Radware's 2026 E-Commerce Bot Threat Report shows malicious bots accounted for 43% of e-commerce holiday traffic, up from 31% a year earlier, nearly matching the 46% human share. Nearly 70% of these bots were low-sophistication AI-driven attacks, driving 5x year-over-year account takeovers and a 15x increase in carding incidents.
Radware's 2026 E-Commerce Bot Threat Report found malicious bots generated 43% of holiday shopping traffic versus 46% by humans, up from 31% the prior year, marking a near-parity with genuine shoppers during peak season.
The report shows that 70% of malicious bot activity was low-sophistication attacks powered by generative AI, reflecting how AI tools lower barriers for a wider array of attackers.
At one large multinational retailer, account takeover attempts rose over 5-fold year-over-year, carding attacks increased roughly 15x and fake account registrations grew sixfold, while automated price and content scraping intensified.
These developments underscore the urgency for retailers to deploy advanced bot management and for Radware to leverage its AI-driven security solutions to distinguish legitimate automation from malicious threats at scale.
