Cloudflare report shows how AI bots, encryption, and growing attacks shaped the internet in 2025
Cloudflare has released its 2025 Radar Year in Review, the sixth annual report examining broad trends in internet traffic, security, and technology adoption across its global network over the past year. Using aggregated data from web requests, bots, and connectivity signals, the report shows how automation, encryption changes, and attacks shaped online services worldwide.
Internet traffic continued to rise across the year, with Cloudflare reporting overall growth of 19 percent. Levels stayed relatively steady through the first six months or so before accelerating from late summer onwards. For website operators, this trend reflects a steady increase in demand, although it also drives higher infrastructure costs and greater exposure to outages or attacks.
SEE ALSO: Cloudflare introduces tools to manage AI risks and protect data
Cloudflare ranked the most popular internet services using anonymized traffic data from its 1.1.1.1 public DNS resolver, which reflects how millions of people access sites and online services around the world. The top of the list looked much the same as last year, with Google and Facebook still leading, although there was some movement further down as Microsoft, Instagram, and YouTube moved up, and Amazon Web Services and TikTok fell slightly.
When Cloudflare looked specifically at generative AI services, ChatGPT remained by far and away the most used tool, but services like Perplexity, Claude, and GitHub Copilot gained ground and newer tools such as Google Gemini, Windsurf AI, Grok, and DeepSeek appeared in the top ten.
Satellite connectivity featured more prominently in 2025 data. Traffic linked to Starlink more than doubled over the year as service expanded into additional countries and usage increased where it was already available.
Cloudflare and AI
AI-related crawling was one of the biggest sources of change. Cloudflare treats Googlebot as a dual-purpose crawler because it gathers content for both search indexing and AI training. Across 2025, Googlebot alone generated about 4.5 percent of HTML requests to Cloudflare-protected sites. In comparison, all other AI bots combined averaged about 4.2 percent. At certain points in the year, Googlebot’s share rose even higher before settling back.
Crawling supports discovery and indexing, which benefits publishers like us that depend on search visibility. At the same time, it creates load without guaranteeing incoming readers. To explore that imbalance, Cloudflare introduced a crawl-to-refer ratio that compares how often platforms crawl pages with how often they send users back. Anthropic showed the highest ratios at times, while Perplexity tended to send proportionally more referral traffic relative to how much it crawled.
Cloudflare says AI crawler user agents such as GPTBot and ClaudeBot were among the most frequently fully blocked in robots.txt files during 2025. Search crawlers like Googlebot and Bingbot were more commonly restricted on specific paths rather than across entire sites, suggesting a more selective approach to access control.
Encryption trends moved in the opposite direction, with clearer upsides. Cloudflare reports that post-quantum encrypted traffic rose from 29 percent at the start of the year to 52 percent by early December. This type of encryption is designed to reduce the risk of data collected today being decrypted in the future, although it also adds technical complexity for services still updating their stacks.
Attacks inevitably grew over the year. 6.2 percent of global traffic on Cloudflare's network was mitigated during the year, either because it was flagged as malicious or blocked by customer rules. The security firm also tracked a series of increasingly large DDoS attacks, culminating in a peak of 31.4 terabits per second late in the year.
Email was, as always, a major entry point for abuse. Cloudflare says an average of 5.6 percent of analyzed emails were malicious, with deceptive links and impersonation dominating. It also found that messages from certain top-level domains, including .christmas and .lol, were either spam or malicious.
Taken together, the report presents an internet that is expanding, automating, and encrypting more of its traffic, while also attracting higher volumes of abuse. You can access the full 2025 Cloudflare Radar Year in Review here.
What do you think about Cloudflare's report? Let us know in the comments.
