AI insights in 2025: Cloudflare’s latest Year in Review paints a blunt picture of an Internet dominated by automated traffic, rapid Post-Quantum Encryption Adoption, and Go Language Usage Doubles for API clients. Global traffic grew 19 percent, yet a growing share of those requests came from AI Bot Activity instead of human users. Googlebot stayed in front with a massive share of HTML crawls, while user-driven agents such as ChatGPT-based bots multiplied their hits without sending equivalent referral traffic back to publishers. For security teams and engineers, this shift forces a hard rethink of capacity planning, analytics, and monetization models.
Behind the traffic surge, encryption technology advanced at record speed. Around half of human web sessions now use post-quantum encryption, up from below one third at the start of the year. At the same time, Go-based API clients almost doubled their share of automated calls, showing how quickly developer priorities evolve when performance, concurrency, and security become strategic. For a mid-sized SaaS provider such as the fictional company NetPulse, these trends converge in daily operations: rising AI scraping pressure, harsher DDoS waves, and stricter requirements from customers that expect both speed and post-quantum protection by default.
AI insights in 2025: Cloudflare Year in Review for traffic and bots
The Cloudflare Year in Review aggregates data from its global network and the 1.1.1.1 resolver to quantify how AI Bot Activity reshaped traffic patterns in 2025. Overall Internet usage grew about 19 percent, with platforms like Google and Meta’s services still dominating user attention. Connectivity options evolved too, with satellite providers such as Starlink growing several times faster than traditional access networks, which shifts the latency and routing profile that applications need to support.
Within this expanding traffic base, Cloudflare reports a sharp rise in AI-related crawling. Googlebot alone accounted for roughly 4.5 percent of all HTML requests on Cloudflare properties, confirming its central role in both classic search indexing and AI training pipelines. When user-triggered agents are added, such as ChatGPT-User and similar tools, “user action” crawling jumped around 15x compared to the previous year, which aligns with the explosion of chat-based assistants integrated into browsers and productivity tools.
AI insights in 2025: crawl-to-refer ratios and content value
One of the most striking metrics in the Cloudflare Year in Review concerns crawl-to-refer ratios for major AI platforms. For several large AI vendors, the number of bot hits per human referral visit from their products climbed steeply. Anthropic reached ratios as high as 500000 to 1 in extreme cases, while OpenAI peaked around 3700 to 1, highlighting how often their bots read pages compared to how rarely users click through from AI answers.
Perplexity showed the lowest crawl-to-refer ratio among the large AI platforms, which suggests a stronger feedback loop between answers and source attribution. For a publisher like NetPulse’s blog, this detail translates into direct business impact. AI Bot Activity consumes bandwidth, origin compute, and cache invalidations with limited upside if users never visit the original content. Traffic logs fill up with GPTBot, Bingbot, GoogleOther, and similar agents, while human sessions plateau or even decline.
Technical leaders use this insight to negotiate bot access rules, rate limits, and monetization strategies. Some introduce “AI-only” paths, adjusted caching, or token-based access for high-volume crawlers. In that sense, the Cloudflare report turns an abstract AI debate into a concrete operations and revenue management question.
AI insights in 2025: dominant bots and verified traffic share
Beyond ratios, the Cloudflare Year in Review details which specific bots drive most automated hits. Googlebot stayed in front, responsible for more than 28 percent of traffic from verified bots. Related Google services such as AdsBot, Image Proxy, and GoogleOther reinforced this lead and show how broad the company’s crawling footprint is across advertising, images, and other verticals.
OpenAI’s GPTBot and Microsoft’s Bingbot followed with shares around 7.5 percent and 6 percent of verified bot traffic, respectively. Together, these actors define much of the AI Bot Activity profile seen at origin servers. For NetPulse, whose marketing site and documentation portal sit behind Cloudflare, this means bot-driven load is no longer a background task. It is a first-class design factor on par with human peaks during product launches.
