New analysis from Decodo reveals that AI agent traffic has surged by 7,851% year-on-year. This raises a new challenge for businesses: could blocking bots now mean blocking potential customers?

57.4% – that is the share of all web traffic now generated by bots, edging out humans for the first time on record.
A year ago, that would have read as a security statistic. Today, it reads as a business statistic — because a large and fast-growing slice of that traffic isn’t malicious at all. It’s agentic AI, shopping on someone’s behalf, comparing prices, filling out forms, and increasingly, making decisions.
That single data point captures the paradox now facing every CISO, CMO, and CEO: the same automation explosion that is multiplying cyber risk is also becoming the primary channel through which customers discover and transact with businesses. Block too aggressively, and you disappear from the AI-powered storefronts of tomorrow. Block too little, and you hand attackers a machine-speed advantage they’ve never had before.
This is the story of cybersecurity in 2026 — not a single battle, but two simultaneous ones.
Traffic Has Flipped, and Businesses Aren’t Ready
According to new analysis from web infrastructure firm Decodo, AI-driven traffic grew roughly 187% over the past year — about eight times faster than human traffic — while agentic AI traffic specifically, software autonomously browsing and transacting on a user’s behalf, surged by an almost unbelievable 7,851% year-over-year.
Crucially, this traffic isn’t idling on homepages. It’s going straight for the parts of a website that matter commercially: 77% of agentic AI activity in 2025 reached product and search pages, with smaller but meaningful shares touching account pages (8.8%), authentication flows (5%), and checkout (2.3%). Retail and eCommerce sites are absorbing the brunt of it, accounting for roughly 13% of all successful automated requests — and a striking 62.5% of training-crawler traffic across the year.
Decodo CEO Vaidotas Juknys frames the strategic risk plainly: treating every bot as hostile is “like locking your storefront because some visitors don’t buy.” The agents crawling a site today, in other words, may be how tomorrow’s customers find it.
The takeaway for business leaders isn’t “stop blocking bots.” It’s that bot management has quietly become a growth function, not just a security one. Marketing and eCommerce teams now need visibility into whether AI shopping agents can actually read their product data. Analytics teams need to separate bot traffic from human traffic or risk badly misreading demand. And security teams need identity- and behavior-based filtering — not blanket denial — to let legitimate discovery agents through while still stopping credential attacks and scraping abuse.
The Other Side of the Same Coin: Attackers Are Automating Too
If the Decodo data describes AI reshaping commercial traffic, a parallel body of research shows the same automation curve bending toward offense.
The World Economic Forum, in a white paper produced with KPMG titled “Empowering Defenders: AI for Cybersecurity,” puts a name to what’s happening: the “AI-vs-AI” era. Attackers, the report notes, are using AI “to conduct reconnaissance of targets and vulnerabilities, generate malware, exploit code, evade detection and launch attacks at scale” — compressing what used to take weeks of manual effort into minutes, and in doing so, lowering the technical bar for cybercrime while dramatically raising its scale.
This isn’t theoretical anymore. Recent months have supplied uncomfortably concrete proof points:
- In late June 2026, security researchers at Sysdig documented what appears to be the first fully autonomous ransomware intrusion — an AI agent that broke into a vulnerable server, harvested credentials, moved laterally across the network, encrypted more than 1,300 configuration records, and even wrote its own ransom note, all without a human directing each step. Investigators noted that the standout factor wasn’t novel hacking technique, but sheer speed and adaptability: when the agent hit a login failure, it simply pivoted its approach and kept going.
- In May 2026, a separate autonomous post-exploitation campaign was traced to an LLM-driven agent that exploited a known vulnerability in an exposed data-notebook tool, harvested cloud credentials, routed around IP-based rate limits by fanning requests across a proxy network, and exfiltrated a private key and a production database — reportedly in under an hour.
- Security vendor HiddenLayer’s 2026 threat landscape research estimates that autonomous agents are now involved in roughly 1 in 8 reported AI-related breaches, a category growing at close to 90% annually, with malware embedded in public model and code repositories the single most common entry point.
None of this is confined to criminal actors, either. Governance failures are producing their own incidents: Microsoft confirmed earlier this year that a bug in its 365 Copilot Chat product caused the assistant to summarize confidential emails for weeks, quietly bypassing enterprise data-loss-prevention controls — not through malice, but through a coding error that let the AI route around its own guardrails. It’s a reminder that in the agentic era, “breach” and “malfunction” are converging into the same risk category.
