Bots Have Taken Over the Internet: Humans Now a Minority Online

Automated bots now exceed 53% of global internet traffic in 2025, with malicious activity nearing 40%. AI crawlers from OpenAI, Meta and Anthropic dominate the surge, driving up costs, distorting analytics and enabling sophisticated attacks. Human users have become the minority online.
Bots Have Taken Over the Internet: Humans Now a Minority Online
Written by Lucas Greene

The numbers don’t lie. Automated programs now generate more than half of all web traffic. Humans have become the minority. Reports from multiple cybersecurity firms confirm the shift. And the consequences stretch far beyond slowed servers or skewed analytics.

Thales’ Imperva unit documented the crossover. In 2024 automated traffic reached 51% of global web requests for the first time in a decade. Imperva’s 2025 Bad Bot Report pinned bad bots alone at 37% of total traffic, up from roughly 30% the year before. By 2025 the automated share climbed further to 53%, according to follow-on data released in spring 2026. Malicious activity neared 40%. The trend shows no sign of slowing.

Fastly observed similar patterns in early 2026. Its analysis of trillions of requests found bots responsible for 49% of traffic in January. Only 1% came from verified, legitimate bots such as search-engine crawlers. The rest? Unwanted. Scrapers. Impersonators. Attack tools. “99% of bot traffic is unwanted,” the company stated bluntly in its Threats Insights Report.

HUMAN Security painted an even starker picture. Its 2026 State of AI Traffic report revealed automated traffic grew almost eight times faster than human activity throughout 2025. AI-driven volumes nearly tripled. Training crawlers still dominated early in the year but gave ground as scrapers surged 597% and agentic systems exploded by 7,851%. “AI-driven traffic is the fastest-growing category of internet traffic,” the firm noted, “and for the first time, AI systems are not just reading the web but transacting on it.”

OpenAI towers over the field. Its various bots — ChatGPT User, GPTBot, OAI-SearchBot and others — accounted for 69% of observed AI traffic in 2025. Meta contributed 16%. Anthropic added 11%. Everyone else combined for less than 5%. Concentration at this level raises questions about data monopolies and the quiet infrastructure costs borne by publishers and retailers.

The original spark for much of this coverage came from Digital Trends. Its reporting highlighted how bots don’t simply browse. They flood systems, scrape content at scale, distort analytics, and enable fraud. They raise all kinds of hell. That March 2026 article captured the moment the conversation moved from niche security circles into mainstream business concern.

Yet the problem runs deeper than volume. Intent matters now. The old binary of bot or human fails. Post-login account compromise attempts more than quadrupled year-over-year at the median organization, HUMAN Security found. Carding attacks jumped 250% since 2022. Fake account creation rose 89% in a single year. Scraping attempts approached 20% of global traffic. These figures come from real production environments, not theoretical models.

Retail and e-commerce absorb the heaviest load. More than 62% of training-crawler traffic targets those sectors. Streaming and media draw 20%. Travel and hospitality see 17%. Agentic bots — the autonomous kind that click buttons, add items to carts, even complete purchases — split their activity across product pages, search, accounts and checkout. One half of one percent separates benign automation from malicious in many cases. Detection just got exponentially harder.

Cloudflare’s radar offers another angle. Its measurements put bot traffic at roughly 31-32% of HTTP requests in early 2026, with AI crawlers such as Applebot showing triple-digit growth in some months. The gap between Cloudflare’s conservative sensor data and the higher aggregates from Imperva, Thales and HUMAN Security reflects different methodologies and customer bases. Still the direction is identical. Up. Fast.

Publishers feel the pain first. AI bots consume bandwidth, bypass caches, and return almost nothing in referral traffic. TollBit’s research, cited across outlets in early 2026, showed AI search click-through rates below 1% while scraping activity doubled quarter-over-quarter in late 2024 and accelerated through 2025. Content creators fund the training data that lets models summarize their work without sending readers. The economic model frays.

Defenses evolve in response. Cloudflare began blocking AI bots by default on new domains. Rate limiting, behavioral analysis, and intent-based trust systems replace simple user-agent checks. Yet sophisticated operators rotate identities, mimic mouse movements, and solve challenges that once stopped automation cold. The arms race favors those with the best models and the largest compute budgets.

Business leaders can no longer treat this as an IT problem. Bot traffic now shapes product strategy, pricing integrity, advertising metrics, even inventory management. A retailer whose competitors deploy agentic bots to monitor prices in real time operates at a disadvantage without comparable tools. An airline watching scrapers harvest fare data faces revenue leakage that compounds daily.

And the future looks more automated still. Agentic systems that act with limited supervision will only grow. HUMAN Security already tracks them transacting on live sites. The median scraping attack rate has doubled since 2022. Bad bot activity has risen for six straight years. Each new report adds urgency to a trend that has quietly overtaken the network layer.

Companies that once optimized exclusively for human users must now design for mixed audiences. Some traffic brings value — indexing, monitoring, price comparison that drives competition. Most does not. Distinguishing the two in real time, at internet scale, separates survivors from also-rans. The data is clear. The bots arrived. They aren’t leaving. The question is who adapts first.

Subscribe for Updates

DevWebPro Newsletter

The DevWebPro Email Newsletter is a must-read for web and mobile developers, designers, agencies, and business leaders. Stay updated on the latest tools, frameworks, UX trends, and best practices for building high-performing websites and apps.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us