What Cloudflare’s Radar “2025 Year in Review” Tells Us About Internet Trends (AI Crawlers, Post-Quantum Adoption, DDoS Attacks) and What We Should Do in 2026

Cloudflare’s Radar “2025 Year in Review” is one of the clearest data-backed snapshots of how the Internet changed over the year and what technical leaders should prepare for next.

The report points to three major forces reshaping Internet operations:

• Rapid growth in AI-driven crawling (voicebot, AI assistant, etc.)
• Mainstream adoption of post-quantum (PQ) TLS
• Record-setting DDoS attacks at unprecedented scale

This is not just another trend summary. It’s operationally relevant because Cloudflare sits in the path of a massive share of global Internet traffic, which gives it unusually broad visibility into what is actually happening in production networks.

Why Cloudflare’s Radar Matters (and What It Actually Measures)

Cloudflare is a U.S.-based Internet infrastructure and cybersecurity company that helps websites, apps, and networks become faster, more secure, and more reliable. At a technical level, it often sits between users and the origin server:

User → Cloudflare Edge → Origin Server

Cloudflare Radar can observe broad patterns in web traffic and DNS activity because the company operates a large global edge network that spans hundreds of cities across more than 125 countries and processes huge volumes of traffic.

• Web traffic
• DNS activity
• Outages
• Bot behavior
• Cyberattacks
• Global Internet trends

In simple terms, Cloudflare’s Radar is a large-scale Internet observability dashboard built from real network traffic.

That matters because the 2025 report is not based on survey responses or limited lab tests: it reflects trends visible at Internet scale.

As per Cloudflare’s Radar, The 2025 Baseline: Internet Traffic Grew 19%

Before looking at security and AI-specific trends, one topline metric sets the context:

Global Internet traffic grew by 19% in 2025.

That baseline matters because it helps explain why everything else also intensified:

• More users
• More automation
• More Voicebot
• More bot activity
• More attack traffic
• More pressure on origin infrastructure
• More AI Assistant

In other words, 2025 was not just a “security story.” It was a capacity and resilience story too.

Trend 1: AI Is Moving From Apps Into Core Internet Traffic

The most important AI takeaway from Cloudflare’s 2025 data is this:

AI is increasingly visible as machine traffic on the Internet, not just as apps people use.

That includes:

• Bots collecting content for model training
• Crawlers gathering pages for AI-powered search and retrieval
• Fetching systems that load pages when users ask chatbots questions

The real issue is not hype; it’s infrastructure load

The practical implication is straightforward: AI-related crawling creates extra load on websites, even when the bots are not malicious.

Cloudflare noted that AI-related “user action” crawling increased by more than 15x in 2025.

This shift is important for platform, content, and reliability teams because it affects traffic:

• Consumes bandwidth
• Increases origin requests
• Affects cache behavior
• Can create spikes that look like abuse (even when they are not)

As per Cloudflare’s Radar, AI bots became a visible share of HTML traffic

Cloudflare also measured how much “normal” web page traffic (HTML requests) came from AI bots.

According to the report:

• AI bots averaged 4.2% of web page requests in 2025
• They ranged from 2.4% in early April to 6.4% in late June

Cloudflare also highlighted an important nuance:

• Googlebot alone averaged 4.5% of web page requests, reflecting how search and AI use cases increasingly overlap

What this means for website operators

For many organizations, AI bots should now be treated as an infrastructure load category, not only a marketing or SEO concern.

That means teams should:

• Track bot traffic separately from human traffic
• Apply bot governance policies
• Rate-limit heavy crawlers when needed
• Monitor origin impact (CPU, bandwidth, cache misses, request bursts)

Trend 2: Post-Quantum TLS Moved From Early Adoption to Mainstream

If 2024 was the first visible jump in post-quantum Internet encryption, 2025 was the year adoption accelerated sharply.

Cloudflare reported that by early December 2025:

• About 52% of normal human web traffic was using post-quantum encryption
• At the start of the year, the figure was 29%

Why this is a big deal

This is the clearest sign yet that post-quantum security is no longer an experimental niche. It is becoming part of the default Internet stack.

That shift is important because quantum-safe encryption migrations are not simple “flip the switch” projects. They involve:

• TLS stack support
• Certificate ecosystem readiness
• Hardware/software compatibility testing
• Performance validation
• Vendor dependency tracking

As per Cloudflare’s Radar post-quantum readiness is now a planning issue, not a future theory

The key takeaway for engineering and security leaders is this:

Post-quantum readiness has moved from theory to execution planning.

Organizations that start inventorying and testing now will be in a much stronger position than those who wait for compliance pressure or emergency migration deadlines.

Trend 3: DDoS Attacks Reached Industrial Scale in 2025

Cloudflare’s 2025 findings on DDoS attacks are blunt:

Attacks were not only bigger but they also became more frequent at extreme sizes.

