Bots Surpass Humans in Global Web Traffic for First

Automated bots have officially surpassed human internet traffic for the first time, marking a significant and rapidly accelerating shift in global web activity. This unprecedented change is occurring even faster than industry leaders had predicted.

Bots Surpass Humans in Web Traffic

According to data from Cloudflare Radar, bots now account for 57.5% of all HTTP requests to HTML pages globally, while human-generated traffic has fallen to just 42.5%.

The United States paints an even starker picture, with bot traffic commanding a staggering 71.5% share of domestic web requests, underscoring how deeply AI-driven automation has penetrated the world’s most connected markets.

The crossover is not limited to one data source. The 2025 Imperva Bad Bot Report independently confirmed that automated traffic breached the 50% threshold for the first time in a decade, reaching 51% of all global web traffic in 2024.

Cloudflare’s own network, which serves roughly 1 in 5 websites worldwide, showed the bot-to-human split at approximately 53% vs. 47% on HTML requests by the end of 2025.

Cloudflare CEO Matthew Prince, speaking at SXSW earlier this year, had projected that bot traffic would surpass human traffic by 2027, a prediction that has now arrived ahead of schedule.

Prince highlighted the scale difference between human and AI browsing behavior, where a human shopping for a product might visit five websites, and an AI agent performing the same task could query 5,000 sites.

This pattern is driven primarily by AI scrapers, large language model (LLM) training crawlers, and autonomous search agents built on models like OpenAI’s GPT, Anthropic’s Claude, and Google’s Gemini. AI-driven traffic specifically surged 187% in 2025, growing nearly eight times faster than human web activity during the same period.

The bot surge carries serious security implications. Of all automated traffic, 37% is classified as malicious, so-called “bad bots,” while only 14% are legitimate crawlers.

Publishers and advertisers are now grappling with fundamentally distorted analytics, as traffic dashboards reflect machine behavior rather than genuine audience engagement.

In response, emerging frameworks such as pay-to-crawl protocols are gaining traction. Cloudflare has already moved to block AI crawlers by default unless they compensate content creators.

As autonomous agents, AI-powered search tools, and LLM pipelines proliferate, the ratio will only tip further toward automation. The “agent economy” is no longer a 2027 forecast; it is the present reality of the internet, and the web’s infrastructure, monetization models, and security architectures will need to adapt accordingly.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.