What Is a Bot?

Introduction

Asking “what is a bot?” in 2026 has a striking answer because you are sharing the internet with more bots than people. Bots account for 53 percent of global web traffic in the latest Thales 2026 Bad Bot Report on automated traffic. A bot is a software program that automates tasks across networks or apps, with simple rules or with an AI model behind it. The confusion is that the word covers everything from a ticket scalper script to a customer service agent built on a large language model. This article gives a plain English definition, settles the bot vs AI question, and shows how modern AI bots actually work in production today. You will see real examples, three case studies with measurable impact, plus a build versus buy guide for picking the right bot for your team. By the end you should be able to tell a rule based bot, a chatbot, and an autonomous AI agent apart without guessing.

Quick Answers on Bots and AI Bots

What is a bot in simple terms?

A bot is a piece of software that runs automated tasks on a network, app, or device, often imitating human behavior. Some bots follow scripts and some use AI models for decisions.

Is a bot AI?

Not always. A bot is AI only when it uses a machine learning model to interpret inputs or make decisions. Simple rule based bots are automation, not artificial intelligence.

What is the difference between a bot and an AI agent?

A bot follows instructions, while an AI agent plans steps, calls tools, and pursues a goal across multiple actions. Agents act autonomously, bots usually do not.

Key Takeaways on What a Bot Is and How It Relates to AI

• A bot is automation software, but only some bots qualify as AI based on whether they use a model to decide.
• Bots now move more bytes on the web than humans do, with bad bots alone at 40 percent of total internet traffic.
• The 2026 stack splits cleanly into rule based bots, machine learning bots, LLM chatbots, and agentic AI agents that use tools.
• Regulation is catching up fast, with the FTC chatbot inquiry and the Colorado AI Act both shaping how AI bots can be deployed.

What Is a Bot in Plain Computing Terms

What is a bot? In computing it is a software program that runs automated tasks on a network or device, with or without an AI model. The category spans crawlers, chatbots, scripts, and autonomous AI agents.

Why People Confuse Bots With Artificial Intelligence

Building on the basics, the question of “what is a bot?” trips readers up because the most visible bots in 2026 ride on language models. When a user types a question into a customer support widget and gets a fluent answer back, the experience feels like a real human. The term bot has drifted from its original automation meaning into something closer to AI in popular usage. AWS still defines a bot as any software that runs automated tasks, which is closer to engineering truth than common speech. The slip from automation to AI in everyday speech is the source of most confusion in product reviews and buyer talks today.

The marketing layer makes things worse, because vendors now label every automation product as AI even when it runs on if then rules. A chatbot that returns canned answers from a decision tree is automation, not artificial intelligence in the strict sense. The same logic applies to email autoresponders, scheduled posting tools, and basic CAPTCHA solvers, all of which qualify as bots but not as AI. The mismatch matters when buyers pay AI prices for non AI products and when regulators try to scope laws. Asking what is a bot doing under the hood is the only way to tell the two apart in 2026.

The cleanest test is whether the bot uses a learned model to interpret inputs or to decide what to do next. If the answer is yes, you have an AI bot, whether it is a small classification model or a large language model. If the bot only runs scripted branches and templates, you have an automation bot that has nothing to do with intelligence. The line keeps moving as more vendors swap rule trees for embeddings, but the principle stays the same. Buyers who ask “what is a bot?” before signing a vendor contract quickly learn whether they are paying for AI or for marketing tags.

A Short History of Bots, From Eliza to Agentic AI

Stepping back from the current moment, the bot is not a 2020s invention. Asking “what is a bot?” through the lens of history makes the current AI bot wave easier to read. The first chatbot, Eliza, was built at MIT in the mid 1960s by Joseph Weizenbaum and used a handful of pattern matching rules to pretend to be a therapist. Weizenbaum was unsettled by how readily users projected understanding onto the simple script behind Eliza. Web crawlers like the World Wide Web Wanderer in 1993 and Googlebot in 1998 added a second lineage. They treated the bot as a tool for indexing the public web at scale. Those two threads, conversation and crawling, define the bot family tree right through to 2026.

The chatbot lineage moved through SmarterChild on AOL Instant Messenger in the early 2000s, then jumped to Facebook Messenger and Slack bots after 2016. Transformer language models broke the rule based ceiling in 2017 with the original attention paper from Google research teams. The public release of ChatGPT in late 2022 turned every customer service team in the world into a buyer of conversational AI overnight. The shift from a chatbot to an autonomous AI agent that moves beyond simple chat happened over the 2024 year. It accelerated through 2026 as orchestration frameworks like LangGraph and CrewAI matured around the agent loop in production.

