It has long been part of everyday life on the Internet to have to confirm that you are a human and not a bot. A current analysis by the French technology group Thales shows how widespread automated activities actually are. As a result, bots now account for more than 53 percent of all global internet traffic. This means that their share has increased slightly compared to the previous year, when it was 51 percent. The central problem: Many of these bots have harmful intentions.
The number of so-called “bad bots” is growing rapidly
According to the International Telecommunications Union (ITU), around six billion people are already using the Internet this year – that’s around three quarters of the world’s population. However, humans do not have the upper hand on the Internet: According to the Thales report, only 47 percent of Internet traffic comes from human interactions. Platforms like Wikipedia are also feeling this. The online encyclopedia is one of the most visited websites in Germany. However, since ChatGPT was launched in 2022, human traffic has been declining. According to Marshall Miller of the Wikimedia Foundation, human page views have declined by eight percent in a year. Instead, the pages are increasingly being accessed by bots.
One reason for this is the change in the way people search for information or products online today. AI search engines such as Perplexity or Bing Copilot are being used more and more frequently and Google has also been displaying AI-generated summaries directly in the search results with “AI Overviews” for some time. But not all bots are useful information collectors. In fact, the majority of them have criminal goals. So-called “bad bots” now make up almost 40 percent of all global web traffic. According to the Thales report, AI-controlled bot attacks have increased more than twelvefold in the past year.
Editorial recommendations
${content}
${custom_anzeige-badge}
${custom_tr-badge}
${section}
${title}
AI plays a central role in development
Modern bots are no longer limited to simple scripts for credential stuffing or price scraping. AI has turned them into sophisticated systems that can mimic human behavior with high precision. Around 27 percent of malicious activity is now aimed specifically at APIs. By bypassing classic user interfaces, bots can interact directly with backend systems, exploit business logic and manipulate processes. This trend is particularly evident in the financial sector: 46 percent of all account compromises last year occurred in this area.
“AI transforms automation from something companies try to block to something they have to manage,” said Tim Chang, global vice president and general manager of application security at Thales. “The challenge is no longer about identifying bots. It’s about understanding what the bot, agent or automation is doing, whether that is consistent with business intent, and how it interacts with critical systems.”
Dealing with bots needs to adapt
Bot activities from the entire year 2025 were evaluated for the “2026 Thales Bad Bot Report”. The result: Classic security approaches that aim to identify and block bots are no longer sufficient – especially since automation is now ubiquitous and often legitimate. The report instead recommends a governance-based approach that combines transparency, policy enforcement and behavioral analytics. This includes defining which AI agents are allowed to interact with which systems, implementing controls at the API and identity level, and developing protections that can keep pace with evolving bots.
Top Article
${content}
${custom_anzeige-badge}
${custom_tr-badge}
${section}
${title}
