The internet is undergoing a fundamental transformation, with new data suggesting that autonomous software is increasingly dominating online activity. According to the annual Bad Bot Report by cybersecurity firm Imperva, a subsidiary of Thales, artificial intelligence-driven automation has become a primary force shaping the digital landscape, steadily marginalizing human activity online.
The findings paint a particularly troubling picture for Israel. Human users now account for less than half of all web traffic in the country, representing just 46%, while the majority is generated by bots — autonomous software programs operating online. Of that traffic, 36% is classified as “Bad Bots,” automated tools designed for malicious activity.
The report describes Israel as a uniquely complex cyber battleground. While many global markets face large-scale but relatively unsophisticated attacks, Israeli organizations are increasingly targeted by more precise and advanced operations. Roughly 51% of bot attacks directed at Israeli organizations are categorized as “Advanced,” meaning they are designed to closely mimic human behavior and evade conventional cybersecurity defenses.
“The alarming findings in this report, based on the analysis of network traffic across thousands of organizations and trillions of attacks, demonstrate that modern threats have evolved beyond mere data theft to the actual disruption of business operations,” said Nadav Avital, head of threat research at Imperva.
Avital said the company is seeing a sharp increase in traffic and attacks powered by AI tools, a trend expected to accelerate with the emergence of new cyber-focused AI models such as Mythos.
“Reports on the Mythos model indicate a major leap in automated analysis of large codebases, vulnerability discovery, and exploit generation,” he said. “Its ability to perform logical analysis across entire systems, rather than isolated snippets, brings it closer than ever to the capabilities of a human security researcher.”
At the same time, Avital noted that closed systems such as SaaS platforms and proprietary software still retain an advantage, while the high operational costs associated with advanced AI capabilities currently limit their use primarily to nation-states and organized crime groups.
“The window remains open”
The rise of offensive AI is also dramatically shortening the response times required from organizations defending against cyberattacks.
Eyal Rahimi, vice president at MazeBolt, said the DDoS threat landscape has fundamentally changed: “DDoS security is fundamentally different — the vulnerabilities don’t live in the software itself, but in the defense configurations specific to each customer’s environment across CDN, WAF, and DDoS protection stacks,” Rahimi said.
“AI has collapsed the time between ‘unknown weakness’ and ‘active exploit,’ and in DDoS that’s especially dangerous because manual testing is too slow, periodic testing is ineffective, and misconfigurations are exposed the moment they exist,” Rahimi said that while Mythos is often framed as a software vulnerability issue, the broader lesson applies to every internet-facing attack surface.
“The only way to keep pace is automated, environment-specific validation that probes defense the way attackers do, surfacing misconfigurations and coverage gaps before adversaries can weaponize them,” he said. “Anything slower is just leaving the window open.”
A battle of agents against agents
Cybersecurity experts say the rapid evolution of AI-powered attacks is forcing a fundamental rethink of defense strategies.
“Mythos-like models are turning everyone into elite cyber attackers, taking small hacking opportunities and chaining them into a full operation, like playing multi-dimensional chess against a machine,” said Roy Akerman, who leads identity security strategy at Silverfort following its acquisition of Rezonate, the company he co-founded with Ori Amiga.
According to Akerman, the cybersecurity industry has long operated under the assumption that attackers are constrained by time, human error and limited capacity — assumptions that AI systems are rapidly dismantling.
“Mythos-like models break all of those assumptions at once, compressing attack timelines from days to hours and acting on several routes simultaneously at a pace no security analyst can follow,” he said.
Akerman argued that security systems can no longer rely solely on detecting attacks after they occur, but instead must operate within the transaction itself, monitoring identities, access attempts and actions in real time.
“This is Run-Time Protection, where agents fight agents, and where identity — human, machine and agentic — becomes the last and most critical line of defense,” he said.
Shay Mishel, managing partner at Merlin Ventures, said frontier AI models such as Mythos are fundamentally reshaping the cybersecurity landscape by lowering the barrier to sophisticated attacks and dramatically reducing the time between vulnerability discovery and exploitation.
“Capabilities that were once the exclusive domain of nation-states and intelligence agencies are now accessible to actors with far more limited resources,” Mishel said.
He added that AI systems are also expanding the range of potential targets by continuously scanning legacy systems and overlooked infrastructure for exploitable weaknesses.
“The result is a shift from targeted attacks that organizations could sometimes anticipate and prepare for, to an environment in which threats are ubiquitous, operate at machine speed, and scale automatically,” Mishel said.
“In this reality, every organization must develop a deep understanding of its attack surface and ensure it has the appropriate layers of defense in place for every possible scenario,” he added.