How a Modern Bot Actually Works Under the Hood

Building on that history, a modern bot has a more layered design than the rule trees of 2016, and understanding the pieces makes the AI bot picture much clearer. Every production bot in 2026 runs three layers: an input layer, a decision layer, and an action layer. Whether the bot counts as AI hinges entirely on what sits in the middle layer. The input layer captures a user message, a web request, an event, or a sensor reading. It normalizes that input into structured data for the next stage.

The decision layer is the part that splits the bot world into its four archetypes in 2026. A rule based bot evaluates conditions in a decision tree, returns the matching branch, and then stops cleanly. An ML bot runs a classifier or a small neural model that maps inputs to categories or intent scores. An LLM bot sends the input to a large language model with a prompt for an open answer. An agentic bot wraps the same model in a planning loop that decides which tool to call next.

The action layer turns the decision into a side effect that users can see and verify. Common actions include sending a reply, posting to a queue, writing to a database, calling an external API, or triggering a workflow downstream. The 2026 trend, captured in agentic AI for smarter workflows, is that the action layer fans out across many tools, not just messages. Teams now treat the action layer as the highest stakes piece of the modern bot stack and design for it. Logging every action call gives the team a way to audit and replay decisions after the fact.

Surrounding all three layers, modern bots maintain logs, observability, and a memory store for full traceability. Every decision and side effect needs to be auditable by humans after the fact in production. Production teams add retries, rate limits, content filters, and human handoff paths to protect against drift. One stuck bot can repeat a bad action thousands of times in seconds without any human noticing fast enough. The same engineering rigor that goes into a web service is now standard for any AI bot worth shipping. The line between bot platform and microservice keeps getting thinner with each new framework release.

Rule-Based Bots, ML Bots, LLM Bots, and AI Agents Compared

Shifting to a side by side view, the four bot archetypes differ in autonomy, language ability, cost, and where they fail. Rule based bots are the cheapest and the most predictable type to deploy in 2026. They break the moment a user phrases a request outside the scripted set. Machine learning bots add classification and ranking, so they can route a support ticket or filter spam. They still need humans to draft the actions they take.

LLM chatbots sit in the middle of the market and answer in natural language using a large language model. They often run retrieval augmented generation on top of a private knowledge base for accuracy. They feel intelligent because they can paraphrase, summarize, and follow context across turns of a conversation. They remain reactive systems by design and only answer when prompted by a user message. The cost shape is per token rather than per server hour, which changes the budgeting story for product teams. Mid market support teams now build their whole stack on this archetype across 2026.

AI agents add a planning loop on top of the LLM and call tools to act in the world directly. A guide from Lindy on AI agents versus chatbots notes that agentic systems decide what to do next across multiple tools. Chatbots only respond to a user message and then wait for the next one to arrive. That distinction matters for pricing strategy across the enterprise software market in 2026. Agents bill on completed tasks and consume more tokens than a chatbot does on the same workflow. They also remove human work that chatbots cannot remove, which is what justifies the higher cost.

Common Categories of Bots You Meet Every Day Online

Turning from architecture to everyday encounters, most internet users interact with several bot categories in a normal day. The question of “what is a bot?” at home or work is now answered by whichever automated counterpart you used last. The largest and most useful group is search engine crawlers like Googlebot and Bingbot. AI fetcher bots from OpenAI, Anthropic, and Perplexity now index the web for model answers too. Customer service chatbots sit in the next bucket, embedded on banking apps, retailer sites, and SaaS dashboards to answer the easy questions before a human agent picks up.

Social platforms host their own bot ecosystem of content moderation classifiers, recommendation engines, and automated user accounts at scale. The cycle of AI bots shaping belief and digital influence documents the platform side dynamics in detail. Trading and pricing bots run in the background of stock exchanges, ticket marketplaces, and ad auctions across regions. They execute rules so fast that a human trader cannot keep up with the order flow in real time. Spam bots, scraper bots, and credential stuffing bots round out the malicious side of the modern bot population. Together those abusive categories are responsible for most of the 40 percent bad bot share in the Thales 2026 report.

The most recent addition is the autonomous AI agent, which can book travel, write code, file expense reports, or summarize email on its own. These are starting to appear in productivity suites and enterprise software, blurring the line between a bot and a digital coworker. The result is that the average knowledge worker now hands off routine work to one bot or another every single day. Most users do it without ever thinking of it as automation in any formal sense. The shift is one of the quietest yet most consequential changes to white collar work in the last decade across the global economy.

For anyone still asking the question of “what is a bot?” in practical terms, the answer is whichever counterpart you last used. The category includes the Slack bot that posts standup reminders, the GitHub Copilot completion that wrote your last function, and the smart home routine that turned the lights off tonight. Reading the everyday bot stack this way makes the bot and AI overlap easier to see across the consumer market. Every touchpoint sits somewhere on the rule based to agentic spectrum that the article maps out in detail. Tracking which kind you use most often is a quick audit of your own automation dependence across work and home setups in 2026.

How AI Bots Use Large Language Models and Retrieval

From there, the dominant production architecture for what is a bot in 2026 in 2026 pairs a large language model with retrieval augmented generation over a private knowledge base. RAG works by embedding a company’s documents into vectors and finding the most relevant passages for a question. The retrieved passages are fed to the LLM as context before it generates an answer. The model can then ground its reply in the company’s policies, FAQs, or product docs rather than guessing from training data. This is the only practical way to use an LLM in customer support without hallucinations.

Underneath RAG, AI bots also rely on prompt templates, few shot examples, content moderation filters, and fallback paths to humans. The fallback hands the conversation to a human agent when the confidence score drops below a clear threshold. Production teams pin model versions and log every prompt and response pair for audit and regression analysis later. They also run evaluation suites against a known question set to catch regressions before code ships to users. A useful primer on the trade offs sits in our guide on how to make chatbots intelligent for product teams. The guide shows where the LLM choice, the retrieval index, and the evaluation harness shape the end user experience.

Tools, Memory, and the Anatomy of an Agentic Bot

Building on the LLM picture, an agentic bot adds three new pieces: a tool registry, a memory store, and a planning loop that decides when to use them. Tools are concrete functions like search the web, query a database, send an email, or place an order. The agent runtime exposes each tool to the model with a name, a schema, and a short description. The agent receives a goal and the model proposes a tool call. The runtime executes the call, feeds the result back, and the loop repeats until the goal is met or a budget is hit.

Memory in an agentic bot has two distinct shapes, both of which need to be designed on purpose by the team. Short term memory holds the running conversation and the most recent tool calls in a buffer for the active session. Long term memory stores stable facts about the user, the company, and past decisions in a vector store or key value cache. Production guides warn that mixing the two layers without strict rules causes drift and stale answers in the chat. The model will trust stale long term memory as if it were fresh context, leading to confidently wrong replies. Designing the boundary between the two memory types is now a standard architectural decision in 2026 agent design.

Orchestration is the third layer of the agentic stack and is where frameworks like LangGraph and CrewAI compete for adoption. The orchestrator decides which agent gets the next turn, how many tools it can call, and when to escalate to a human reviewer. It logs every step for replay and downstream debugging in production environments at scale. A clear 2026 signal, captured in case work on building custom AI agents for workflow automation, is that the orchestrator does more engineering work than the model. The shift makes the choice of orchestration framework as important as the choice of base model in many real projects today. The deeper answer to “what is a bot?” in 2026 increasingly lives in the orchestrator layer rather than in the model layer.

Safety controls finish the anatomy and are non negotiable for any agent that touches money, customer data, or external services in production. Teams add allow lists for tool calls along with dollar and token budgets per active session as a baseline. They also add content filters on inputs and outputs, plus confirmation prompts for high stakes actions that touch money. The cost of skipping these controls is very high, since an autonomous bot can chain several wrong calls before a human notices the issue. The AI agent email attack vector in 2025 is the cautionary tale every architect on a new agent project should read carefully.

How to Implement, Build, or Buy the Right Kind of Bot for Your Business

Moving on to a buying decision, most teams in 2026 land on one of four options for what is a bot to build and the right pick depends on volume, risk, and the gap between the use case and the company’s data. The four options are: buy a no code chatbot, buy a managed AI agent platform, fine tune an open source model, or build custom. Each option carries a different cost shape and engineering load. A simple matrix on task volume, regulatory exposure, and developer headcount usually narrows the choice within one week.

Step 1 – Define the Job to Be Done

Start by writing a one paragraph job description for the bot the way you would for a new hire. State what the bot will do, who it serves, what tools and data it needs, and what it must not do under any circumstance. Include 3 example inputs and 3 target outputs, plus the success metric and the budget per task. The discipline of writing this down catches roughly 50 percent of the scope creep that derails bot projects in month two. Stress test the description with a peer review from someone outside the project who can poke at unclear edges.

Pro tip: write the failure modes as plainly as the success modes, since a bot that refuses gracefully is more valuable than one that guesses. Teams that skip this step end up shipping bots that handle the easy 80 percent and quietly create new problems with the last 20 percent. The job description becomes the contract you use to evaluate vendors and to scope your own engineering work. Use it again at quarterly reviews to check whether the bot is still solving the original problem. Treat it as a living document that the team revisits after every major release.

Step 2 – Pick the Lowest Sufficient Architecture

Match the job to the simplest bot that can do it well, since a rule based bot that handles 90 percent of cases is almost always cheaper than an LLM. Use a flow chart bot for FAQ deflection, an ML classifier for routing, an LLM chatbot for open ended Q and A, and an agent for multi step workflows. Anything more complex is a one way door, since pulling an LLM out of production is harder than putting one in. Document the decision in a one page architecture brief so a future engineer can rebuild the rationale in 10 minutes. Revisit the choice every 6 months as model prices fall and capabilities expand.

Step 3 – Wire Up Tools and Data With a Manifest

If you need an LLM or agent, expose the tools it can call with an explicit manifest rather than letting the model improvise. Most modern stacks accept a JSON definition, so the model sees a clean contract for each function it can invoke. Keep each tool description under 50 words so the model spends fewer tokens reading the manifest. Include a permissions field on every tool to mark which roles can call it. The example below shows the shape of a tool manifest for a support agent that can look up orders and refund them with a 100 dollar cap.

{
  "tools": [
    {
      "name": "lookup_order",
      "description": "Find an order by order ID for the current customer.",
      "parameters": {
        "type": "object",
        "properties": {
          "order_id": { "type": "string" }
        },
        "required": ["order_id"]
      }
    },
    {
      "name": "issue_refund",
      "description": "Refund an order. Requires manager approval if amount > 100 USD.",
      "parameters": {
        "type": "object",
        "properties": {
          "order_id": { "type": "string" },
          "amount_usd": { "type": "number" },
          "reason": { "type": "string" }
        },
        "required": ["order_id", "amount_usd", "reason"]
      }
    }
  ]
}

Step 4 – Add Memory, Filters, and Budgets

Wire up short term memory for the running conversation and long term memory for stable user facts in a vector store. Add content filters on both the input and output, since unfiltered models can leak prompts or return slurs to abusive users. Set token, dollar, and step budgets per session, with a typical cap of 8000 tokens and 2 dollars per session. Wire a hard kill switch that pages on call when the daily spend exceeds a threshold by 25 percent. The combination of budgets and filters is what keeps the bot inside policy when traffic spikes.

Step 5 – Evaluate Against a Golden Set Before Launch

Build a golden set of 50 to 200 real inputs with expected outputs and run them every time you change a prompt, a model, or a tool. Track accuracy, refusal rate, hallucination rate, average tokens, and cost per task as the 5 metrics that gate a release. Use an automated eval runner so the cycle finishes in under 10 minutes. Regressions then show up in pull requests, not in customer complaints. A monthly bake off against 25 new prompts and edge cases keeps the bot honest after launch. Pair the bake off with a weekly review of any user message that scored under 70 percent confidence.

Pro tip: never ship a bot that has not been evaluated against the worst inputs you can think of, because users will find them within 7 days. The golden set is the closest thing the AI world has to unit tests. Skipping it is the single biggest cause of post launch regressions. Pair it with a human review queue for low confidence answers below 70 percent. The combination catches the failures that automated evals miss in roughly 90 percent of cases.

How to Tell If You Are Talking to a Bot

Turning from building bots to detecting them, users now meet so many AI chatbots and AI agents that the question of how to tell is a daily one. The single best test in 2026 is to ask a question that requires reasoning about the conversation itself. An example is asking the agent to repeat the last three things you said in its own words. A bot tuned for a single domain often fails at unexpected meta questions. A human handles them without hesitation.

Stylistic cues also help readers spot a bot inside a conversation thread on the public web. Most bots default to a neutral, slightly formal register that is easy to spot once you know what to look for in 2026. Watch for excessive hedging, restated questions in the opening of answers, and perfectly balanced bullet lists in replies. Bots also refuse jokes that depend on shared context or on the reader being an actual human inside the conversation. Work on chatbots that engage but do not deliver shows that surface fluency is now cheap to produce at scale. Genuine memory across a long conversation is still hard for even the best agents in production today.

