HUMAN Security’s 2026 benchmark report, launched on April 9, 2026, paperwork the 12 months AI techniques stopped merely studying the online and began transacting on it, with agentic site visitors up 7,851% and the hole between respectable automation and fraud narrowing to half a share level.

For many of the web’s historical past, the safety query was easy: bot or not. A request both got here from an individual or from a machine, and machines had been handled with suspicion. That binary has collapsed. In 2025, autonomous AI techniques started navigating product pages, logging into accounts, and finishing purchases on behalf of actual customers, behaving in methods which might be mechanically indistinguishable from the automated assaults safety groups have spent years studying to dam.

The shift is quantified in the 2026 State of AI Traffic and Cyberthreat Benchmark Report, printed by cybersecurity agency HUMAN Safety on April 9, 2026. The report attracts on a couple of quadrillion interactions processed by the corporate’s Human Protection Platform throughout its international buyer base throughout the calendar 12 months. Based on HUMAN, the findings describe a structural change in how the online operates fairly than an incremental uptick in bot exercise.

The central stress for entrepreneurs, retailers, and publishers sits in a single statistic. Based on the report, throughout each interplay the platform analyzed in 2025, just one half of 1 % separated the speed of benign automation from the speed of malicious automation. An AI agent quickly searching merchandise and finishing a checkout may be a client’s buying assistant. It may be an automatic fraud operation. The habits is similar. The intent is just not.

Automation is rising eight occasions quicker than individuals

The headline determine frames every little thing that follows. Based on HUMAN, automated site visitors throughout the web grew 23.51% 12 months over 12 months in 2025, whereas human site visitors elevated simply 3.10% over the identical interval. That makes automation’s progress roughly eight occasions quicker than the expansion of human exercise on-line.

Inside that broad class of non-human site visitors, AI-driven site visitors emerged because the dominant progress vector. The report defines AI-driven site visitors because the subset generated by or on behalf of AI techniques, separating it from conventional automation reminiscent of search engine crawlers, monitoring bots, and traditional scraping instruments. Based on HUMAN, month-to-month volumes of AI-driven site visitors grew 187% from January to December 2025, almost tripling over the calendar 12 months.

The expansion was not linear. Based on the report, whole AI-driven site visitors almost quadrupled between January and October, peaking at 3.61 occasions January’s quantity earlier than settling right into a plateau for the ultimate two months. Retail and media verticals accounted for greater than 80% of the rise, with e-commerce alone driving roughly half.

Focus defines the panorama on a number of axes. Based on HUMAN, greater than 95% of AI-driven site visitors in 2025 was concentrated inside three industries: retail and e-commerce, streaming and media, and journey and hospitality. These are the verticals the place structured, ceaselessly up to date information carries the best business worth to AI merchandise.

The operator image is equally lopsided. Based on the report, OpenAI’s bots, which embrace ChatGPT Consumer, OAI-SearchBot, GPTBot, and ChatGPT Agent, accounted for about 69% of all noticed AI-driven site visitors by quantity. Meta-ExternalAgent contributed a further 16%, and Anthropic identities, together with ClaudeBot and Claude-SearchBot, made up roughly 11%. The remaining dozens of recognized bots collectively represented lower than 5% of whole quantity. Based on HUMAN, that focus means entry coverage selections a few handful of corporations decide the overwhelming majority of a corporation’s publicity to AI-driven site visitors.

Three sorts of machine: crawlers, scrapers, and brokers

The report classifies AI-driven site visitors into three classes primarily based on habits, traits, and declared id. The distinctions matter as a result of every class interacts with web sites in another way and carries a distinct governance burden.

Coaching crawlers nonetheless dominate, however their share is falling

Coaching crawlers acquire information in bulk to construct or refine machine studying fashions. In contrast to search engine crawlers, which index content material for retrieval, coaching crawlers extract it. Based on HUMAN, they made up the biggest single element of AI-driven site visitors at roughly 67.5% of all noticed AI bot quantity in 2025.

That dominance is eroding. Based on the report, coaching crawlers accounted for roughly 90% of all noticed AI-driven site visitors in January 2025, with real-time scrapers making up the remaining 10%. By December, coaching crawlers had declined to 74% of the overall, scrapers represented 24%, and the newly emerged agentic class accounted for 1.7%. Coaching crawler quantity itself grew 136% throughout the 12 months, with e-commerce and journey verticals driving roughly 85% of the rise.

The report identifies a notable timing sample. Based on HUMAN, between November 17 and December 11, 4 main AI corporations launched frontier fashions in speedy succession: xAI’s Grok 4.1, Google’s Gemini 3, Anthropic’s Claude Opus 4.5, and OpenAI’s GPT-5.2. October’s crawling surge is in line with a pre-release information acquisition cycle, suggesting that coaching crawler quantity might more and more transfer in anticipation of mannequin launch schedules.

