Bots claim majority of global web traffic as AI attacks skyrocket

Automated software programs, commonly known as bots, now account for 53 percent of all internet traffic.

This shift marks a crossover point where human activity is no longer the primary driver of web data exchange. According to a new report from Thales, the rise of the agentic era has made automation the defining security challenge for modern networks.

The data reveals a sharp escalation in the sophistication of these automated tools.

Malicious bot attacks driven by Artificial Intelligence (AI) surged 12.5x in 2025. This rapid growth suggests that bad actors are increasingly leveraging machine learning to bypass traditional security perimeters.

For infrastructure managers and developers in Kenya, these figures represent a growing threat to project management platforms and Building Information Modeling (BIM) systems.

As the construction industry moves toward greater integration of the Internet of Things (IoT), the vulnerability of connected hardware increases.

The report suggests that the "agentic era"—characterized by autonomous AI agents capable of making decisions—has arrived.

This evolution means that security protocols designed to stop simple, repetitive scripts are often ineffective against modern threats.

Kenya has seen a significant push toward digitizing government services and construction permitting processes. Systems such as the Electronic Development Application System (EDAS) rely on stable, secure web traffic to function.

A surge in automated hits can lead to Distributed Denial of Service (DDoS) events, which effectively lock legitimate users out of critical platforms.

If a contractor cannot access structural plans or procurement portals due to bot-induced downtime, the resulting delays can lead to massive man-hours lost.

The Thales findings indicate that these attacks are not just more frequent, but more targeted.

Large-scale infrastructure projects often involve complex supply chains. Each point of digital contact, from the architect’s server to the onsite supervisor’s tablet, is a potential entry point for a malicious bot.

Standard security measures are being outpaced.

Industry experts suggest that firms must adopt next-generation firewalls and behavioral analysis tools to distinguish between helpful bots, such as search engine crawlers, and those intending to steal data.

The 53 percent figure includes both "good" and "bad" bots.

Good bots are necessary for the modern web to function, handling tasks like indexing content and monitoring site performance. However, the malicious subset is becoming harder to filter.

As President Ruto continues to advocate for Kenya as a regional technology hub, the local private sector faces pressure to harden its digital assets.

The construction sector remains a high-value target due to the sensitive nature of proprietary engineering designs and financial data.

Security in the agentic era requires a shift from reactive to proactive defense.

Relying on manual monitoring is no longer feasible when the volume of automated traffic is this high. Companies are being urged to treat cybersecurity as a core component of physical infrastructure safety.

The Thales report concludes that automation is no longer a peripheral concern.

It is now the primary environment in which all digital operations exist. Adapting to this reality is essential for maintaining the integrity of global and local supply chains.