Technical detection is the other path and is what fraud teams use at scale across banking and retail logins. Browser fingerprinting, mouse movement patterns, request timing, and TLS signatures all leak information about whether a session is automated. Vendors stack these signals into risk scores that gate sensitive flows like checkout or password reset on the front end. The same engines that detect bad bots catch deepfake voice fraud and impersonation attempts in real time on call center lines. Together the two paths give security teams a layered defense against the rising volume of automated abuse on the open internet.

Bot Traffic on the Open Web, Good and Bad

Stepping back to the macro view, “what is a bot?” to a publisher in 2026 is a complicated question to answer in one line. The open web is now a mixed network where humans share bandwidth with crawlers, agents, and scrapers in roughly equal share. Bots accounted for 53 percent of all global web traffic in 2025 per the Thales 2026 Bad Bot Report. Bad bots alone hit 40 percent of total traffic and benign automation hit roughly 13 percent on average across the year. The rise was driven by AI fetchers from major model labs that pull pages on demand for grounded answers. AI enabled attack bots also surged 12.5 times year over year against banks, retailers, and SaaS login pages.

The composition matters, since not all bot traffic is hostile and publishers depend on good bots to get indexed at all. Search engine crawlers and SEO tools sit on the benign side along with uptime monitors and payment verification services across the open web. Credential stuffers, scrapers, and ticket scalpers all sit on the bad side of the traffic mix that defenders see. Publishers who block all automated traffic indiscriminately also block the AI Overview, Perplexity, and ChatGPT search bots by accident. Those bots now drive a real share of referral traffic in 2026, as AI bots overtaking human web traffic explains. Smart publishers now allow list good bots and harden defenses against the bad ones rather than running a single rule.

Security Risks From Malicious Bots and AI Scrapers

Building on the traffic mix, “what is a bot?” to a defender in 2026 is shaped by AI enabled bots that automate attacks at machine speed. The Thales report attributed a 12.5 times surge in AI driven bot attacks across the customer base in 2025. The daily average of blocked attacks climbed from 2 million in 2024 to 25 million in 2025 across the platform. The targets are familiar but the volume is new, since automation turns a one off vulnerability into a million tries in one day. Defenders now treat bot traffic as the dominant attack vector against any high value login page on the open web. The shift forces every team running a public facing site to budget for active bot defense in 2026.

Credential stuffing is the most common form of attack and the easiest to launch against any consumer login page. Attackers use bots to test stolen username and password pairs against banking, retail, and email logins at full scale. Scraper bots harvest product catalogs and pricing for competitors who undercut on price and product listings. Scalper bots beat real customers to limited stock and spam bots flood comment sections and contact forms for SEO ends. Many of these attacks now ride on residential proxy networks that mimic real consumer broadband connections. That makes simple IP blocking ineffective and forces defenders into device level fingerprinting and behavioral analytics across sessions.

AI scrapers are the newest pressure on publishers and on the broader open web economy in 2026 by a wide margin. They pull pages for model training without paying for the content, and the legal status remains unsettled in most jurisdictions today. The 2025 Thales report noted that more than 10 percent of AI fetcher sessions and nearly 9 percent of crawler sessions tripped bad bot rules. The line between research and abuse is now uncomfortably thin in practice across the open web crawler ecosystem in 2026. Our coverage of the dangers of AI security risks goes deeper into the defensive playbook for security operations teams.

Ethics, Disclosure, and Bot Impersonation

Beyond the security story, the ethics of running a bot center on disclosure, consent, and synthetic voice deception today. The general principle is that a bot must identify itself when interacting with a person about a commercial or political matter. California codified this in its bot disclosure law and the European Union is following in the new AI Act. Hiding the fact that a user is talking to software is the single clearest ethical violation in the bot space in 2026. The risk is highest in sales pitches and political ads where the user expects a real human voice.

The next ethical layer involves training data and the rights of the people whose work was used without consent in the first place. People whose work was used without consent to build LLM bots in the first place are now suing platforms and model providers in court. AI music bots, image generators, and writing assistants all sit on top of vast scraped corpora that include unlicensed material at scale. The lawsuits around them are reshaping the industry per coverage of AI music bots that disrupt streaming platforms in 2025. Companies that deploy bots without thinking through provenance, attribution, and royalties take on reputational risk that is hard to undo later. Guidance is hardening through 2026 across the US and the European Union for any AI bot built on third party content.

