The shift toward automation: the role of AI bots in internet security

bunny.net’s inaugural 2026 Edge Security Report reveals a rise in automated web traffic, highlighting how AI-driven activity is challenging traditional security models and reshaping the internet.

One out of every five requests reaching websites today is automated. AI-powered bots, AI crawlers, and API-driven traffic are changing how organisations interact with the internet and secure their online applications. According to bunny.net's 2026 Edge Security Report, which analysed 42.5 billion requests between January and May 2026, automated traffic now represents a share of internet activity.

The increasing use of AI in internet activity presents a security challenge: distinguishing legitimate automation from malicious traffic. During the report's five-month analysis, total traffic grew by 53%, while automated requests accounted for approximately 20% of all traffic. HTTP libraries such as curl, Python requests, and Go HTTP Client represented 19% of requests, exceeding the combined total of all declared bot categories. According to the report, this shift increases the need for security systems that can distinguish between legitimate automation and malicious activity in real time.

The report also found that AI crawlers now generate more traffic than traditional search engine bots, accounting for 0.54% of all requests compared with 0.50% for search bots. 

As automated traffic becomes a larger proportion of internet activity, the report notes that attackers can more easily identify vulnerabilities and target applications at scale. It argues that these threats affect organisations of all sizes that operate online services. According to the report, security measures need to adapt to increasing levels of automated traffic and respond to threats in real time.

The increase in automated traffic has coincided with increasingly aggressive cyberattacks. During the reporting period, bunny.net recorded its largest Layer 7 DDoS attack, peaking at 16.5 million requests per second from more than 392,000 distributed IP addresses, which the company states it mitigated without service degradation. Traditional web application attacks also remained common. Injection attacks, including SQL injection, cross-site scripting (XSS), and remote code execution, accounted for 45.5% of all categorised web application firewall (WAF) blocks. 

The report concludes that isolated, per-server security models are less effective against current traffic patterns. It states that with a substantial proportion of internet traffic now automated and attacks increasingly distributed and machine-driven, security controls should be deployed closer to where traffic originates to help prevent resource exhaustion, credential abuse, and application-layer exploits before malicious payloads reach backend infrastructure.

An examination of how Atlassian’s Rovo and Teamwork Graph introduce AI-driven automation into...
AI adoption in workplaces is accelerating but employees lag in readiness, revealing a pressing need...
Schneider Electric partners with Foxconn to develop AI data centres, aiming for speed, efficiency,...
Kyndryl extends its partnership with AWS to support global AI adoption.
Lenovo's new Hybrid AI Advantage introduces AI innovations that aim to enhance deployment...
Cequence has introduced Intent Graph and Biometric Check to help identify automated threats across...
Checkmarx has launched Checkmarx AI Inventory within the Checkmarx One platform, adding visibility...
According to research conducted by Cohesity in partnership with OnePoll, UK CEOs anticipate quick...