Vertical focus for crawlers skews closely towards commerce. Based on the report, retail and e-commerce websites made up 62.5% of all coaching crawler site visitors, with media at 19.70% and journey at 16.60% rounding out a prime three that collectively accounted for over 98% of crawler quantity.

The reliability of declared id is a recurring concern. Based on HUMAN’s Satori risk intelligence workforce, a good portion of requests claiming to be ChatGPT, Mistral, and Perplexity bots didn’t originate from these operators’ infrastructure. Attackers spoof user-agent strings to use the belief organizations lengthen to acknowledged AI crawlers, bypassing robots.txt allowlists and rate-limit exemptions. Based on the report, organizations that whitelist crawler site visitors primarily based solely on user-agent strings are granting entry to an unknown variety of unauthorized actors. The problem of distinguishing respectable AI crawlers from hostile extraction has been a persistent theme in protection of publisher resistance to AI scraping.

Scrapers feed the inference layer in actual time

AI scrapers differ from coaching crawlers in each goal and tempo. Based on the report, the place crawlers accumulate information in bulk, scrapers extract particular, well timed info to feed real-time AI options: reside pricing, present stock, breaking information summaries, and aggressive intelligence. They serve the inference layer of AI merchandise, together with retrieval-augmented technology pipelines and dynamic comparability instruments that depend upon recent information with each question. Scrapers represented 31.9% of all noticed AI bot site visitors.

Based on HUMAN, AI scraper site visitors grew 597% from January to December, and at its October peak reached 12 occasions the January baseline. Media, journey, and e-commerce drove 97% of the overall improve. The report attributes the acceleration to a structural mechanism: every time a consumer queries an AI assistant that grounds its solutions in reside net information, that question generates scraper site visitors.

The vertical distribution for scrapers inverts the crawler sample. Based on the report, media led at 40.90%, in contrast with retail’s 36.70%, reflecting the demand from AI-powered search and information summarization merchandise for a relentless stream of freshly printed content material. That dynamic has pushed news publishers to confront AI training data intermediaries straight.

Brokers don’t learn the online – they act on it

Agentic AI is the class the report identifies as probably the most structurally novel on this 12 months’s information. The place crawlers and scrapers are greatest understood as automation constructed to serve AI techniques, brokers are AI techniques that carry out the automation themselves. Based on HUMAN, they navigate pages, fill varieties, examine merchandise, provoke transactions, and handle account workflows. The class encompasses two type components: agentic browsers reminiscent of ChatGPT Atlas and Perplexity Comet, which embed AI capabilities right into a full searching atmosphere, and general-purpose brokers reminiscent of ChatGPT Agent and OpenClaw, which function autonomously throughout purposes.

Based on the report, agentic AI site visitors grew 7,851% 12 months over 12 months. The agency notes vital context: 2024 volumes began from a really low base, so the multiplier displays speedy early-stage adoption fairly than a mature channel. The launch of ChatGPT Atlas on October 21, 2025 was among the many agentic browser releases that contributed to the steep curve by the fourth quarter. Based on HUMAN, agentic browsers grew quicker than purpose-built brokers, roughly doubling agent site visitors by late within the fourth quarter.

The behavioral breakdown is the place the commerce orientation turns into clear. Based on the report, product and search pages dominated at 77% of agentic exercise. Account pages accounted for 8.82% and authentication flows for 4.95%, indicating that brokers are working inside logged-in periods on behalf of customers. Checkout pages made up 2.31%.

That checkout determine is small in relative phrases however important in sort. Based on HUMAN, brokers finishing checkout flows characterize autonomous transaction execution with out direct human involvement, a habits that was largely theoretical earlier than 2025 and that the info confirms is now operational. This matches the broader market motion, from OpenAI’s instant checkout launch on September 29, 2025 to Google’s Universal Commerce Protocol on January 11, 2026 and Microsoft’s Copilot Checkout.

The vertical unfold for brokers is extra even than for the opposite two classes. Based on the report, retail and e-commerce led at 46.6%, adopted by streaming and media at 28.5% and journey and hospitality at 19.2%. The 2 type components behave in another way: agentic browsers focus closely in e-commerce at 55.8% of browser site visitors, whereas purpose-built brokers skew towards journey at 38.4% of agent site visitors. Expertise and SaaS registered 4.10% for agentic site visitors, notably increased than the 1.10% for crawlers or 0.80% for scrapers, suggesting brokers are getting used for product analysis, trial sign-ups, and integration testing.

