Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

27% of bot attacks targeted APIs, allowing bots to bypass user interfaces and interact directly with backend systems at machine speed.

Thales
May 27, 2026
APIsBot Traffic

27% of bot attacks targeted APIs, allowing bots to bypass user interfaces and interact directly with backend systems at machine speed. — This cybersecurity statistic was published by Thales in May 2026. It covers topics including APIs, Bot Traffic. The original data appears in 2026 Bad Bot Report: Bad Bots in the Agentic Age. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 4/29/2026

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

27% of bot attacks targeted APIs, allowing bots to bypass user interfaces and interact directly with backend systems at machine speed. This data was published by Thales and covers APIs, Bot Traffic.

Where does this data come from?

This statistic comes from 2026 Bad Bot Report: Bad Bots in the Agentic Age, published by Thales on May 27, 2026. You can view the original report at https://www.imperva.com/resources/resource-library/reports/2026-bad-bot-report/.

What cybersecurity topics does this cover?

This statistic relates to APIs, Bot Traffic. Browse more statistics on APIs or from Thales.

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.

Wallarm2/22/2026
API SecurityAPIsKEV

62% of security professionals are blind to shadow or undocumented APIs.

Rein Security2/22/2026
APIsApplication SecurityShadow APIs

In 2025, 36% of AI-related vulnerabilities involved APIs (786 of 2,185 AI-related vulnerabilities).

Wallarm2/22/2026
AI-related VulnerabilitiesAPI SecurityAPIs

82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.

Endor Labs11/9/2025
MCP EcosystemSoftware DevelopmentSecurity Risks

Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.

BreachLock8/11/2025
APIsMisconfigurationData exposure

APIs in technology & SaaS providers' environments saw a 400% spike in critical vulnerabilities.

BreachLock8/11/2025
APIsVulnerabilitiesCritical vulnerabilities

Browse by Topic

APIsBot TrafficMore from Thales

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights