Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals

The 2026 Thales Bad Bot Report paints a stark picture of an internet increasingly dominated by automated actors. Over half of all traffic now originates from bots, with malicious variants accounting for 40%—a rise fueled by sophisticated AI agents that mimic human behavior. This surge has been quantified by a tenfold jump in daily AI‑driven attacks, from 2 million in 2024 to 25 million in 2025, underscoring the rapid adoption of autonomous scripts across the web.

API endpoints have become the new front line of defense as attackers bypass traditional user interfaces to exploit backend services directly. The report highlights that data leakage alone represents 26% of API‑related bot threats, followed by remote code execution and business‑logic abuses. Financial services, handling sensitive transactions, absorbed 24% of total bot attacks, while the retail sector faced the highest concentration of AI‑driven bots, leveraging real‑time pricing and inventory data to execute high‑frequency exploits. These trends signal a shift from surface‑level scanning to deep, automated manipulation of core business processes.

For organizations, the challenge now lies in differentiating legitimate automation from malicious activity. Conventional safeguards—IP reputation, user‑agent filtering, and static rate limits—are increasingly ineffective against bots that operate through legitimate browsers and residential proxies. The report recommends a layered strategy: treating APIs as critical infrastructure, deploying adaptive AI‑based detection that learns from evolving bot behavior, and integrating human expertise for nuanced threat triage. Companies that adopt these proactive measures will better protect digital assets and maintain trust in an era where automation is the default state of the internet.