Bad bot internet traffic now accounts for 40% of all global internet activity, according to the Thales Bad Bot Report. The internet is no longer primarily human-driven. Machines are shaping traffic patterns, influencing business metrics, and interacting with systems in real time at a scale that makes the distinction between legitimate and malicious automation increasingly irrelevant.
Key Takeaways
- Bad bot internet traffic represents 40% of all global internet activity, fundamentally reshaping the digital landscape.
- AI-driven bot attacks surged 12.5x in 2025 compared to the previous year, introducing adaptive threats that evade traditional defenses.
- AI agents now represent a third traffic category, blurring the line between good bots, bad bots, and legitimate automation.
- Server-side behavioral analysis detects up to 33x more threats than traditional client-side defenses by analyzing intent rather than surface signals.
- The security challenge has shifted from identifying bots to understanding their intent and whether their actions align with business goals.
Bad Bot Internet Traffic Has Fundamentally Changed the Game
The scale of bad bot internet traffic has transformed what cybersecurity means. A decade ago, the goal was simple: block bots. Today, 40% of the internet is bots, and many of them are sophisticated enough to mimic human behavior, adapt to countermeasures, randomize their actions, and exploit legacy systems. The problem is no longer detection—it’s governance. Tim Chang, Global Vice President and General Manager of Application Security at Thales, frames the shift clearly: “The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems”.
This shift matters because bad bot internet traffic doesn’t announce itself anymore. Traditional defenses—client-side fingerprinting, mouse movement tracking, JavaScript challenges—fail against modern bots that operate at scale. The 12.5x surge in AI-driven bot attacks in 2025 reflects not just more bots, but smarter ones. Organizations that still rely on blocking-focused security are fighting yesterday’s war.
AI Agents Blur the Line Between Good and Bad Automation
The emergence of AI agents adds a layer of complexity that traditional security frameworks cannot handle. AI agents interact directly with applications and APIs to retrieve data and perform tasks, operating as a third category of traffic alongside traditional good and bad bots. Unlike a simple bot that follows predetermined rules, an agent can learn, adapt, and make decisions in real time. This capability is valuable for legitimate business automation—but it is equally valuable for attackers.
The question “Is this a bot?” is no longer sufficient. The real question is: “What is this agent trying to do, and does it have permission to do it?” According to Alisdair Faulkner, CEO of Darwinium, the distinction matters: “It’s not just are you a good bot, are you a bot and you’re bad. It’s more are you a good bot and you know what are you trying to do?”. This intent-based approach requires organizations to shift from binary classification to behavioral analysis, a move that most legacy security tools are not equipped to make.
Server-Side Behavioral Analysis Outperforms Traditional Detection
Traditional bot defenses fail because they focus on surface signals—user-agent strings, IP reputation, device fingerprints—that adaptive bots can spoof or bypass. Server-side detection takes a different approach: it analyzes behavioral patterns and intent, examining how traffic interacts with systems rather than what it claims to be. The results are stark. Server-side behavioral analysis detects up to 33x more threats than traditional client-side methods by focusing on interactions rather than surface signals.
This gap exists because bad bot internet traffic has evolved faster than client-side defenses. A fingerprinting script running in a browser cannot see the intent behind a request—it can only see the request itself. A server analyzing behavioral patterns can detect subtle anomalies: requests that follow unnatural sequences, interactions that violate business logic, or automation that mimics human behavior too perfectly. Thales’ governance model combines visibility, policy enforcement, and behavioral analysis to catch threats that rule-based systems miss.
The Dead Internet Theory Is More Than Speculation
The concept of the “Dead Internet Theory”—the idea that the internet is becoming increasingly machine-driven rather than human-driven—is referenced as “very much alive” given escalating bad bot internet traffic. This is not hyperbole. When 40% of all traffic is malicious bots, and legitimate AI agents add another significant layer, the proportion of human-generated content and interaction shrinks accordingly. The internet is becoming a machine-to-machine ecosystem with humans as occasional participants rather than the primary users.
This shift has real consequences. Search results are polluted with bot-generated content. E-commerce sites face inventory manipulation from scrapers and scalpers. Authentication systems are overwhelmed by credential-stuffing attacks. Advertising metrics are distorted by fake traffic. Organizations that do not adapt their security posture to this reality will find themselves increasingly unable to distinguish signal from noise.
What Organizations Must Do Now
The transition from detection-focused to intent-focused security is not optional. Tim Chang at Thales captures the imperative: “AI is transforming automation from something organizations try to block into something they must also manage”. This means implementing server-side behavioral analysis, establishing clear policies about which automation is permitted, and continuously monitoring for deviations from those policies.
It also means accepting that some bots will always be present. The goal is not to eliminate all bot traffic—legitimate automation serves real business purposes—but to ensure that malicious automation cannot achieve its objectives. This requires moving beyond the binary good-bot-bad-bot classification and into a more nuanced governance model where intent, behavior, and business alignment matter more than identity.
How much of internet traffic is actually bots?
According to the Thales Bad Bot Report, bad bot internet traffic accounts for 40% of all global internet activity. This represents the malicious portion; legitimate automation and good bots add additional machine-generated traffic, making the internet fundamentally machine-driven rather than human-driven.
Why are AI-driven bot attacks increasing so rapidly?
AI-driven bot attacks surged 12.5x in 2025 compared to the previous year because AI enables bots to adapt, learn, and mimic human behavior at scale. Traditional defenses fail against these adaptive threats, making AI-driven attacks both more effective and more difficult to detect using legacy security approaches.
Can traditional bot detection still work against modern threats?
Traditional client-side bot defenses like fingerprinting and JavaScript challenges fail against modern bots that randomize actions, mimic human behavior, and exploit legacy systems. Server-side behavioral analysis focusing on intent and interaction patterns detects up to 33x more threats by analyzing what bots actually do rather than what they claim to be.
The internet has crossed a threshold. Bad bot internet traffic is no longer a security nuisance—it is the dominant form of internet activity. Organizations that still treat bot defense as a perimeter problem will find themselves increasingly vulnerable. The future of security belongs to those who understand not just that bots exist, but what they are trying to accomplish.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