When brokers misbehave

The abuse potential is just not hypothetical. Based on HUMAN’s Satori workforce, evaluation of site visitors from publicly uncovered OpenClaw gateways discovered patterns spanning routine automation to clear abuse. Cases had been noticed producing artificial referral site visitors by tagging requests with fabricated social media UTM parameters to simulate natural engagement at scale. Others performed automated reconnaissance, together with high-velocity listing brute-forcing in opposition to net purposes. Based on the report, researchers additionally documented infostealer malware tailored to focus on OpenClaw environments, exfiltrating configuration secrets and techniques together with API keys and agent id information. The agency states that such instruments decrease the ability threshold for web fraud, enabling customers with no safety experience to conduct assaults that beforehand required hands-on technical information.

A second instance sits straight on the intersection of agentic commerce and fee fraud. Based on Satori researchers, a carding-like checking sample mediated by an AI agent was noticed, during which the risk actor quickly cycled by a number of credit-card additions and repeated payment-completion makes an attempt to see which card would authorize. The sequence included 11 card-add makes an attempt and 6 fee makes an attempt throughout two periods, adopted by a pivot to loyalty-point redemption after the cardboard paths failed. Based on the report, the workflow mirrored established carding strategies however was executed by an AI browser agent, and researchers described how the pace, hybrid human-automated periods, and skill to function inside authenticated periods make brokers helpful instruments for risk actors.

The fraud benchmarks behind the AI story

Unbiased of the AI-driven site visitors patterns, the report paperwork traits throughout 4 assault sorts the Human Protection Platform protects in opposition to: account takeover, carding, net scraping, and pretend account creation. The benchmarks use two measures, the everyday buyer represented by the median and the heavily-targeted buyer represented by the ninetieth percentile.

Account takeover shifts previous the login

Based on the report, general account takeover quantity fell greater than 30% in 2025, however the share of login site visitors making an attempt a takeover noticed its largest leap in years. The worldwide median fee reached 3.37% in 2025, and the speed from EMEA-attributed site visitors exceeded 13%, in contrast with lower than 3.5% globally.

The extra important change is tactical. Based on HUMAN, assaults targeted on post-login account compromise, during which attackers abuse session tokens, manipulate account settings, or exploit weak step-up controls after a respectable login, greater than quadrupled. In 2024, the agency flagged almost 100,000 such makes an attempt per buyer. In 2025, that determine rose to a mean of 402,000. Based on the report, the agency’s Menace Tracker functionality recognized greater than 208,000 distinctive risk profiles making an attempt account takeover assaults throughout the 12 months.

The report attributes the shift partly to defenses working on the level of login. Based on HUMAN, the spike in post-login compromise, alongside the decline in general takeover makes an attempt, might point out widespread adoption of protections on the login stage, forcing risk actors to undertake extra technical and guide approaches.

Carding quantity climbs whilst charges maintain regular

Based on the report, the share of checkout site visitors making an attempt a carding assault remained low and steady, whereas the amount of worldwide checkout interactions blocked rose greater than 20% from 2024 and 250% since 2022. For the second consecutive 12 months, assaults from US-attributed IP addresses made up an outright majority of all carding makes an attempt stopped. Based on HUMAN, Menace Tracker recognized greater than 80,000 distinctive risk profiles making an attempt carding assaults in 2025.

Scraping approaches one in 5 visits

Net scraping reveals each rising quantity and rising prevalence. Based on the report, the worldwide quantity of tried scraping assaults rose virtually 47% from 2024 and 138% since 2022. The median international share of site visitors making an attempt a scraping assault was simply over 10% in 2022; by 2025 it was approaching 20%. For heavily-targeted corporations, that determine now exceeds 61% of site visitors.

Based on HUMAN, EMEA-attributed exercise confirmed a median scraping fee exceeding 43%, with heavily-targeted companies within the area seeing 87% of site visitors making an attempt a scraping assault. Regardless of these percentages, American risk actors made up the majority of assaults, accounting for nearly two-thirds of all scraping blocked by the platform in 2025. The agency’s Menace Tracker recognized greater than 476,000 distinctive risk profiles making an attempt scraping assaults, representing 62% of all profiles recognized throughout the 12 months. The report explicitly connects this progress to the rise of AI crawlers and scrapers, noting that scraping is among the key duties requested of those bots and brokers. The infrastructure pressure from this exercise echoes Cloudflare and ETH Zurich research on AI bots breaking web caching layers.

Pretend accounts maintain multiplying

Based on the report, the general quantity of pretend account creation makes an attempt elevated 259% from 2023 to 2024 and a further 89% in 2025. The tactic stays enticing when organizations provide incentives for brand spanking new customers, draining promotional budgets and serving as a precursor to different fraud. Based on Satori researchers, large-scale streaming fraud operations depend on pretend accounts to generate authentic-looking engagement at scale, with fraudsters utilizing AI to automate id spoofing and rotate proxies to simulate geographically various listeners.

