.jpg)
1 hour ago
3
Article content
AI-driven automation is accelerating machine activity online as bots outpace humans and redefine how the internet operates
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman, and others.
- Daily content from Financial Times, the world's leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman and others.
- Daily content from Financial Times, the world's leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
REGISTER / SIGN IN TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
THIS ARTICLE IS FREE TO READ REGISTER TO UNLOCK.
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account
- Share your thoughts and join the conversation in the comments
- Enjoy additional articles per month
- Get email updates from your favourite authors
Sign In or Create an Account
or
Article content
- Bots now dominate the internet, accounting for over half of all traffic, with 40% classified as malicious.
- AI is erasing the line between legitimate and malicious activity, making intent – not identity – the new security challenge.
- APIs and identity systems are primary targets, with attackers bypassing front-end defenses to exploit core business logic at scale.
Article content
Article content
Article content
Article content
The findings highlight three major structural changes: the emergence of AI agents as a new category of internet traffic, the dominance of automated activity over human interaction, and the rapid expansion of attacks targeting APIs and identity systems that serve as the backbone of digital business.
Article content
By signing up you consent to receive the above newsletter from Postmedia Network Inc.
Article content
AI Is Redefining Internet Traffic and Security
Article content
The report shows that AI is not just increasing the volume of bot activity, but fundamentally changing its nature. In 2025, AI-driven bot attacks surged 12.5x compared to the previous year.
Article content
More significantly, AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to retrieve data and perform tasks. This shift is blurring the line between legitimate and malicious automation, making it increasingly difficult for organizations to determine intent.
Article content
“AI is transforming automation from something organizations try to block into something they must also manage
Article content
,”
Article content
Tim Chang, Global Vice President and General Manager, Application Security at Thales, said.
Article content
“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
Article content
This evolution is creating a growing visibility gap. Much of today’s AI-driven activity remains unverified or indistinguishable from legitimate traffic, meaning organizations are operating with an incomplete view of the risks they face.
Article content
Bots Increasingly Outnumber Humans Online
Article content
The report shows automation tightening its grip on the internet, with bots continuing to outpace human activity. In 2025, bots made up more than 53% of all web traffic, up from 51% the previous year, while human activity fell to 47%. This reflects a structural shift rather than a temporary trend, with bots no longer tied to specific events like scraping or credential stuffing campaigns, but instead operating as a persistent and expected presence across digital environments.
Article content
APIs and Identity Systems Become the Primary Attack Surface
Article content
As digital services increasingly rely on APIs to power core functionality, attackers are following suit. The report finds that 27% of bot attacks now target APIs, where bots can bypass user interfaces and interact directly with backend systems at machine speed.
Article content
Article content
These attacks often appear legitimate, using valid authentication and well-formed requests, but exploit business logic, extract sensitive data, or manipulate workflows at scale. The impact is especially pronounced in high-value sectors. Financial services accounted for 24% of all bot attacks and 46% of account takeover incidents, underscoring how automation is being used to directly monetize cyberattacks.
Article content
A New Era of Machine-Driven Interaction
Article content
As AI adoption accelerates, the report reveals that the internet is now fundamentally machine driven. Bots are no longer simply tools used by attackers; they are active participants in digital systems, shaping traffic patterns, influencing business metrics, and interacting with systems in real time. In this environment, the ability to manage automation at scale with precision is critical to maintaining security, performance, and trust.
Article content
Confronting the Rise of Uncontrolled Automation
Article content
The report concludes that traditional security approaches focused on identifying and blocking bots are not sufficient in an environment where automation is both pervasive and often legitimate. Organizations must move toward a governance-based model, combining visibility, policy enforcement, and behavioral analysis to distinguish between acceptable and harmful automation. This includes defining which AI agents are allowed to interact with systems, implementing controls at the API and identity layer, and designing defenses that can adapt as bots evolve.
Article content
For more information and recommendations, please download the full report and join our webinar to learn more about technologies that can be deployed against malicious bots.Methodology
The 2026 Thales Bad Bot Report analyzes full-year 2025 bot activity using data from Thales Threat Research and Security Analyst Services teams. The report examines how automation, powered by AI, is reshaping application security, API exposure, and digital infrastructure globally.
Article content
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services helps address several major challenges: sovereignty, security, sustainability and inclusion.
The Group allocates €4.5 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, Cybersecurity, Quantum and Cloud technologies.
Thales has more than 85,000 employees in 65 countries. In 2025, the Group generated sales of €22.1 billion.
English (US)