A new report from cybersecurity firm Human Security reveals a fundamental shift in internet traffic composition: automated traffic now exceeds human-generated traffic. The report documents that automated traffic grew eight times faster than human activity in 2025, with AI agent traffic specifically surging by nearly 8,000%.
What the Report Found
The core finding is quantitative: bots have officially overtaken humans in terms of internet traffic volume. This tipping point arrives years earlier than many industry observers had predicted. The report highlights two key metrics:
- Overall automated traffic growth rate: 8x faster than human activity growth in 2025
- AI agent traffic growth: Increased by approximately 8,000% year-over-year
This represents a dramatic acceleration from previous years, where human traffic still maintained a majority share despite growing bot activity.
The Technical Reality of Machine-Dominated Traffic
While the report doesn't specify exact percentages of bot vs. human traffic, the "overtaken" language indicates bots now represent >50% of internet traffic. This automated traffic includes:
- Traditional web crawlers and scrapers
- API-driven automation
- Malicious bots (credential stuffing, DDoS)
- The newly explosive category: AI agents performing tasks autonomously
The 8,000% surge in AI agent traffic points specifically to the proliferation of LLM-powered agents conducting research, data gathering, content generation, and automated interactions across websites and platforms.
Implications for Infrastructure and Security
This traffic shift has immediate technical consequences:
Infrastructure Strain: Web servers, APIs, and CDNs are now primarily serving non-human requests, requiring different scaling and optimization approaches.
Security Challenges: Distinguishing between legitimate AI agents and malicious automation becomes increasingly difficult. The report comes from Human Security, a cybersecurity firm specializing in bot management, highlighting the commercial urgency of this problem.
Analytics Disruption: Traditional web analytics that assume human users become less reliable. Metrics like "unique visitors" and "session duration" require reinterpretation.
Content and API Policies: Platforms must reconsider rate limits, access policies, and terms of service originally designed for human-scale usage.
The Acceleration Timeline
The report notes this shift arrived "years earlier than many predicted." Prior industry estimates suggested bot dominance might occur by 2027-2030. The 2025 timeline indicates the rapid adoption of AI agent frameworks and the scaling of existing automation infrastructure has dramatically accelerated this transition.
gentic.news Analysis
This report from Human Security quantifies what many infrastructure engineers have observed anecdotally: the internet's fundamental character is changing from a human communication network to a machine-to-machine substrate. The 8,000% surge in AI agent traffic aligns with the proliferation of agent frameworks we've covered extensively, including OpenAI's GPTs, Anthropic's Claude desktop automation, and open-source projects like AutoGPT and LangChain.
The cybersecurity implications are particularly significant. Human Security (formerly White Ops) has been tracking malicious bot activity for years, and their finding that even they categorize this as "machine-dominated internet traffic" suggests the scale has reached unprecedented levels. This creates a perfect storm for security teams: distinguishing between helpful AI research agents, commercial scraping bots, and malicious automation becomes increasingly difficult as all three categories use similar technical approaches.
From an infrastructure perspective, this validates architectural shifts toward agent-specific APIs and usage-based pricing models. We're already seeing this with OpenAI's ChatGPT usage limits and Anthropic's Claude console for managing organizational AI usage. The report suggests these trends will accelerate, with more platforms implementing explicit AI agent policies and potentially creating separate infrastructure lanes for human vs. automated traffic.
Frequently Asked Questions
What percentage of internet traffic is now bots?
While the Human Security report doesn't provide an exact percentage, their finding that bots have "overtaken" humans indicates bots now represent more than 50% of internet traffic. Previous estimates from companies like Imperva had put bot traffic at 47-49% in recent years, suggesting this year's surge pushed it over the halfway mark.
What's driving the 8,000% increase in AI agent traffic?
The explosion stems from three factors: the proliferation of LLM APIs making agent creation accessible, the development of agent frameworks that simplify automation, and increasing business adoption of AI for research, data gathering, and content generation. Each AI agent typically makes hundreds or thousands of web requests to complete tasks that humans would do manually.
How does this affect website owners and developers?
Developers need to implement more sophisticated bot detection that can distinguish between malicious bots, legitimate crawlers (like Googlebot), and AI research agents. Infrastructure must be scaled for non-human patterns—AI agents often make rapid, parallel requests rather than the sequential browsing of humans. Analytics platforms need to filter bot traffic to maintain accurate human engagement metrics.
Will this trend continue to accelerate?
Yes, all indicators suggest continued growth. As AI agents become more capable and cheaper to run, more organizations will deploy them for competitive advantage. The infrastructure is now in place for exponential growth, similar to how cloud computing enabled the first wave of web automation. The question isn't whether bot traffic will continue growing, but whether platforms can develop sustainable models for managing it.
