Decoding Digital Threats: Rising Cyberattack Benchmarks in the 2026 State of AI Traffic and Cyberthreat Benchmark Report

There’s a lot of conversation—rightfully so—around the potential of AI. 

At the same time that enterprises are using AI to boost productivity and output, “traditional” threat actors are leveraging automation to scale attacks at a terrifying clip—for example, malicious scraping attempts account for approximately 20% of product and search traffic globally. 

Monitoring threat activity is a crucial component in a defense posture. The newly published 2026 State of AI Traffic and Cyberthreat Benchmark Report by HUMAN uncovers a host of findings that will help defenders get a sense of where threat actors are focusing today.

As we have seen in the last seven years that we have monitored non-human internet traffic to develop our annual report, the types of attacks threat actors pursue remains unchanged. What has changed over 2025: Threat actors are adapting their tactics to bypass traditional defenses, leading to more complex and targeted attacks:

Each of these attack categories includes a variety of targets and tactics, and incorporate automation into one stage or another of their kill chain.

The Human Defense Platform protects a broad mix of organizations from varying industries, which is reflected in our report analysis. Because each business operates differently, the threats they face vary widely as well: even within the same industry, exposure can differ meaningfully. Looking at attack targeting from an industry level allows us to see at a glance how threat actors change their targets for similar reasons. As such, each of these main four attack types explained above tends to concentrate on specific industries.

Regarding this last industry, it’s important to note that if enough targets are protected from a particular tactic, the threat actor will eventually have to change the tactic. But if shifting the attack from one business to another starts becoming lucrative, threat actors will pursue this option far more often than not.

One of the most valuable pieces of information to a defender is what hacked accounts on their platform are worth to a hacker. This is a key lagging indicator of how threat actors perceive a company’s security posture, and our report surfaces how some of these prices have changed over the past year.

When a particular account becomes more difficult to hack, its price goes up, as it signals that a company’s defensive controls are making it more costly for a threat actor to strike . On the contrary, when prices drop, it can point to attackers finding easier, cheaper, or more scalable ways to obtain more hacked accounts. Organizations can track dark web pricing for attack types most closely tied to their business. Sustained price increases or decreases can help validate whether security and fraud controls thwart attackers’ ability to make money off of stolen accounts  or if attackers are simply adapting in ways that restore their margins.

What’s new in our report this year is the fact that our researchers combed through the trillions of interactions analyzed by HUMAN Sightline Cyberfraud Defense—unveiled to the public last year—to uncover patterns and trends in how humans use agentic tools and how threat actors target their attacks. HUMAN Sightline provides real-time visibility across bots, humans, and AI agents, and also houses our AgenticTrust module, which gives enterprises the granular capability to determine if a bot is trustworthy or not—not just if it’s a bot at all. The Threat Tracker capability within Sightline, also brand-new this year, identified more than 750,000 distinct threat profiles in 2025, giving organizations a look at how heavily-targeted they were.

In a world where only 0.5% separates “good” from “bad” bots, you can’t afford a binary defense. Every attempted interaction with your website—whether human or machine—requires in-depth, real-time analysis to determine its intent.