AI-driven activity across the internet surged dramatically over the past year, according to new cybersecurity research, signaling a shift in how both humans and machines interact with digital services.
What happened: AI-generated traffic—defined as online interactions initiated by or on behalf of artificial intelligence systems—nearly tripled in 2025, according to a report from cybersecurity firm Human Security. The study finds that automated crawlers used to harvest data for model training, as well as scrapers collecting real-time information such as pricing, grew rapidly in volume, while emerging “agentic” systems capable of performing browser-like tasks saw explosive—though still small-scale—growth.
Despite this surge, AI agents and agent-driven browsers still account for only a tiny fraction of total internet activity. More than 95% of AI-related traffic was concentrated in retail and e-commerce, streaming and media, and travel and hospitality services.
How it works: The findings come from Human Security’s 2026 State of AI Traffic and Cyberthreat Benchmark Report, which analyzes more than one quadrillion observed internet interactions in 2025 across its global security network, spanning approximately 1,200 customers in over 200 countries and territories.
Overall automated traffic—including both AI-driven and traditional bots—grew by more than 23%, while human-generated traffic increased by roughly 3%.
Within AI-specific activity, the composition is shifting quickly. Data-collection crawlers accounted for about 68% of AI traffic, more than doubling year over year. Scrapers used for real-time data extraction represented 32%, but increased sevenfold in volume. The smallest segment—agentic systems performing multi-step browser actions—remained minor at 1.7% in December, but expanded nearly 80 times year over year.
Among agent-based interactions, 77% occurred on product and search pages, with the remainder distributed across account management, authentication flows, and transaction completion.
The report also attributes a significant share of automated traffic to major AI developers: OpenAI accounted for roughly 69% of observed automated activity, including crawling and search-related bots, followed by Meta at 16% and Anthropic at 11%.
Security implications: Alongside legitimate use cases, researchers observed a substantial rise in malicious automated activity. Scraping operations deemed suspicious or adversarial—such as those used for competitive intelligence or systematic underpricing—rose by nearly 47% compared to the previous year.
Of approximately 750,000 identified threat profiles, more than 60% were linked to scraping behavior classified as malicious, often due to spoofed identities or patterns consistent with abuse.
Account takeover attempts declined overall by more than 30%, but attacks increasingly shifted to post-login environments, where compromised accounts were exploited after authentication. In parallel, the number of agent-created accounts rose by 89%, indicating that automated systems are becoming more deeply embedded in user workflows.
Payment-related fraud remained relatively stable in proportion, but the total volume of blocked transactions increased by 20%, suggesting either higher overall transaction throughput, more sophisticated fraud cycling, or both.
Yes, but: The report is based on traffic observed within Human Security’s client network and does not represent a complete view of the internet. In addition, distinguishing malicious from legitimate automated behavior remains inherently imprecise, as attackers increasingly mimic normal system activity.
Why it matters: The internet is increasingly shaped not only by human users but by autonomous systems that browse, compare, purchase, and interact on their behalf. This shift is beginning to blur long-standing assumptions in cybersecurity, where patterns like rapid browsing, repeated requests, or automated checkout flows once reliably signaled malicious bots.
As agentic systems grow more capable and widely deployed, infrastructure and security models will need to evolve in parallel—accounting for machines that behave less like scrapers and more like genuine users.
We’re thinking: The most important shift here isn’t just scale, but behavior. As agents begin to replicate full user journeys—searching, selecting, and transacting—the boundary between “human” and “bot” traffic stops being a clean line and starts looking more like a gradient. That makes both measurement and security far harder, and likely more central to how the web evolves next.
