AI-driven bot attacks surged 12.5x year-on-year in 2025, according to new figures from Thales, as AI-accelerated automation increasingly defines the digital landscape, from internet traffic to security.
Its new report shows that AI is not just increasing the volume of bot activity, but is also changing its nature, with rising instances of AI-driven bot attacks.
With AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, Thales’ data suggests that last year bots made up more than 53% of all web traffic, while human activity fell to 47%.
With agentic AI now interacting directly with applications and APIs to retrieve data and perform tasks, this is blurring the lines between legitimate and malicious automation, making it increasingly difficult for retailers to determine intent.
“AI is transforming automation from something organisations try to block into something they must also manage,” said Tim Chang, Global VP & GM of Application Security at Thales.
“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
This evolution, the report warns, is creating a growing visibility gap, with a vast part of AI-driven activity remaining indistinguishable from legitimate traffic. And this could leave retailers operating with an incomplete view of intent and security risk.
Retail Rewired 
Leave a comment