Thales Releases '2026 Bad Bot Report'
Thales has released its '2026 Bad Bot Report,' indicating that bots account for 53% of global internet traffic, with 40% of those being malicious. The report warns that the evolution of AI is making it difficult to distinguish between legitimate and malicious automation, with APIs and IDs becoming primary targets.
📋 Article Processing Timeline
- 📰 Published: May 14, 2026 at 23:00
- 🔍 Collected: May 14, 2026 at 14:32
- 🤖 AI Analyzed: May 14, 2026 at 15:19 (46 min after Collected)
More than half of the world's internet traffic is composed of bots, with 40% of that being from bad bots.
The evolution of AI is making it difficult to distinguish between 'legitimate automation' and 'malicious automation,' shifting the challenge from 'who is it by' to 'what is it trying to do.'
Authentication systems like APIs and IDs are the main targets. Attackers bypass front-end defenses to exploit core business logic at scale.
©Thales
Thales has just released the '2026 Bad Bot Report: Bad Bots in the Agentic Age.'
This year's report highlights 'the emergence of a new type of traffic, AI agents,' 'the existence of automated activity surpassing human operation,' and 'a sharp increase in attacks targeting APIs and ID systems that support the digital economy,' pointing out that the very nature of the internet is undergoing a dramatic transformation.
## AI is Changing the Premises of Internet Traffic and Security
AI is significantly changing both the volume and nature of bot activity. In 2025, AI-led bot attacks surged by 12.5 times compared to the previous year. More importantly, a 'third traffic category,' AI agents, has emerged, following the traditional 'good bots' and 'bad bots.' AI agents interact directly with apps and APIs to collect data or perform tasks. As a result, even within automation—mechanical activities represented by bots and AI agents—'legitimate automation' and 'malicious automation' have become intermingled, making it difficult for organizations to determine the intent of each individual access.
Akira Kaneko, Head of Cybersecurity Products Business at Thales DIS Japan, states: 'With the evolution and spread of AI, automation on the internet is expanding at an unprecedented scale and speed. While bots and AI agents are becoming essential to supporting digital services, they are also being used for malicious attacks, making it more important than ever for companies to correctly understand their activities. In this environment, simply identifying and blocking bots is no longer sufficient. It has become essential to visualize the purpose and behavior of automated access and manage it by understanding the difference between 'legitimate automation' and 'malicious automation' as much as possible.'
These changes also create the risk of increasing areas that companies cannot fully grasp. Much of the current AI-driven activity is unverified or indistinguishable from legitimate access, meaning companies may be operating without a full understanding of the risks they face.
## Bots Outnumber Humans in the Online Space
In 2025, bots accounted for 53% of all global internet traffic, up from 51% the previous year. Of that, 40% was from bad bots, and human activity dropped to 47%. This is not a temporary boom but indicates we are in the midst of a major structural change. Bots are no longer just used for specific purposes like scraping or credential attacks; they are becoming a 'common presence' that is always active across all services.
## APIs and IDs as Main Targets
As the mechanism of running critical functions of digital services through APIs becomes more widespread, attackers are also increasingly targeting APIs. According to the research, 27% of bot attacks target APIs, revealing that malicious bots are bypassing user interfaces and accessing back-end systems directly at speeds humans cannot match.
These attacks may be considered 'legitimate communication' because they use formally valid credentials like IDs and passwords or send legitimate requests. However, in reality, they exploit the business logic of services, leading to cases where confidential data is stolen or business workflows are illicitly manipulated.
The financial industry is particularly affected, with 24% of all bot attacks and 46% of account takeover (ATO) attacks targeting this sector. This suggests that automation is being used as a direct means of monetizing cyberattacks.
## The New Era of a Machine-Led Environment
As the use of AI expands, the internet is now truly transitioning into an 'environment where machines proactively interact with each other.' Bots are no longer just tools used by attackers; they are active agents in digital society, changing traffic patterns, affecting business metrics, and...
The evolution of AI is making it difficult to distinguish between 'legitimate automation' and 'malicious automation,' shifting the challenge from 'who is it by' to 'what is it trying to do.'
Authentication systems like APIs and IDs are the main targets. Attackers bypass front-end defenses to exploit core business logic at scale.
©Thales
Thales has just released the '2026 Bad Bot Report: Bad Bots in the Agentic Age.'
This year's report highlights 'the emergence of a new type of traffic, AI agents,' 'the existence of automated activity surpassing human operation,' and 'a sharp increase in attacks targeting APIs and ID systems that support the digital economy,' pointing out that the very nature of the internet is undergoing a dramatic transformation.
## AI is Changing the Premises of Internet Traffic and Security
AI is significantly changing both the volume and nature of bot activity. In 2025, AI-led bot attacks surged by 12.5 times compared to the previous year. More importantly, a 'third traffic category,' AI agents, has emerged, following the traditional 'good bots' and 'bad bots.' AI agents interact directly with apps and APIs to collect data or perform tasks. As a result, even within automation—mechanical activities represented by bots and AI agents—'legitimate automation' and 'malicious automation' have become intermingled, making it difficult for organizations to determine the intent of each individual access.
Akira Kaneko, Head of Cybersecurity Products Business at Thales DIS Japan, states: 'With the evolution and spread of AI, automation on the internet is expanding at an unprecedented scale and speed. While bots and AI agents are becoming essential to supporting digital services, they are also being used for malicious attacks, making it more important than ever for companies to correctly understand their activities. In this environment, simply identifying and blocking bots is no longer sufficient. It has become essential to visualize the purpose and behavior of automated access and manage it by understanding the difference between 'legitimate automation' and 'malicious automation' as much as possible.'
These changes also create the risk of increasing areas that companies cannot fully grasp. Much of the current AI-driven activity is unverified or indistinguishable from legitimate access, meaning companies may be operating without a full understanding of the risks they face.
## Bots Outnumber Humans in the Online Space
In 2025, bots accounted for 53% of all global internet traffic, up from 51% the previous year. Of that, 40% was from bad bots, and human activity dropped to 47%. This is not a temporary boom but indicates we are in the midst of a major structural change. Bots are no longer just used for specific purposes like scraping or credential attacks; they are becoming a 'common presence' that is always active across all services.
## APIs and IDs as Main Targets
As the mechanism of running critical functions of digital services through APIs becomes more widespread, attackers are also increasingly targeting APIs. According to the research, 27% of bot attacks target APIs, revealing that malicious bots are bypassing user interfaces and accessing back-end systems directly at speeds humans cannot match.
These attacks may be considered 'legitimate communication' because they use formally valid credentials like IDs and passwords or send legitimate requests. However, in reality, they exploit the business logic of services, leading to cases where confidential data is stolen or business workflows are illicitly manipulated.
The financial industry is particularly affected, with 24% of all bot attacks and 46% of account takeover (ATO) attacks targeting this sector. This suggests that automation is being used as a direct means of monetizing cyberattacks.
## The New Era of a Machine-Led Environment
As the use of AI expands, the internet is now truly transitioning into an 'environment where machines proactively interact with each other.' Bots are no longer just tools used by attackers; they are active agents in digital society, changing traffic patterns, affecting business metrics, and...