PostHole
Compose
Login
The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
We present our 6th annual review of Internet trends and patterns observed across the globe, revealing the disruptions, advances and metrics that defined 2025.
The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
2025-12-15
David Belson
47 min read
This post is also available in 简体中文, Français, Deutsch, 日本語, 한국어, Português, Español and 繁體中文.
The 2025 Cloudflare Radar Year in Review is here: our sixth annual review of the Internet trends and patterns we observed throughout the year, based on Cloudflare’s expansive network view.
Our view is unique, due to Cloudflare’s global network, which has a presence in 330 cities in over 125 countries/regions, handling over 81 million HTTP requests per second on average, with more than 129 million HTTP requests per second at peak on behalf of millions of customer Web properties, in addition to responding to approximately 67 million (authoritative + resolver) DNS queries per second. Cloudflare Radar uses the data generated by these Web and DNS services, combined with other complementary data sets, to provide near-real time insights into traffic, bots, security, connectivity, and DNS patterns and trends that we observe across the Internet.
Our Radar Year in Review takes that observability and, instead of a real-time view, offers a look back at 2025: incorporating interactive charts, graphs, and maps that allow you to explore and compare selected trends and measurements year-over-year and across geographies, as well as share and embed Year in Review graphs.
The 2025 Year In Review is organized into six sections: Traffic, AI, Adoption & Usage, Connectivity, Security, and Email Security, with data spanning the period from January 1 to December 2, 2025. To ensure consistency, we kept underlying methodologies unchanged from previous years’ calculations. We also incorporated several new data sets this year, including multiple AI-related metrics, global speed test activity, and hyper-volumetric DDOS size progression. Trends for over 200 countries/regions are available on the microsite; smaller or less-populated locations are excluded due to insufficient data. Some metrics are only shown worldwide and are not displayed if a country/region is selected.
In this post, we highlight key findings and interesting observations from the major Year In Review microsite sections, and we have again published a companion Most Popular Internet Services blog post that specifically explores trends seen across top Internet Services.
We encourage you to visit the 2025 Year in Review microsite to explore the datasets and metrics in more detail, including those for your country/region to see how they have changed since 2024, and how they compare to other areas of interest.
We hope you’ll find the Year in Review to be an insightful and powerful tool — to explore the disruptions, advances, and metrics that defined the Internet in 2025.
Let’s dig in.
Key Findings
Traffic
Global Internet traffic grew 19% in 2025, with significant growth starting in August. ➜
The top 10 most popular Internet services saw a few year-over-year shifts, while a number of new entrants landed on category lists. ➜
Starlink traffic doubled in 2025, including traffic from over 20 new countries/regions. ➜
Googlebot was again responsible for the highest volume of request traffic to Cloudflare in 2025 as it crawled millions of Cloudflare customer sites for search indexing and AI training. ➜
The share of human-generated Web traffic that is post-quantum encrypted has grown to 52%. ➜
Googlebot was responsible for more than a quarter of Verified Bot traffic. ➜
AI
Crawl volume from dual-purpose Googlebot dwarfed other AI bots and crawlers. ➜
AI “user action” crawling increased by over 15x in 2025. ➜
While other AI bots accounted for 4.2% of HTML request traffic, Googlebot alone accounted for 4.5%. ➜
Anthropic had the highest crawl-to-refer ratio among the leading AI and search platforms. ➜
AI crawlers were the most frequently fully disallowed user agents found in robots.txt files. ➜
On Workers AI, Meta’s llama-3-8b-instruct model was the most popular model, and text generation was the most popular task type. ➜
Adoption & Usage
iOS devices generated 35% of mobile device traffic globally — and more than half of device traffic in many countries. ➜
The shares of global Web requests using HTTP/3 and HTTP/2 both increased slightly in 2025. ➜
JavaScript-based libraries and frameworks remained integral tools for building Web sites. ➜
One-fifth of automated API requests were made by Go-based clients. ➜
Google remains the top search engine, with Yandex, Bing, and DuckDuckGo distant followers. ➜
Chrome remains the top browser across platforms and operating systems – except on iOS, where Safari has the largest share. ➜
Connectivity
Almost half of the 174 major Internet outages observed around the world in 2025 were due to government-directed regional and national shutdowns of Internet connectivity. ➜
Globally, less than a third of dual-stack requests were made over IPv6, while in India, over two-thirds were. ➜
European countries had some of the highest download speeds, all above 200 Mbps. Spain remained consistently among the top locations across measured Internet quality metrics. ➜
London and Los Angeles were hotspots for Cloudflare speed test activity in 2025. ➜
More than half of request traffic comes from mobile devices in 117 countries/regions. ➜
Security
6% of global traffic over Cloudflare’s network was mitigated by our systems — either as potentially malicious or for customer-defined reasons. ➜
40% of global bot traffic came from the United States, with Amazon Web Services and Google Cloud originating a quarter of global bot traffic. ➜
Organizations in the "People and Society” sector were the most targeted during 2025. ➜
Routing security, measured as the shares of RPKI valid routes and covered IP address space, saw continued improvement throughout 2025. ➜
Hyper-volumetric DDoS attack sizes grew significantly throughout the year. ➜
More than 5% of email messages analyzed by Cloudflare were found to be malicious. ➜
Deceptive links, identity deception, and brand impersonation were the most common types of threats found in malicious email messages. ➜
Nearly all of the email messages from the .christmas and .lol Top Level Domains were found to be either spam or malicious. ➜
Traffic trends
Global Internet traffic grew 19% in 2025, with significant growth starting in August
[...]