PARIS (AP) — Chelsea's Pedro Neto apologized for shoving a ball boy late in his team's 5-2 loss to Paris Saint-Germain in the first leg of their Champions League last-16 match on Wednesday.
The ball had just gone out of play down the right in stoppage time when the Portugal winger tried to get it quickly and shoved the ball boy in the chest as he appeared to be trying to hold onto the ball.
The ball boy tumbled backward into an advertising board.
“I want to come out and apologize for what happened on the pitch,” Neto told TNT Sports after the game. “I’ve spoken with the ball boy. With the emotions of the game, we were losing, I wanted to pick up the ball. I gave him a little push. I saw that I hurt him and I am sorry, as I’m not like this.”
The boy got back up and appeared unharmed. He was comforted by some PSG players as others indulged in some pushing and shoving, while other PSG players scolded Neto.
Neto said he gave the boy his No. 7 jersey.
“I gave him my shirt as well,” Neto said. “He was happy that I gave him the shirt and said sorry like, 35 times.”
Neto was not punished by the referee over the incident.
“I saw there was an altercation,” Chelsea coach Liam Rosenior said. “I haven’t seen (the incident). If there is wrongdoing on our part, I apologize on behalf of the club (and) Pedro has done so in interviews.”
Rosenior said he should have helped his players focus better after the incident, which was followed moments later by PSG's fifth goal.
“It's on me,” he said. "We have to manage the moments better."
AP soccer: https://apnews.com/hub/soccer
Chelsea's Enzo Fernandez, center left, argues with PSG's Achraf Hakimi, center, and PSG's Marquinhos during the first leg of the Champions League round of 16 soccer match between Paris Saint-Germain and Chelsea, in Paris, Wednesday, March 11, 2026. (AP Photo/Michel Euler)
Chelsea's Pedro Neto, right, and PSG's Marquinhos challenge for the ball during the first leg of the Champions League round of 16 soccer match between Paris Saint-Germain and Chelsea, in Paris, Wednesday, March 11, 2026. (AP Photo/Michel Euler)
MEUDON, France--(BUSINESS WIRE)--Apr 29, 2026--
Thalestoday released the2026 Bad Bot Report: Bad Bots in the Agentic Age, revealing a fundamental shift in how the internet operates, as AI-accelerated automation becomes a defining feature of modern digital infrastructure.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260428783532/en/
The findings highlight three major structural changes: the emergence of AI agents as a new category of internet traffic, the dominance of automated activity over human interaction, and the rapid expansion of attacks targeting APIs and identity systems that serve as the backbone of digital business.
AI Is Redefining Internet Traffic and Security
The report shows that AI is not just increasing the volume of bot activity, but fundamentally changing its nature. In 2025, AI-driven bot attacks surged 12.5x compared to the previous year.
More significantly, AI agents are now emerging as a third category of traffic, alongside traditional “good” and “bad” bots, interacting directly with applications and APIs to retrieve data and perform tasks. This shift is blurring the line between legitimate and malicious automation, making it increasingly difficult for organizations to determine intent.
“AI is transforming automation from something organizations try to block into something they must also manage,” Tim Chang, Global Vice President and General Manager, Application Security at Thales, said.“The challenge is no longer identifying bots. It’s understanding what the bot, agent, or automation is doing, whether it aligns with business intent, and how it interacts with critical systems.”
This evolution is creating a growing visibility gap. Much of today’s AI-driven activity remains unverified or indistinguishable from legitimate traffic, meaning organizations are operating with an incomplete view of the risks they face.
Bots Increasingly Outnumber Humans Online
The report shows automation tightening its grip on the internet, with bots continuing to outpace human activity. In 2025, bots made up more than 53% of all web traffic, up from 51% the previous year, while human activity fell to 47%. This reflects a structural shift rather than a temporary trend, with bots no longer tied to specific events like scraping or credential stuffing campaigns, but instead operating as a persistent and expected presence across digital environments.
APIs and Identity Systems Become the Primary Attack Surface
As digital services increasingly rely on APIs to power core functionality, attackers are following suit. The report finds that 27% of bot attacks now target APIs, where bots can bypass user interfaces and interact directly with backend systems at machine speed.
These attacks often appear legitimate, using valid authentication and well-formed requests, but exploit business logic, extract sensitive data, or manipulate workflows at scale. The impact is especially pronounced in high-value sectors. Financial services accounted for 24% of all bot attacks and 46% of account takeover incidents, underscoring how automation is being used to directly monetize cyberattacks.
A New Era of Machine-Driven Interaction
As AI adoption accelerates, the report reveals that the internet is now fundamentally machine driven. Bots are no longer simply tools used by attackers; they are active participants in digital systems, shaping traffic patterns, influencing business metrics, and interacting with systems in real time. In this environment, the ability to manage automation at scale with precision is critical to maintaining security, performance, and trust.
Confronting the Rise of Uncontrolled Automation
The report concludes that traditional security approaches focused on identifying and blocking bots are not sufficient in an environment where automation is both pervasive and often legitimate. Organizations must move toward a governance-based model, combining visibility, policy enforcement, and behavioral analysis to distinguish between acceptable and harmful automation. This includes defining which AI agents are allowed to interact with systems, implementing controls at the API and identity layer, and designing defenses that can adapt as bots evolve.
For more information and recommendations, please download the full report and join our webinar to learn more about technologies that can be deployed against malicious bots .
Methodology
The 2026 Thales Bad Bot Report analyzes full-year 2025 bot activity using data from Thales Threat Research and Security Analyst Services teams. The report examines how automation, powered by AI, is reshaping application security, API exposure, and digital infrastructure globally.
PLEASE VISIT
Thales Group
Cybersecurity Products | Thales Group
Cybersecurity Solutions | Thales Group
©Thales
