Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Malicious automated traffic accounts for 37% of all network activity globally, as artificial intelligence lowers the barrier to large-scale cyberattacks.
June 25, 2026
Artificial intelligence has supercharged the threat of malicious internet bots, enabling automated systems to scan more than 36,000 vulnerabilities per second and pushing non-human internet traffic past the majority of all global web activity, according to two major cybersecurity reports published this month.
The findings from SonicWall’s 2026 Cyber Protect Report and Thales’s Bad Bot 2026 study – arrive as companies accelerate AI adoption for productivity while increasingly neglecting foundational security measures such as multi-factor authentication.
By the Numbers
The scale of the problem has grown significantly from prior years:
- 53% of all global internet traffic is now non-human, according to the Thales report
- 37% of total network traffic is classified as malicious and automated
- Automated bots can probe more than 36,000 vulnerabilities per second across websites, applications, and corporate systems
- Three structural shifts now define internet traffic: the dominance of automated over human activity, the emergence of AI agents as a distinct traffic category, and a sharp rise in attacks targeting APIs and identity systems
How AI Changed the Threat Landscape
Security experts identify three AI-driven capabilities that have fundamentally altered the nature of bot attacks.
Hyper-realistic social engineering. AI now enables the production of deepfakes, advanced phishing campaigns, and voice and video bots at scale. Francisco Valencia, General Director of Secure&IT, described the impact as targeting “our most cognitive part”, exploiting human judgment rather than technical weaknesses. These attacks are increasingly difficult to distinguish from legitimate communications.
Polymorphic malware. Unlike traditional malware strains that can be identified and blocked once detected, AI-generated polymorphic malware creates a unique variant for each targeted device. Valencia noted this renders signature-based detection methods largely ineffective: each device receives a personalized attack.
Full automation of the attack chain. AI agents now handle the entire lifecycle of a cyberattack — from reconnaissance to exploitation — without requiring a human operator. The consequence is a dramatic compression of attack timelines. Vulnerability detection that previously took months is now achieved in minutes. Organizations that once had days or weeks to respond to emerging threats now have seconds.
“The automation of the attack chain and the use of agents transform time,” Valencia said. “Old vulnerabilities are being massively exploited. We have to protect ourselves much faster.”
Democratization of Cybercrime
A consistent theme across expert commentary is the lowering of technical barriers to entry. AI tools have made it possible for less skilled actors to execute attacks that previously required specialized expertise.
“There has been a democratization of cybercrime,” Valencia said, “with less expert attackers capable of carrying out sophisticated attacks.”
The threat is no longer confined to state-sponsored groups or organized criminal networks. Political actors have also been identified as users of malicious bot traffic, deploying automated systems to artificially amplify messaging and target adversaries in strategic campaigns.
The Human Weak Point
Despite the sophistication of AI-powered attacks, security professionals continue to identify human behavior as the most exploited vulnerability.
Martín Trullás, Director of Advanced Solutions at Ingram Micro Spain, said the greatest risk facing companies of any size remains the user: “The greatest danger currently facing any company is the user themselves if they lack awareness and training tools. It’s the weakest link in the chain.”
Phishing remains the most common entry point. Ransomware continues to be among the top threats across all organization types and sizes. Trullás noted that while critical infrastructure faces higher potential impact, the methods used against it closely mirror those targeting commercial businesses.
Small and medium enterprises are not exempt. Automated bots scan indiscriminately across the internet regardless of company size or sector.
What Defenders Are Recommending
Security professionals stress that no single measure is sufficient. Trullás outlined a layered approach: IP filtering, blocking of known data center IP ranges, behavioral anomaly monitoring, and identity and credential management used in combination.
Organizations are also advised to shift from reactive to predictive security postures, adapting policy to the type of attack anticipated, rather than responding after a breach occurs.
Crucially, experts argue that AI must be deployed defensively at the same pace it is being used offensively. Valencia was direct: “We must use it to identify attacks caused by artificial intelligence because it helps us defend ourselves, especially from hyper-realistic social engineering and synthetic content. Also, to detect attacks in real time and apply measures in real time. Now we have seconds to do it.”
Looking Ahead
Experts anticipate the threat will continue to intensify across several fronts.
Hyper-realistic ransomware paired with extortion tactics is expected to grow. AI will increasingly be turned against AI systems themselves as autonomous agents become embedded in business operations. Valencia also flagged the emergence of cognitive warfare, the use of AI to generate synthetic content, fake profiles, and targeted narratives at scale with the goal of manipulating perception and undermining critical thinking.
“AI will be used to attack AI,” Valencia said. “And cognitive warfare will develop, attacking people, the way of thinking, to manipulate.”
The dual nature of AI in this context, simultaneously the most powerful attack tool and the most capable defensive instrument, means that the speed of adoption on the defensive side will determine outcomes. Companies that delay integrating AI-driven threat detection are, by default, operating with a diminishing window to respond.
“We are more vulnerable, but exponentially,” Valencia said. “Companies need to be made aware of this change.”
If You liked our content, pls Comment Below!
Stay Ahead of the AI Marketing Curve
Get practical insights on AI, SEO, marketing strategy, and emerging technology, we cut the noise so you enjoy true content
