.
Confronting the Rise of Uncontrolled Automation
The report concludes that traditional security approaches focused on identifying and blocking bots are not sufficient in an environment where automation is both pervasive and often legitimate. Organizations must move toward a governance-based model, combining visibility, policy enforcement, and behavioral analysis to distinguish between acceptable and harmful automation. This includes defining which AI agents are allowed to interact with systems, implementing controls at the API and identity layer, and designing defenses that can adapt as bots evolve.
For more information and recommendations, please download the full report and join our webinar to learn more about technologies that can be deployed against malicious bots.
Methodology
The 2026 Thales Bad Bot Report analyzes full-year 2025 bot activity using data from Thales Threat Research and Security Analyst Services teams. The report examines how automation, powered by AI, is reshaping application security, API exposure, and digital infrastructure globally.
About Thales
|
PLEASE VISIT
Thales Group
Cybersecurity Products | Thales Group
Cybersecurity Solutions | Thales Group
View source version on businesswire.com: https://www.businesswire.com/news/home/20260428783532/en/
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Andersen Global styrker sin tilstedeværelse i Indien med JMP Advisors21.6.2026 16:16:00 CEST | Pressemeddelelse
Andersen Global indgår en samarbejdsaftale med JMP Advisors i Indien og tilføjer skattemæssig ekspertise til virksomhedens eksisterende juridiske kapaciteter i landet. JMP Advisors tilbyder rådgivning inden for skat, lovgivning og transaktioner til både nationale og multinationale klienter, der opererer i komplekse forretningsmiljøer i konstant udvikling. Firmaet leverer ydelser, der spænder over international og indisk skat, transfer pricing, international strukturering, rådgivning om udenlandske investeringer, transaktionsstøtte, generationsskifteplanlægning og regulatoriske forhold. Dets klienter omfatter multinationale selskaber, vækstvirksomheder, virksomheder støttet af kapitalfonde og venturekapital samt formuende privatpersoner og familier. "Vores fokus har altid været at levere klar og handlingsorienteret vejledning, der hjælper kunder med at navigere i komplekse situationer og drive deres virksomhed med en tydelig kurs," udtalte Jairaj Purandare, grundlægger og formand for JM
Special Olympics Airlift Takes Flight Nationwide; Dove 1 Arrives at St. Paul Downtown Airport19.6.2026 17:09:00 CEST | Press release
Approximately 130 Cessna, Beechcraft and Hawker aircraft and volunteer pilots mobilize to transport more than 800 Special Olympics athletes and coaches to the 2026 Special Olympics USA Games The 2026 Special Olympics Airlift officially took flight today as all participating Cessna, Beechcraft and Hawker aircraft, known as Doves, departed from airports across the country. Dove 1 for arrival day, a Cessna Citation Latitude generously operated by Prent Corporation, landed at St. Paul Downtown Airport (STP) carrying Special Olympic athletes and delegation members, signaling the start of Airlift arrivals for the Special Olympics USA Games. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260619085293/en/ Special Olympics Airlift takes flight nationwide; Dove 1 arrives at St. Paul Downtown Airport (Photo credit: Textron Aviation). The arrival signals the start of the world’s largest cumulative peacetime airlift spanning more than 40
Record Currency Management Participates in Innovative European Bank for Reconstruction and Development (EBRD) -Backed Mongolian Tugrik Transaction19.6.2026 16:53:00 CEST | Press release
Record Currency Management Ltd (RCM), subsidiary of London-listed Record plc (Record Financial Group), is pleased to announce its participation in an innovative local currency bond transaction issued by the European Bank for Reconstruction and Development (EBRD), supporting the development of Mongolia's capital markets while providing institutional investors with access to attractive frontier market opportunities. RCM is the UK currency management arm of Record Financial Group, the London-listed specialist investment group managing USD 115 billion of assets on behalf of institutional clients worldwide. Record's client base comprises pension funds, foundations, sovereign institutions and other asset managers, with whom the Group has built long-standing relationships through its focus on bespoke investment and risk management solutions. Headquartered in London, Record has offices in Hamburg, Zurich, Zug, New York, and Hong Kong. The investment forms part of Record Financial Group's broad
Plasma One Launches to Herald a New Era of Stablecoin Banking19.6.2026 14:29:00 CEST | Press release
Plasma has today announced the launch of Plasma One, its flagship financial product designed to make digital dollars usable for everyday spending, sending and earning. Plasma One is designed to make stablecoins feel like money, only better - more accessible, reliable and efficient. For years, stablecoin adoption has been held back by a fragmented system and poor user experience. We have seen wallets in one place, exchanges in another, and costly off-ramps standing between digital dollars and daily life. Plasma One brings that experience together in a single app, giving users a simple way to spend, send and earn with stablecoins from one account with zero fees. Headquartered in London, the city that gave rise to Revolut, Wise and Monzo, Plasma is making a bigger bet, that the next generation of consumer banking will be built on stablecoin rails, not legacy banking infrastructure. Underneath Plasma One is the Plasma Network, Plasma’s own blockchain, purpose-built to move stablecoins inst
IQM Appoints Craig Ciesla, Former Illumina VP, as CTO; Inés de Vega Becomes Chief Scientist19.6.2026 09:00:00 CEST | Press release
Ciesla is a seasoned deep tech executive with more than 25 years of experience delivering products across industries — from startups to Fortune 500 companies. De Vega brings more than 20 years of experience advancing quantum technologies from fundamental research to intellectual property and industrial applications. IQM Quantum Computers, the global leader in superconducting quantum computers, today announced the appointments of Dr. Craig Ciesla as Chief Technology Officer (CTO) and Dr. Inés de Vega as Chief Scientist, as she transitions from her role as Vice President of Quantum Solutions, deepening IQM´s leadership as the company prepares for its planned Nasdaq listing through a merger with Real Asset Acquisition Corp. (Nasdaq: RAAQ). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260619693929/en/ From left to right: Dr. Inés de Vega, Chief Scientist, and Dr. Craig Ciesla, Chief Technology Officer. Ciesla, an experienced d
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom