AI and bots already dominate the internet — and the numbers prove it
Artificial Intelligence is no longer a supporting player on the internet — it has taken center stage for good. And we are not talking about a futuristic prediction or a hypothetical scenario. We are talking about hard data, published by one of the leading cybersecurity companies in the world, that makes it crystal clear: machines have already surpassed humans as the main source of web traffic.
The State of AI Traffic Report, published by Human Security, painted a picture that few expected to see so soon. Automated traffic — the kind generated by software systems, including Artificial Intelligence, rather than actual people — grew nearly 8 times faster than human traffic throughout 2025. In practical terms, that means when you visit a website today, there is a very real chance that the majority of other visits to that same page are not coming from real people.
They are bots, autonomous agents, and large language models like OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini browsing, collecting data, and executing tasks — often without any direct human intervention. 🤖
And the most interesting part is that none of this is necessarily bad. The report raises deep and important questions about how the internet was built, who it was originally designed for, and what changes now that machines are already the majority of online traffic.
What the numbers really say about automated traffic
When Human Security published its report last Thursday, the number that grabbed the most attention was the growth ratio: automated traffic expanded nearly eight times faster than human-generated traffic in 2025. To put that in perspective, imagine that for every new human user accessing a site, eight new automated agents also started doing the same thing. That difference in scale is massive and changes practically everything we knew about how the internet works on a daily basis — from how servers are sized to how marketing teams interpret audience data.
Stu Solomon, CEO of Human Security, summed up the situation well in an interview with CNBC:
The internet as a whole was created with this very basic notion that there is a human being on the other side of the computer screen, and that notion is being replaced very quickly.
The report also revealed that Artificial Intelligence traffic specifically — driven by the proliferation of large language models — increased an impressive 187% between January and December 2025. This growth has a straightforward explanation: more and more people are turning to AI chatbots to handle everyday questions, and these systems need to consume web content at massive scale to keep learning and delivering up-to-date answers.
But what exactly makes up this automated traffic? The answer is more varied than it might seem at first glance. A significant portion comes from the crawlers of major language models, such as OpenAI’s GPTBot, Anthropic’s ClaudeBot, and Google’s crawlers that feed Gemini. Another portion comes from monitoring tools, traditional indexing systems, competitive analysis platforms, and, of course, malicious bots that try to exploit vulnerabilities or collect data without authorization. All of this blends together into a continuous flow that is, more often than not, completely invisible to the average user.
Solomon was direct about it: Machine-based traffic is effectively replacing humans as the dominant form of traffic on the other side of the internet.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
The explosion of autonomous agent activity
One of the most surprising data points from the Human Security report is not about the overall growth of automated traffic, but rather a specific subcategory: agentic activity. We are talking about AI agents that carry out actions completely autonomously on behalf of a user — like browsing websites, filling out forms, comparing prices, and even completing transactions.
While agentic activity volume was practically negligible in 2024, Human Security recorded a growth of nearly 8,000% in this type of traffic throughout 2025. Yes, eight thousand percent. Tools like OpenClaw and other open-source agents gained traction rapidly, and the market responded with an avalanche of solutions built around this concept.
This explosive growth reflects a fundamental shift in how people interact with the internet. Instead of opening a browser, typing a URL, clicking through links, and reading pages manually, more and more tasks are being delegated to Artificial Intelligence agents that do all of that automatically and much faster. From the perspective of the server receiving those visits, it makes no difference whether it was a human or a bot — the request is the same. But for anyone who needs to understand traffic, protect systems, or monetize an audience, the difference is enormous. 🚀
Good bots, bad bots, and the ever-growing gray area
There is a very common misconception when it comes to bots: the tendency to treat all of them as threats. But the reality is far more complex and, in some ways, much more interesting. Bots considered legitimate are actually a fundamental part of the modern internet infrastructure. Search engine crawlers, for example, have been around for decades and are what allows any website to appear in Google results. Without them, the web would be far less navigable and useful.
Solomon himself made a point of highlighting this: This notion that machine is bad and human is good is just not realistic. You have to live in a world where machines are acting on our behalf, and we need to establish a level of trust that is persistent over time.
Popular features like Google’s AI Overview and automatic form filling also generate automated traffic, and they are tools that most people use daily without even realizing they are triggering automated requests.
On the other hand, malicious bots represent a serious and growing problem in the field of cybersecurity. They can be used to carry out brute-force attacks on login systems, aggressively scrape copyrighted content, artificially inflate engagement metrics on digital platforms, commit fraud in online advertising systems, and even map out vulnerabilities in web applications before the developers themselves notice. The Human Security report indicates that a considerable portion of the increase in automated traffic is tied to this kind of activity, which makes the landscape even more challenging for anyone who needs to protect systems and data.
And between these two categories lies an ever-growing gray area: Artificial Intelligence agents that operate autonomously at the request of human users. When you ask an AI assistant to search the web for you, it accesses pages, collects information, and comes back with an answer. From the perspective of the server that received that visit, it was a bot. But behind it was a real human intention. This increasingly blurred boundary between human action and automated action is one of the biggest challenges the cybersecurity sector will have to face in the coming years. 🧩
The limitations of the report and the debate over methodology
It is important to note that, despite being impressive, the data from Human Security does not represent an absolute and total picture of the internet. The report was based on data collected by the Human Defense Platform product, which the company says processed more than one quadrillion interactions across its clients. That is a massive volume, no doubt, but quantifying automated activity across the entire internet is an inherently challenging task, since there is no complete, unified database of all online interactions.
