Bad Bot Report 2026: AI agents complicate the detection of illegitimate automated traffic
📊 Analytics2026-05-13, 12:02
Thales has released its annual Bad Bot Report 2026, analyzing automated bot activity. According to the report, in 2025 more than 53% of all internet traffic was generated by bots, about 40% of which was associated with malicious activity. The full report can be read via the link or below; here is a summary of the key statistics:
📊 Bot attack categories: the largest share is taken by general automation (29%) — password guessing, data scraping, scanning, and mass exploitation of vulnerabilities. Next come API attacks (24%) and business logic abuse (21%).
📊 API threats: bots interact directly with backend services, bypassing web interfaces, which allows them to operate at high speed. The main risks are data leaks (26%), business logic abuse (13%), and RCE/RFI attacks (13%).
📊 Complex vs. simple attacks: advanced and intermediate attacks account for 58% (44% and 14%, respectively) and are becoming more adaptive due to AI. Simple attacks make up 42%, but their volume has grown by more than 230% because of the lower entry barrier.
📊 Categories of targeted organizations: financial services (24%), business services (19%), and retail (13%) are attacked most often. The simple bot attacks mentioned above create background load, while more complex ones target critical processes.
📊 API threats: bots interact directly with backend services, bypassing web interfaces, which allows them to operate at high speed. The main risks are data leaks (26%), business logic abuse (13%), and RCE/RFI attacks (13%).
📊 Complex vs. simple attacks: advanced and intermediate attacks account for 58% (44% and 14%, respectively) and are becoming more adaptive due to AI. Simple attacks make up 42%, but their volume has grown by more than 230% because of the lower entry barrier.
📊 Categories of targeted organizations: financial services (24%), business services (19%), and retail (13%) are attacked most often. The simple bot attacks mentioned above create background load, while more complex ones target critical processes.
At the same time, the activity of AI-driven bots increased more than tenfold: the number of blocked requests per day rose from 2 million to 25 million in 2025. This means that even less skilled attackers are now able to launch automated attacks of varying complexity using AI tools.
The spread of AI-based automation is forming a new category of automated traffic: AI agents interact directly with applications and APIs, retrieving data and performing tasks on behalf of users. As a result, activity that was previously considered anomalous is increasingly perceived as normal — creating a growing gap between observable activity and the actual scale of risk.
The trend of bot traffic surpassing human traffic has persisted for several years — today it already constitutes a significant portion of total traffic rather than being an isolated anomaly. As AI automation becomes an integral part of digital infrastructure, the challenge is no longer simply to detect bots. Organizations must distinguish between legitimate automation that supports business processes and malicious automation aimed at exploiting them, and must build more precise mechanisms for verifying, monitoring, and controlling such traffic.
Vendors
Products
Published
2026-05-13, 12:02