Threat Detection & DefenseCyber SafetyPress Release

Thales 2026 Bad Bot Report: Over Half of Singapore’s Internet Traffic Driven by Bots

AI-Driven Automation Accelerating Machine Activity Online as Bots Outpace Humans and Redefine How the Internet Operates

Thales has released the Singapore findings for the 2026 Bad Bot Report: Bad Bots in the Agentic Age, revealing a fundamental shift in how the internet operates, as Artificial Intelligence (AI)-accelerated automation becomes a defining feature of modern digital infrastructure.

The findings highlight three major structural changes: the emergence of AI agents as a new category of internet traffic, the dominance of automated activity over human interaction, and the rapid expansion of attacks targeting APIs and identity systems that serve as the backbone of digital business.

AI Is Redefining Internet Traffic and Security, Says Thales

The Thales report shows that AI is not just increasing the volume of bot activity but fundamentally changing its nature. In 2025, AI-driven bot attacks surged 12.5x compared to the previous year.

More significantly, AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to retrieve data and perform tasks. This shift is blurring the line between legitimate and malicious automation, making it increasingly difficult for organisations to determine intent.

“AI is transforming automation from something organisations try to block into something they must also manage,” Tim Chang, Global Vice President and General Manager, Application Security at Thales, said. “The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”

This evolution is creating a growing visibility gap. Much of today’s AI-driven activity remains unverified or indistinguishable from legitimate traffic, meaning organisations are operating with an incomplete view of the risks they face.

Thales

Bots Increasingly Outnumber Humans Online

The Thales report shows automation tightening its grip on the internet, with bots continuing to outpace human activity. In 2025, bots made up 53% of all web traffic, up from 51% the previous year, while human activity fell to 47%. In contrast, bots made up 58% of all web traffic in Singapore, with human activity falling to just 42%. Furthermore, in Singapore, sports (55%), travel (40%), and healthcare (29%) were the top three industries targeted by advanced bots.

This reflects a structural shift rather than a temporary trend, with bots no longer tied to specific events like scraping or credential-stuffing campaigns but instead operating as a persistent and expected presence across digital environments.

APIs and Identity Systems Become the Primary Attack Surface

As digital services increasingly rely on APIs to power core functionality, attackers are following suit. The report finds that 27% of bot attacks now target APIs, where bots can bypass user interfaces and interact directly with backend systems at machine speed.

These attacks often appear legitimate, using valid authentication and well-formed requests, but exploit business logic, extract sensitive data, or manipulate workflows at scale. The impact is especially pronounced in high-value sectors. In Singapore, financial services accounted for 79% of all bot attacks, while the computing and IT industry was the top targeted for account takeover attacks at 45% of incidents logged. At the same time, the gambling industry tracked the highest percentage of bad bot traffic (100%). All this underscores how automation is being used to directly monetise cyberattacks.

“The Singapore findings are a wake-up call for how AI-driven automation is reshaping our digital landscape,” said Andy Zollo, APJ Senior Vice President, Application and Data Security, at Thales. “What makes this moment particularly challenging is that AI agents have emerged as a distinct category of traffic in their own right—no longer just tools for attackers but embedded in how applications and APIs function day to day. In Singapore, financial services remain the most heavily targeted sector locally, accounting for nearly 80% of bot attacks. This isn’t a passing trend—it’s a structural shift, and without clear visibility into how automation is interacting with their systems, businesses are making security decisions in the dark.”

A New Era of Machine-Driven Interaction

As AI adoption accelerates, the Thales report reveals that the internet is now fundamentally machine driven. Bots are no longer simply tools used by attackers; they are active participants in digital systems, shaping traffic patterns, influencing business metrics, and interacting with systems in real time. In this environment, the ability to manage automation at scale with precision is critical to maintaining security, performance, and trust.

The Thales report concludes that traditional security approaches focused on identifying and blocking bots are not sufficient in an environment where automation is both pervasive and often legitimate. Organisations must move toward a governance-based model, combining visibility, policy enforcement, and behavioural analysis to distinguish between acceptable and harmful automation. This includes defining which AI agents are allowed to interact with systems, implementing controls at the API and identity layer, and designing defences that can adapt as bots evolve.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *