It was recently reported that automated traffic on the internet grew nearly eight times faster than human traffic in 2025. The more important shift isn’t the volume — it’s what that automation is actually doing now.
For years, the bot problem was mostly a nuisance. Scrapers grabbed pricing data. Crawlers hoovered up content. Credential stuffers hammered login pages. Those are still real problems. But the nature of automated traffic has changed, and most organizations’ security thinking hasn’t caught up.
AI agents aren’t just reading the web anymore. They’re transacting on it.
A new benchmark report from Human Security, which analyzed more than one quadrillion interactions across its customer base in 2025, puts numbers to the shift. Monthly AI-driven traffic volumes grew 187 percent from January to December. Agentic AI traffic—systems that browse, fill forms, manage accounts and complete purchases on behalf of users—grew 7,851 percent year over year.
An AI agent completing a checkout isn’t just browsing. It’s making a financial decision on behalf of a human user, interacting with payment systems and account infrastructure. The security implications are fundamentally different from a scraper reading your product pages.
Tony Bradkey of Forbes had an opportunity to chat with Todd Thiemann, cybersecurity industry analyst with Omdia, about what that shift means for security teams. His framing was direct: "AI agents hold the promise of improving efficiency and productivity, but those new identities need to be managed and secured for compliance reasons, for cybersecurity reasons and to facilitate growth of the business."
AI agents aren’t just another traffic type to classify. They’re a new category of entity that can act, decide and commit—and most enterprise identity frameworks weren’t built with them in mind.
Security teams have spent years asking one question: is this traffic from a bot or a human? That framing made sense when bots were mostly adversarial and humans were mostly legitimate. It doesn’t hold anymore.
An AI agent browsing product pages, logging into an account and completing a purchase is doing exactly what a sophisticated bot attack looks like. The behavior is functionally identical. The difference is intent—and intent doesn’t show up in a user-agent string.
Across all the interactions analyzed, only half of one percent separates benign automation from malicious automation. Organizations that block all automation will turn away legitimate agentic commerce. Those that allow it unchecked absorb fraud. The real question isn’t whether traffic is automated—it’s whether a given interaction is trustworthy.
Threat actors are targeting the same surfaces where agentic AI operates: product pages, account management flows and checkout. That overlap isn’t coincidental.
Post-login account compromise attempts more than quadrupled in 2025, averaging 402,000 per organization. Login-point defenses have improved enough that attackers now wait until after authentication, abusing session tokens and exploiting weak step-up controls rather than forcing their way through the front door.
Scraping attacks now account for nearly 20 percent of global web traffic at the median — nearly double the rate in 2022. For heavily targeted organizations, it exceeds 60 percent. Carding volume is up 250 percent over the same period.
Researchers have already documented AI agents executing carding attacks—cycling through card additions and payment attempts via agentic browsers, mirroring established fraud workflows without manual effort. The same tools built to help consumers shop are proving equally useful for fraud.
The spoofing problem compounds this. Attackers masquerade as recognized AI crawlers — claiming to be ChatGPT, Mistral, or Perplexity bots — to exploit the trust organizations extend to those names. Whitelisting based solely on user-agent strings grants access to actors who aren’t who they claim to be. And the same company can operate crawlers, scrapers and agentic systems simultaneously, so operator-level access decisions don’t map cleanly to behavior. Declared identity is the starting point, not the answer.
No comments:
Post a Comment