This study shows that more than half of all net surfers are not human, but bots... scary fact.
Humans don't generate all internet traffic. In other words, not all website visits, for example, are from real users accessing the site via their mobile phones or computers to search for information. A significant portion of it is automated programs (bots). Moreover, a large percentage of that is malicious bots. We will explore this topic in this article, drawing on the Thales 2026 report on malicious bots.
All of this is linked to the increasing use of artificial intelligence and automation. This has led to a rise in the activity of automated programs online, often malicious, which can compromise user security and privacy.
According to this report, the proportion of human-generated internet traffic continues to decline. Specifically, automated traffic accounted for 53% of all recorded internet traffic in 2025. Of this, malicious automated programs represented 40%. This indicates an upward trend, as the figure reached 50% in 2024, the previous year.
These automated programs are designed to operate online without human intervention. They can be programmed to carry out malicious activities such as account hacking, fraud, API attacks, generating fake clicks, internet defacement, and more. Artificial intelligence has contributed to all of this, and has also made detecting them more difficult.
There are also tools known as "Software as a Service" (SaaS). These are automated programs designed for users to pay for, allowing them to be used without requiring in-depth technical knowledge. This also leads to an additional increase in costs, so according to Tim Chang, global vice president and general manager of application security at Thales, "Artificial intelligence is fundamentally transforming automation, turning it from something organizations try to prevent into something they also have to manage." He adds, "The challenge is no longer identifying automated programs, but understanding their functions, how well they align with business objectives, and how they interact with critical systems."
How to protect yourself
As you can see, automated internet traffic, especially malware, makes up a very large percentage. Ultimately, this problem is difficult to avoid. This report indicates that AI-powered automated attacks have increased 12.5 times compared to last year. You might receive fake emails, scam messages on social media, or be taken over by an attacker's website, and so on. Being prepared is key.
The first thing you should do is protect your accounts as much as possible. They are prime targets for malware. Always use strong, secure passwords. Also, enable two-factor authentication, which adds an extra layer of security and reduces the risk of unauthorized access to your accounts.
Be wary of any links or messages you receive in your inbox, via text message, or on social media. These links may be used to impersonate a legitimate company, for example, and ask you to perform a task designed to steal your data or passwords. Acting rationally is essential.
It's also crucial to keep your devices fully protected. Make sure your security software is updated to the latest versions. Having robust security software will help you detect and eliminate threats.
Ultimately, bots, especially malicious ones, are proliferating online and their numbers are constantly increasing. This proliferation is attributed to artificial intelligence. Therefore, maintaining protection is essential to avoid problems.