Bad Bots are Now One Third of Israeli Internet Traffic

Malicious bots now account for more than a third of Israel’s internet traffic, while human users represent less than half of all activity online, according to a new report by cybersecurity firm Imperva.

The annual Bad Bot Report, published by Imperva, a subsidiary of Thales, found that human users account for just 46% of Israeli web traffic. The rest is generated by bots, autonomous software programs operating online. Of total traffic in Israel, 36% is classified as “bad bots,” meaning automated tools used for malicious purposes.

The report describes Israel as a particularly complex cyber arena. While many countries face large-scale but relatively simple automated attacks, Israeli organizations are increasingly targeted by more sophisticated operations. Around 51% of bot attacks against Israeli organizations are classified as “advanced,” meaning they are designed to imitate human behavior and evade conventional cybersecurity tools.

“The alarming findings in this report, based on the analysis of network traffic across thousands of organizations and trillions of attacks, demonstrate that modern threats have evolved beyond mere data theft to the actual disruption of business operations,” said Nadav Avital, head of threat research at Imperva.

Avital said Imperva is seeing a sharp rise in traffic and attacks powered by artificial intelligence tools, a trend expected to accelerate as new cyber-focused AI models emerge.

He pointed to reports about Mythos, an AI model described as capable of analyzing large codebases, identifying vulnerabilities and generating exploits. Avital said such capabilities bring automated systems closer to the work of human security researchers.

At the same time, he said closed systems such as SaaS platforms and proprietary software still have defensive advantages. He added that the high cost of operating advanced AI attack systems currently limits their use mainly to nation-states and organized criminal groups.

Cybersecurity experts said AI is dramatically shortening the time between identifying a weakness and exploiting it.

Eyal Rahimi, vice president at MazeBolt, said DDoS defense has become harder because weaknesses often lie not in software code, but in customer-specific defense configurations across CDN, WAF and DDoS protection systems.

“AI has collapsed the time between ‘unknown weakness’ and ‘active exploit,’” Rahimi said, warning that periodic manual testing is no longer sufficient.

He said organizations need automated, environment-specific validation that tests defenses the way attackers do and identifies misconfigurations before they can be exploited.

Roy Akerman, who leads identity security strategy at Silverfort, said AI models are breaking long-standing assumptions about attackers being limited by time, mistakes and human capacity.

“Mythos-like models break all of those assumptions at once, compressing attack timelines from days to hours and acting on several routes simultaneously at a pace no security analyst can follow,” he said.

Akerman said cyber defense must increasingly operate in real time, monitoring identities, access attempts and actions as they happen.

Shay Mishel, managing partner at Merlin Ventures, said advanced AI models are lowering the barrier to sophisticated attacks, making capabilities once limited to states and intelligence agencies available to weaker actors.

He said the result is a shift from targeted attacks that companies could sometimes anticipate to threats that are constant, automated and operating at machine speed.