Cloudflare describes the largest floods as hyper-volumetric DDoS attacks, meaning attacks above:

• 1 terabit per second (Tbps), or
• 1 billion packets per second (Bpps)

These are not ordinary spikes. They are massive traffic floods designed to knock services offline quickly.

Hyper-volumetric attacks became more common across the year

Cloudflare reported that in 2025:

• July saw 500+ hyper-volumetric attacks
• Even the lowest month (February) still had 150+

The year also showed a clear escalation in attack intensity:

• Late August: ~10 Tbps attack
• Early September: multiple attacks above 10 Tbps
• Late September: attacks above 20 Tbps
• Early October: peaks around 29.7 Tbps
• Early November: 31.4 Tbps record attack

Cloudflare also reported that packet-based attacks peaked at:

• 14 billion packets per second (Bpps) in October

The annual picture is even more alarming

For 2025 as a whole, Cloudflare reported:

• 47.1 million DDoS attacks
• 121% overall increase
• More than double the prior year
• An average of 5,376 attacks blocked per hour by cloudflare ddos protection service

Most growth came from network layer DDoS attacks, which roughly tripled year over year.

Critical Operational Detail: Modern DDoS Attacks Are Fast

A major mistake in many resilience plans is assuming attacks ramp slowly.

Cloudflare’s 2025 data shows the opposite.

• One major campaign early in the year lasted 18 days and used multiple techniques
• The 31.4 Tbps record attack lasted only 35 seconds

That changes how organizations should think about defense.

Why speed matters more than peak size alone

If your protection depends on manual escalation or delayed mitigation, a short hyper-volumetric attack can cause disruption before your team even finishes triage.

This is why always-on mitigation and automated response paths are now baseline requirements, not premium options.

What the 2025 Cloudflare Radar Data Means for Technical Leaders

Cloudflare’s 2025 report is ultimately a signal that Internet operations are becoming more machine-driven, more cryptographically dynamic, and more attack-prone at scale.

The strategic implications are clear:

1. AI crawlers are now operational traffic
2. Post-quantum encryption is entering mainstream deployment
3. DDoS resilience must be designed for extreme, short-duration bursts

This affects not just security teams, but also platform engineering, reliability, web operations, IAM/PKI, and vendor management.

Recommended Actions for 2026 

1. CISO / Security Leadership

Define acceptable levels of degradation during attack conditions (downtime, latency, transaction failure rates).
Make sure DDoS protection is always on, not something activated only during an incident.

Priority actions:

• Establish resilience Service Level Objectives for attack scenarios
• Require regular attack-readiness reviews
• Align cyber resilience metrics with executive reporting

2. Network and Reliability Teams

Run practical simulations for hyper-volumetric events and verify that failover paths work under stress—not just on paper.

Priority actions:

• Test high-throughput traffic handling
• Validate scrubbing/mitigation routing behavior
• Confirm backup capacity and burst handling
• Rehearse incident playbooks for very short attack windows

3. Platform Engineering

AI crawlers can generate significant loads without being malicious. Treat them as a separate workload class.

Priority actions:

• Segment bot traffic analytics from user traffic
• Rate-limit excessive bot request patterns
• Track cache impact and origin amplification
• Create bot-specific thresholds and alerts

4. Web/Content Teams

AI use of content is now a policy and infrastructure issue—not just a publishing issue.

Priority actions:

• Publish clear crawling policies (robots.txt and related controls)
• Define which AI bots are allowed, limited, or denied
• Monitor whether crawlers follow declared rules
• Coordinate with legal/compliance on content usage policy

5. Security Engineering

Post-quantum migration will be gradual. Teams that inventory first will migrate faster later.

Priority actions:

• Create an encryption asset inventory
• Identify TLS termination points and dependencies
• Validate PQ readiness in edge, Content Delivery Network, and app layers
• Test legacy hardware/software compatibility early

6. Identity & Certificate Teams (IAM / PKI)

Certificate and trust infrastructure will evolve as post-quantum adoption grows.

Priority actions:

• Track browser and platform roadmaps
• Test certificate size/performance impacts
• Review PKI tooling for PQ-era compatibility
• Prepare phased certificate lifecycle updates

7. Vendor Management/Procurement

Your resilience posture is only as strong as your critical vendors.

Priority actions:

• Ask vendors (especially SaaS providers) about:
  • DDoS resilience architecture
  • Post-quantum roadmap
  • Incident response commitments
• Add cyber resilience and cryptographic readiness to vendor reviews

Executive Takeaway for 2026 Planning

For executive teams, the message is simple:

• Assume constant attack conditions
• Start post-quantum preparation now
• Treat AI crawlers as infrastructure load
• Make resilience a performance objective, not an emergency response

In 2026, organizations that do this well will be more secure, reliable, adaptable, and less prone to operational surprises.

One-Sentence Summary of Cloudflare’s Radar “2025 Year in Review” 

Modern Internet operations now require always-on attack resilience to prevent DDoS attacks today, structured bot governance, and early post-quantum preparation.