Trade focusing on and the darkish net sign

The report tracks how assault distribution shifts as risk actors change targets. Based on HUMAN, 2025 was a retail and e-commerce 12 months for account takeover, with that vertical absorbing 54.92% of tried takeover assaults, alongside a resurgence in assaults centering on know-how and SaaS companies. Retail and e-commerce held the biggest share of carding assaults for the fourth consecutive 12 months at 71.75%, and the report notes that the share focusing on know-how and SaaS companies has tripled since 2022.

The retail figures are stark in absolute phrases. Based on the report, the general quantity of tried scraping assaults in opposition to retail and e-commerce companies surpassed 150 billion in 2025, and one main retailer recorded 9.2 billion tried scraping assaults in December 2025 alone.

Darkish net pricing gives a lagging sign of the place defenses are holding. Based on HUMAN, accounts that change into more durable to steal command increased costs, whereas falling costs point out attackers have discovered simpler paths. The report states that hacked accounts on one crypto trade now command as much as $4,500 on the darkish net, up from underneath $500, and e-mail accounts for one supplier almost tripled to $999.50. In contrast, one resort chain’s loyalty program accounts fell from $201 to $40.50, and one nationwide airline’s accounts from $175 to $45.50.

The report’s central discovering lands straight on the individuals who run promoting, commerce, and content material operations. Conduct that when reliably signaled an assault, together with speedy web page navigation, programmatic type completion, and automatic checkout, might now characterize a respectable agentic commerce workflow. Based on HUMAN, organizations that deal with all automation as hostile will block income, whereas those who permit it unchecked will take up fraud.

The business stakes will not be summary. Agentic commerce has moved from experiment to infrastructure throughout the trade, with skepticism about its viability coexisting alongside aggressive protocol growth. Evaluation printed on PPC Land recognized eight structural challenges to agentic commerce adoption, together with retailer incentives in opposition to AI intermediation and client preferences for evaluating choices earlier than buying. On the similar time, only a small number of sites had implemented Google’s commerce protocol months after its launch, even because the conversion hole between AI and conventional site visitors narrowed. Based on figures cited in that protection, AI site visitors sources had been 49% much less more likely to convert than non-AI sources in January 2025, a spot that had fallen to 23% by July 2025.

Measurement is the unresolved downside. As HUMAN Security’s own positioning for marketers makes clear, when an AI agent crawls a product catalogue, evaluates pricing, or interacts with a checkout movement, conventional analytics instruments floor virtually none of it. The arrival of instruments reminiscent of Microsoft Clarity’s bot activity dashboard in January 2026 displays a broader scramble to offer advertising and analytics groups visibility into automated site visitors on the property stage. The broader failure of fraud detection has been documented earlier than: an investigation reported by PPC Land discovered that main verification techniques routinely missed declared bots working from information facilities.

Based on the report, the query is not whether or not site visitors is automated. It’s whether or not a given interplay is reliable, no matter whether or not it comes from a human, an AI agent, or an agentic browser. HUMAN states that early 2026 information confirms the momentum has not slowed, with agentic site visitors persevering with its upward trajectory and turning into extra deeply embedded in business workflows. For entrepreneurs, the sensible consequence is that coverage selections made now about the right way to handle this site visitors will form each income seize and fraud publicity for years.

Timeline

Abstract

Who: HUMAN Safety, a cybersecurity agency specializing in distinguishing human, bot, and AI agent site visitors at web scale, supported by evaluation from its Satori risk intelligence workforce.

What: The 2026 State of AI Visitors and Cyberthreat Benchmark Report, drawing on a couple of quadrillion interactions, paperwork that AI-driven site visitors grew 187% over 2025, agentic AI site visitors grew 7,851% 12 months over 12 months, and solely half of 1 % now separates the speed of benign automation from malicious automation. The report additionally benchmarks account takeover, carding, scraping, and pretend account creation traits.

When: The report was launched on April 9, 2026, protecting the 2025 calendar 12 months with multi-year comparisons stretching again to 2022 and early 2026 information confirming continued momentum.

The place: The findings replicate site visitors noticed throughout HUMAN’s international buyer base, with geographic attribution distinguishing EMEA-origin and US-origin exercise, and focus in retail and e-commerce, streaming and media, and journey and hospitality.

Why: As autonomous AI techniques start transacting on the open net, the behavioral indicators that when separated respectable guests from attackers have collapsed, leaving organizations to find out the intent behind every interplay fairly than counting on the outdated binary of bot or not. The shift carries direct penalties for income seize, fraud publicity, and measurement throughout the advertising and commerce ecosystem.


Source link