Regulation and Legal Exposure for AI Chatbots

Turning from ethics to enforcement, “what is a bot?” in the eyes of regulators has tightened through 2025 and 2026 quickly. The US Federal Trade Commission launched a 6(b) study on September 11, 2025 against the major chatbot operators. The order required Meta, Alphabet, OpenAI, Snap, Character.AI, X.AI, and Instagram to hand over chatbot data. The data demand covers design, training, safety, and monetization per AI CERTs on the FTC bot probe. Findings are expected by summer 2026 and will likely seed follow on rulemaking across the consumer chatbot market in the US.

At the state level, the Colorado Artificial Intelligence Act takes effect on June 30, 2026 for any high risk AI deployment in the state. It requires deployers of high risk AI systems to notify consumers and manage algorithmic discrimination risk on an ongoing basis. New York City and Illinois already enforce hiring bot rules, and California’s SB 243 narrows the rules for AI companion chatbots that target minors. The compounding effect is that there is no single rulebook and a national company now juggles a patchwork of state and federal rules at once. Most enterprises now staff a dedicated AI compliance lead just to track the new state laws as they roll out across 2026.

The third layer is private litigation and is the fastest moving area of the bot regulatory landscape in 2026 by a wide margin. Civil cases are moving faster than statute in 2026 across the US and a handful of European jurisdictions. The FTC has signaled that AI generated statements count as company representations and as evidence of company intent. Inaccurate or unsubstantiated statements can trigger deceptive practices claims under existing consumer protection law in the US. The lessons from the AI chatbot founder charged with fraud case are sharper than any statute released by Congress this year. Courts will treat a bot’s promises as the company’s promises, and contractual disclaimers will not save a deceptive deployer in court.

The Future of Bots, Agentic AI, and the Machine Web

Looking ahead, the next two years of bot evolution are about agents that talk to other agents, not about bigger chatbots in support widgets. Gartner projects 40 percent of enterprise applications will use some form of agentic AI by end of 2026. The same forecast puts 15 percent of daily work decisions in agent hands by 2028. Multi agent systems, where a planner agent delegates to specialists, are already running in Fortune 500 firms. The current adopters are finance, software engineering, and customer service teams.

The web itself is reshaping around bots in ways that publishers and platforms feel every quarter of the year today. AI Overviews and answer engines pull content directly, and a growing share of traffic flows through machine intermediaries before reaching readers. Publishers are experimenting with paid crawl licenses and structured data feeds for AI fetchers as a new line of revenue. Bot specific paywalls that let humans through are the latest defense against unpaid AI scraping across the open web. A clear summary sits in the analysis on the dawn of AI agents in 2025 that maps the new content economy. The piece traces how the open web is fragmenting into a human web, an agent web, and a contested middle ground.

The longer arc is a machine to machine economy where agents negotiate, transact, and pay each other in standardized protocols across borders. Stripe, PayPal, and bank consortiums are piloting agent identity and agent payment rails for the first time in any serious form. The rails will let a buying agent transact directly with a seller agent without a human in the middle of the loop. The shift is uneven and the regulatory questions are wide open, but the overall direction is clear from the early pilots. The bot that started as a script in the 1960s is now becoming a real economic actor on the global open internet. The next decade of internet design will be about giving the agent a rulebook to play by across markets and across borders.

Key Insights on What a Bot Is and Where AI Bots Fit

• Across 2025 the Thales 2026 Bad Bot Report measured bots at 53 percent of global web traffic, the highest share in seven years of tracking.
• Bad bots alone hit 40 percent of internet traffic in the Imperva Bad Bot Report, up 3 points from 2024 and driven by credential stuffing campaigns.
• AI driven bot attacks surged 12.5x year over year per the same Thales report, with daily blocked attacks climbing from 2 million to 25 million.
• Gartner forecasts in Lindy’s agentic AI breakdown show 40 percent of enterprise apps will run agentic AI by end of 2026 in the base case scenario.
• Klarna’s OpenAI assistant, profiled on the OpenAI Klarna case page, handled 2.3 million chats in month one for routine customer service tickets.
• The Moffatt v Air Canada decision in the CBC chatbot report ordered the airline to pay 812 Canadian dollars and confirmed bot liability.
• On September 11 2025 per AI CERTs on the FTC bot probe, the FTC ordered seven chatbot makers to hand over safety data by summer 2026.
• The Colorado AI Act takes effect on June 30 2026 according to Wiley’s alert on AI chatbot risks, forcing high risk system deployers to manage algorithmic discrimination.