Filippo Menczer, a professor of Informatics and Computer Science at Indiana University, offered an important counterpoint in an interview with CNBC:
You can try to estimate the amount of bot traffic by looking at agent strings, but these are very noisy estimates. They depend on what sample you get. They depend on where you are collecting the data, where the measurements are coming from.
User-agent strings are basically self-identification labels that web crawlers use to introduce themselves when they access a site. The problem is that not all bots identify themselves accurately — and the Human Security report itself acknowledges that the reliability of this self-identification is a growing concern. Some bots deliberately disguise themselves as human browsers to avoid being blocked, which makes measurement even more complicated.
Even so, the report serves as a significant benchmark in the era of AI on the internet. It confirms a trend the industry has been tracking since the launch of ChatGPT in 2022 and provides concrete data that helps gauge the speed of this transformation.
Cloudflare’s perspective and projections for the future
The data from Human Security does not exist in a vacuum. Other companies that operate within the internet’s infrastructure have also been observing this same trend with growing concern. At the SXSW conference, held last week in Austin, Matthew Prince, CEO of Cloudflare, shared his own perspective on the matter.
Prince stated that, before the era of generative AI, the internet had roughly 20% bot traffic, and most of that was driven by Google’s web crawler. Now, with the explosion of large language models and their insatiable need for data, that percentage has been climbing at an accelerated pace.
The Cloudflare CEO’s prediction is that AI bots will surpass human traffic by 2027 — a projection that, in light of the Human Security data, might even be conservative. If automated traffic is already growing eight times faster than human traffic, the crossover point could arrive sooner than many expect.
Prince specifically cited the rise of generative AI and its constant, massive appetite for data as the main driver of this transformation. Every time a language model is trained or updated, it needs to consume colossal amounts of web content — and that process shows no signs of slowing down. On the contrary, with new models being released every few months and competition among OpenAI, Anthropic, Google, Meta, and others intensifying, the demand for data is only set to grow. 📈
What this means for people who build and maintain websites
For developers, systems architects, and product teams, the growth of automated traffic driven by Artificial Intelligence brings very real and urgent implications.
The first involves performance and infrastructure. If a growing and majority share of a site’s traffic is made up of automated agents making requests at high speed and in large volume, servers need to be sized to handle that load — and caching strategies, rate limiting, and overload protection need to be reviewed far more frequently than was typical. A site that was perfectly configured two years ago may be completely out of step with the current reality of 2025.
The second important implication is about data and metrics. Much of what marketing and product teams use to make decisions — page views, bounce rate, time on page, traffic sources — may be significantly distorted by the massive presence of bots and Artificial Intelligence agents. This does not mean analytics tools have completely lost their value, but it does mean that interpreting this data without accounting for the volume of automated traffic is like navigating with an outdated map. Companies that can more accurately separate human behavior from automated behavior will have a real competitive edge in data-driven decision making.
Finally, there is the critical issue of cybersecurity and access control. With language models and autonomous agents becoming increasingly sophisticated, traditional detection techniques — like CAPTCHAs and click-pattern analysis — are quickly becoming obsolete. The new AI agents are capable of solving challenges that were once considered exclusively human, which forces the industry to completely rethink how it identifies and handles automated access.
Protocols like robots.txt, created in the 1990s to guide simple crawlers, clearly were not designed for the world of LLMs and autonomous agents in 2025. This gap between what the internet’s infrastructure offers and what the current landscape demands is one of the most urgent topics in the tech sector. 🔐
What this means for everyday internet users
For the average user, this scenario might feel distant or even abstract — after all, the site still loads normally, the content still shows up, and the experience seems the same as always. But the changes are very real and already affect online life in ways that might not be immediately obvious.
One of them is the quality of the content you find. With language models consuming and redistributing information at industrial scale, the risk grows that inaccurate, outdated, or deliberately manipulated content spreads faster than ever — and gets presented as reliable answers by AI assistants without proper context or adequate source verification. When most of the traffic is automated, the dynamics of how information circulates and gets validated on the internet change in a fundamental way.
Another relevant dimension is privacy and data tracking. Artificial Intelligence agents that browse the web collect information far more efficiently and comprehensively than humans. This means that publicly available data — like forum posts, social media comments, or information on personal websites — can be indexed, combined, and used in ways that go far beyond what anyone imagined when they originally posted that content. The discussion about what should or should not be accessible to these systems is increasingly relevant and still far from having a clear answer, whether from a technical or regulatory standpoint.
An internet that is no longer the same
There is also a deeper dimension that the Human Security report, even without directly venturing into this territory, ends up provoking. The internet was built as a space for communication between people. Protocols, standards, formats, interfaces — everything was designed to facilitate the exchange of information between human beings. Now, for the first time in the history of the network, machines are the majority of the traffic.
This is not necessarily the end of something good, but it is certainly the beginning of something very different. The industry has been tracking this escalation of automated traffic with increasing attention since the launch of ChatGPT in November 2022, and the 2025 data confirms that the growth curve has not only held steady but has accelerated significantly.
The implications range from how content creators will be compensated in a world where the primary audience of their sites may be composed of machines, to how advertising networks will differentiate human impressions from automated ones, to regulatory questions that governments around the world are only just beginning to address.
Understanding this moment clearly and without alarmism is the first step toward navigating this new phase of the internet well. The data is on the table. The structural shift has already begun. And how companies, developers, and users adapt to this reality will define a great deal of what the internet will look like in the years ahead. 🌐
