The number of cyber attacks on the internet carried out byartificial intelligencebots has increased more than 10-fold over the last year, new research has found.
DailyAI-enabled bot attacks rose from 2 million to 25 million in a single year, according to the 2026 Bad Bot Report fromcybersecurityresearchers at Thales.
“While this rise in AI-powered attacks is significant, the larger shift in 2025 was the normalisation of AI and automation within internet infrastructure itself,” the report noted.
“AI-driven attacks were observed across a wide range of industries and geographies, highlighting the global scale and reach of AI-enabled automation.”
Industries targeted by AI bots range from retail and business, to education and government.
Thesame report last yearfound that more than half of all internet traffic in 2024 was made up of bots, with this trend continuing in 2025.
Advertisement
Bots now make up more than 53 per cent of all web traffic, up from 51 per cent from the previous year.
Around 40 per cent of web traffic is now made up of so-called bad bots, which can include anything from automated systems designed to steal data, to botnets that flood websites with traffic in order to crash them.
The US was the most targeted country for bot attacks in 2025, followed by Australia, the UK and France.
The rise of malicious AI bots brings new challenges to cyber security professionals, who are tasked with protecting the web against the ever-evolving threat.
“AI is transforming automation from something organisations try to block into something they must also manage,” said Tim Chang, a general manager of applications and security at Thales.
“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing. whether it aligns with business intent, and how it interacts with critical systems.”