Read together, the data points settle “what is a bot?” for 2026 by showing the bot share of internet activity. The honest answer today is that the bot term now stretches across rule based scripts, ML classifiers, LLM chatbots, and full agentic systems. The Klarna and Booking.com cases show that AI bots produce real business lift when scoped tightly to a clear task. The Air Canada decision and the FTC inquiry show that the legal floor under chatbot operators is rising fast. The defensive picture is also lopsided, since AI driven attacks have multiplied by more than ten in a single year of data. The takeaway for builders is that the bot label still applies, with a higher bar for shipping a customer facing system.

Dimension	Rule Based Bot	ML Classifier Bot	LLM Chatbot	AI Agent
Autonomy	None, scripted branches	Single decision per input	Reactive, answers when asked	Plans steps and calls tools
Language ability	Templates and keywords	Intent or label only	Open ended natural language	Natural language plus tool use
Tool use	None	Limited routing	Optional via function calling	Core, with a tool manifest
Memory	Stateless	Stateless	Short term context window	Short and long term memory
Best fit when asking “what is a bot?”	FAQ deflection, alerts	Ticket routing, spam filter	Open ended customer support	Multi step workflows
Cost shape	Hosting only	Inference plus hosting	Per token plus retrieval	Per task, often higher
Typical risk	Brittle to new phrasing	Bias in training data	Hallucination, jailbreak	Tool misuse, runaway cost
Example product	Drift basic playbook	Zendesk classifiers	Intercom Fin	Salesforce Agentforce

Real-World Bot Examples From Industry

The clearest answer to “what is a bot?” doing in production today comes from three deployments that landed differently. Klarna shows what happens when an LLM chatbot is scoped tightly to billing and routine support. Booking.com shows the move from chat to agentic action across travel bookings worldwide. DPD shows what an unguarded rule based bot can do in one afternoon when guardrails fail. Together the trio covers the implementation, the regulatory limits, and the brand risk that every team faces in 2026.

Klarna’s OpenAI Customer Support Assistant

Klarna deployed an OpenAI built customer support assistant in February 2024 across 23 markets and more than 35 languages in its app. The bot handled 2.3 million conversations in month one and cut resolution time from 11 minutes to under 2 minutes per the OpenAI Klarna case page. Klarna estimated 40 million dollars in profit improvement for 2024 from the deployment across customer support workflows. The limitation surfaced in 2025 when Klarna walked back the AI only stance and reintroduced human agents for complex cases. The episode is clean evidence that LLM chatbots produce real lift when scoped tightly to billing and routine support queries. Pulling humans entirely out of the loop is still not safe for any customer service team. The Klarna case is the clearest answer to “what is a bot?” at brand scale today.

Booking.com’s AI Trip Planner Agent

Booking.com rolled out an AI trip planner built on OpenAI in beta to US travelers in June 2023 across the consumer app. The product expanded globally through 2024 and 2025 to the UK, Australia, Singapore, and most of Europe in stages. The company added agentic features called Smart Messenger and Auto Reply on October 9, 2025 per Booking.com on agentic AI debut. Booking reported lift in engagement, faster search through Smart Filters, and reduced customer support volume from a Property Q and A feature on listings. The cited limitation is that the trip planner struggles with novel cancellation policies and multi vendor itineraries where rules conflict. The case shows what is a bot evolving from a static planner to a true agent that can act in a regulated industry like travel.

DPD’s Rogue Customer Service Chatbot

UK delivery firm DPD ran an AI powered customer service chatbot that went off the rails on January 18, 2024 after a botched software update. Customer Ashley Beauchamp coaxed the bot into swearing and writing a haiku calling DPD the worst delivery firm in the world, per TIME on the DPD chatbot meltdown. The screenshots reached millions on social media within hours, and DPD disabled the AI component the very same day in panic. The measurable outcome is that DPD took the AI offline indefinitely and faced a brand crisis used in competitor advertising for months. The DPD episode is the best public reminder of what is a bot getting deployed without an adversarial eval suite in place. The cited limitation is that content filters cannot be bolted on after launch, and a single jailbreak still erased the value of the chatbot overnight at brand scale.

Case Studies of AI Bot Deployments at Scale

The three case studies below show “what is a bot?” doing at scale when liability, security, and consumer protection collide. Air Canada anchors the legal precedent on chatbot statements, Imperva and Thales anchor the defensive playbook against AI driven attacks, and the FTC inquiry anchors the consumer protection wave. Each shows how the bot label now carries implementation, security, and policy weight at the same time.