AI insights in 2025: managing aggressive crawling in practice
Handling this crawling pressure drives new practices on many teams. Engineers increase reliance on WAF rules and bot management to differentiate legitimate indexing bots from unverified scrapers. Log sampling and aggregation become essential to avoid drowning in raw request data. At the same time, product managers track how often AI answers include brand mentions or links, to evaluate whether high-volume crawling deserves a green light.
Performance tuning goes hand in hand with this. Since bots hit pages at machine speed, NetPulse optimized caching strategies at Cloudflare’s edge and reworked some assets to load faster. Articles about browser performance reference practical methods like the ones outlined in guides similar to improving the speed of your web browser, because a fast, lean site serves both human users and automated clients more efficiently. The final lesson here is simple: bots behave like impatient users at scale, so every millisecond counts.
AI insights in 2025: Post-Quantum Encryption Adoption reaches 50 percent
On the security front, the Cloudflare Year in Review shows that Post-Quantum Encryption Adoption reached roughly 50 percent of human web traffic by the end of 2025. At the beginning of the year, that share sat near 29 percent. This fast growth reflects concrete deployment of post-quantum key exchange across browsers, CDNs, and large services, not only theoretical discussions in cryptography circles.
The driver is the “harvest now, decrypt later” threat model. Attackers capture encrypted data today with the expectation that future quantum computers will break classical algorithms. When Post-Quantum Encryption wraps those sessions, long-term confidentiality risk drops sharply. For NetPulse, which handles customer analytics and API data, this matters for compliance with stricter data retention and privacy requirements from enterprise clients.
AI insights in 2025: encryption technology and performance tradeoffs
Switching to post-quantum suites raised concerns about handshake size, CPU impact, and latency. Cloudflare’s measurements show that modern implementations minimize these costs, especially when combined with HTTP/3 and efficient TLS termination at the edge. For most users, the only noticeable change is better long-term protection, not slower pages.
Security-focused investors and analysts follow these shifts closely. Reports on cybersecurity stocks highlight vendors with strong encryption technology roadmaps, including post-quantum support. For technology leaders, the takeaway from the Year in Review is clear. Post-quantum capabilities moved from experimental to mainstream, and any new product without a migration plan risks falling behind both attackers and compliance expectations.
AI insights in 2025: Go Language Usage Doubles for API traffic
Another core finding in the Cloudflare Year in Review concerns backend and API ecosystems. Among automated API requests, around 20 percent now originate from Go-based clients, up from about 12 percent a year earlier. In other words, Go Language Usage Doubles in relative share, while Python, Java, and Node.js keep strong positions but grow more slowly in this specific segment.
This shift aligns with what many teams report. Go offers simple concurrency primitives, good memory behavior, and straightforward deployment as static binaries. For NetPulse, re-writing a legacy Node.js metrics collector into Go reduced p95 latency and memory usage under peak bot scraping conditions. With AI Bot Activity driving bursts of API queries, such efficiency gains directly reduce infrastructure costs.
AI insights in 2025: language choices, APIs, and security posture
Language adoption also connects to security and maintainability. Go’s ecosystem includes popular HTTP clients and gRPC libraries that integrate well with observability stacks, which helps detect anomalies in traffic caused by bots or abusive clients. Combined with Cloudflare’s edge analytics, teams get a clearer picture of how their APIs behave under stress.
At the same time, older stacks such as PHP and classic Java continue to dominate many top sites, according to the Cloudflare Year in Review scans across popular domains. JavaScript frameworks such as React still lead for user interfaces, with Vue and others following. Rather than a sudden shift, the doubling of Go Language share indicates a gradual recalibration in the layers where concurrency and throughput matter most, especially under AI-driven traffic profiles.
AI insights in 2025: DDoS, outages, and real-world cybersecurity pressure
The Year in Review also details how cybersecurity pressures intensified. Cloudflare observed record-breaking hyper-volumetric attacks at network layers 3 and 4, often exceeding one terabit per second or one billion packets per second. These are not theoretical lab tests but real attempts against critical services, including providers that support civil society, media, and financial platforms.
NetPulse’s incident response playbooks now explicitly assume that DDoS incidents blend with spikes in AI Bot Activity. For example, a sudden rise in “legitimate” looking crawlers can mask a concurrent flood of junk traffic from a botnet. Analyses of campaigns such as the Shadowv2 botnet DDoS on AWS show how attackers coordinate large IoT swarms with application-layer noise to bypass naive thresholds. Cloudflare’s report functions as a stress test summary for this environment.
AI insights in 2025: outages, shutdowns, and policy-driven disruption
Interestingly, almost half of the major outages recorded in the Cloudflare Year in Review were not due to pure technical failures. They came from planned shutdowns, often ordered to reduce cheating during academic exams or to control unrest during protests. Fiber cuts, including submarine cable incidents, accounted for another large portion of disruptions across regions.
For NetPulse and similar SaaS platforms, this means business continuity plans must consider both technical and policy-driven outages. Multi-region deployment and diverse transit providers help, but user experience still suffers when entire countries throttle or block traffic. Observability from Cloudflare’s Radar tools gives operations teams early signals about regional issues so they can adapt routing policies or inform customers quickly.
AI insights in 2025: adoption, performance, and user expectations
Across these topics, one pattern appears repeatedly in the Cloudflare Year in Review. Adoption of new technologies tends to move in step with user expectations about speed and safety, not isolated from them. Post-Quantum Encryption Adoption scaled up because browsers and major platforms shipped it without adding friction. Go Language Usage Doubles for APIs because engineers prefer simple, fast tools when traffic loads accelerate.
End users still judge services on responsiveness and reliability first. That is why performance tuning plays such a large role in both SEO and user retention. Guides such as browser speed optimization might focus on the client side, but similar principles apply in the backend: reduce round-trips, compress assets, and keep hot paths simple. AI Bot Activity and encryption overheads amplify penalties for inefficient design, so each wasted query or heavyweight script hurts more than before.
AI insights in 2025: practical checklist for technical leaders
To translate the Cloudflare Year in Review findings into actionable steps, technical leaders often condense them into a short checklist. NetPulse’s architecture board, for instance, reviews the following items during quarterly planning sessions to align infrastructure and product priorities.
- Audit bot traffic and define explicit policies for major AI crawlers, including rate limits and allowed paths.
- Enable and monitor Post-Quantum Encryption on edge and origin connections, with performance baselines before and after rollout.
- Reevaluate API client implementations and consider Go for high-throughput or latency-sensitive integrations.
- Strengthen DDoS protection at both network and application layers, and rehearse incident response with realistic attack scenarios.
- Track regional outage patterns and embed routing, caching, and user communication plans that account for policy-driven shutdowns.
Each of these points connects directly to metrics in the Year in Review, which turns the document from a passive report into a planning tool. Execution on this checklist prepares teams for the next wave of AI, traffic, and security developments rather than leaving them reacting under pressure.
Our opinion
The Cloudflare Year in Review for 2025 confirms a structural shift. AI Bot Activity is no longer a side effect of search but a primary driver of traffic, and Post-Quantum Encryption Adoption shows that long-term security concerns now influence mainstream engineering. Go Language Usage Doubles for APIs because teams gravitate toward tools that survive high concurrency and intense automation without unnecessary complexity.
From a cybersecurity perspective, the report reads like a warning and an opportunity. The warning lies in record DDoS volumes, fragile routing, and aggressive scraping that strains origin resources. The opportunity comes from the maturity of encryption technology, observability tools, and edge platforms that let even mid-sized companies operate with defenses once reserved for large hyperscalers. For organizations willing to treat the Year in Review as an engineering backlog rather than a curiosity, the next cycle of Internet growth looks demanding but manageable.