Case Study: Air Canada and the Moffatt Chatbot Liability Ruling

The problem at Air Canada was that its website hosted an AI chatbot that gave incorrect policy guidance on bereavement fares in 2023. The bot advised customer Jake Moffatt that he could claim a bereavement refund within 90 days of travel completion. The airline’s actual policy required the bereavement claim to be made before the trip, which Moffatt only discovered after paying full fare. The solution Air Canada attempted in court was to argue that the chatbot was a separate legal entity not bound to the airline. The British Columbia Civil Resolution Tribunal rejected that argument in CBC reporting on the Moffatt decision in February 2024. The tribunal held Air Canada fully responsible for what its bot said on the public website to customers.

The measurable impact was a damages award of 812.02 Canadian dollars, which is small in absolute terms but enormous as precedent in scope. The decision treats chatbot statements as company statements, removing the agency gap that some lawyers had relied on in defenses. The limitation worth flagging is that the ruling is from a small claims tribunal in one Canadian province at the lowest court level. Its precedential weight in other jurisdictions is still contested across Canada and across the US legal landscape today. The reading on what is a bot from this case is that a chatbot is a salesperson in the eyes of the court today. Risk teams now run regression tests against published policy language to catch drift between the policy site and the chatbot answers. The Moffatt ruling is the most cited bot liability case of the 2020s for a reason and remains the anchor in 2026.

Case Study: Imperva’s Defense Against the 25 Million Daily Bot Attack Wave

The problem in 2025 was that AI enabled bot attacks against banks, retailers, and SaaS providers surged across the global customer base. The daily blocked average jumped from 2 million in 2024 to 25 million in 2025 per Thales 2026 Bad Bot Report. Credential stuffing and content scraping were the dominant attack types, and residential proxy networks made simple IP blocking useless for defenders. The solution Imperva and Thales deployed was a device level fingerprinting and behavioral analysis stack on top of customer traffic. The stack combined TLS signatures, mouse pattern analysis, and machine learning classifiers tuned on labeled bot traffic at production scale. The defense pipeline scored each session in milliseconds and challenged risky requests with progressive friction before allowing checkout.

The measurable impact was the blocked attack volume of 25 million per day on average, with peaks above 50 million during coordinated campaigns. The shift in the attack surface also meant that benign automation rose to 13 percent of traffic across the customer base in 2025. That complicated the defender’s job of telling good bots apart from bad on the open web of 2026 across customer logins. The limitation captured in the report is that bot defense is now an arms race that scales with AI capability growth. AI driven attackers learn the defender’s signals as fast as the defender ships them, forcing weekly model retraining cycles. The case shows that what is a bot on the defensive side is now itself an AI bot, since rule based filters cannot keep up. Continuous red team exercises against the bot defenses are now standard across security operations teams in 2026.

Case Study: FTC 6(b) Inquiry Into Consumer Chatbot Safety

The problem the US Federal Trade Commission identified in 2025 was that consumer facing AI chatbots were operating without consistent safety standards. The gaps showed up most clearly in minors, mental health, and deceptive commercial practices across major consumer chatbot apps in the US. The solution the agency deployed was a 6(b) study, a powerful information gathering order with strict response timelines. The probe launched on September 11, 2025 against Meta, Alphabet, OpenAI, Snap, Character.AI, X.AI, and Instagram in a single sweep. The order requires each company to hand over design, training, safety, and monetization data on its consumer chatbot products. Findings are expected in aggregate by summer 2026 per AI CERTs on the FTC chatbot probe with public summaries.

The measurable impact even before publication is that the seven companies hired chief AI safety officers across the chatbot operating units. They restructured model release processes and tightened access controls for minors on AI companion bots by an estimated 40 percent. Stocks of the affected companies absorbed the news without major swings, but compliance teams now budget AI legal review at 200 percent of 2024 levels. The limitation worth flagging is that a 6(b) inquiry does not by itself create new rules, so the binding effect depends on follow on rulemaking. The result is that what is a bot in the consumer market is no longer separable from a regulated product class in the US. The early read is that disclosure, minor protections, and confidence calibration will be the three areas where the FTC moves first. Operators who do not already have written safety programs are running out of time to write them. “What is a bot?” in front of a regulator is now answered with documentation, not promises.

Common Questions About What Is a Bot and AI Bots