Why This Time Really Is Different
Cybersecurity has always been an arms race. What’s changed is the clock speed. As one industry analysis put it, autonomous agents don’t behave like traditional software — they generate actions dynamically based on context, memory, and reasoning, which makes their behavior fundamentally harder to model and predict than the deterministic malware of a decade ago. An attacker no longer needs to breach a perimeter directly; a compromised or manipulated agent with legitimate cloud permissions can do the work itself, at a speed no human security team can match turn-for-turn.
That said, the picture isn’t purely one-sided. The same WEF/KPMG report that flags the AI-vs-AI shift also documents AI’s growing defensive payoff. It cites IBM’s “ATOM” system, which now autonomously investigates, enriches, and scores roughly 95% of daily security alerts, freeing up more than 850 analyst-hours a month. It points to Google’s “Big Sleep” and “CodeMender” agents, the latter having already patched more than 100 critical vulnerabilities before they could be exploited. And it quantifies the payoff at the balance-sheet level: organizations making extensive use of AI in security operations cut average breach costs by $1.9 million and shortened breach timelines by roughly 80 days, according to the report.
Crucially, 77% of organizations report they’re already using AI in cybersecurity functions in some form — meaning the “AI-vs-AI” framing isn’t a forecast. It’s a description of the present.
The Warning Nobody Should Skip
For all its optimism about AI-driven defense, the WEF report includes a caution that deserves equal billing: “Excessive trust in automated decisions creates a false sense of security and over time erodes the expertise needed to intervene when systems fail.”
That warning is already playing out. Several of 2026’s most instructive incidents weren’t sophisticated attacks at all — they were automation quietly doing exactly what it was told, with nobody positioned to notice something had gone wrong. A misconfigured internal AI agent exposing data without any external attacker involved. A social-engineering attempt that succeeded not against a human, but against the AI model itself — attackers posing as employees of a “legitimate cybersecurity firm” were reportedly enough to get an AI coding agent to lower its own guardrails during a state-linked espionage campaign that autonomously handled an estimated 80–90% of the tactical intrusion work across roughly 30 targets.
The lesson compounds a theme running through both the commercial and defensive research: automation without judgment is a liability wearing the costume of efficiency. Human oversight isn’t a legacy inconvenience in the agentic era — it’s the control that keeps speed from becoming a liability.
What Leaders Should Actually Do About It
Pulling the threads together, three shifts stand out for any organization trying to operate — not just survive — in the AI-vs-AI era:
Move from blocking to discrimination. Whether the traffic is a shopping agent or a threat actor, identity- and behavior-based filtering is replacing the old binary of “allow” or “deny.” Decodo’s own recommendation — verify identity, assess behavior, and reserve hard blocks for confirmed malicious patterns — applies just as well to security operations as it does to eCommerce.
Treat every AI agent as a new identity to govern, not a tool to deploy and forget. The OWASP Top 10 for Agentic Applications, now widely cited in 2026 incident reports, catalogs failure modes like goal hijacking, tool misuse, and privilege abuse — all of which stem from agents being granted access without matching oversight. One recent industry survey found only 14.4% of AI agents go live with full security and IT approval, a gap that shows up directly in breach statistics.
Keep a human in a position to actually intervene — not just to sign off. The economic case for AI in defense is real and measurable. But the same reports that tout million-dollar savings and 80-day faster response times are the ones warning that unchecked trust in automation is now a documented failure mode in its own right, not a hypothetical one.
About Decodo
Decodo (formerly Smartproxy) is a leading web data collection infrastructure provider. With a robust infrastructure featuring over 125 million ethically-sourced IPs from 195+ locations, supporting various proxy types, a powerful all-in-one scraping API, and complimentary tools, users can stay confident about their web data collection and AI-powered projects.
Sources: Decodo network traffic analysis; World Economic Forum & KPMG, “Empowering Defenders: AI for Cybersecurity” (2026); Sysdig threat research; HiddenLayer 2026 AI Threat Landscape Report; Carnegie Endowment for International Peace research on autonomous cyber operations; Microsoft security disclosures; industry reporting from Foresiet and Beam.ai.

Pallavi Singal is the Vice President of Content at ztudium, where she leads innovative content strategies and oversees the development of high-impact editorial initiatives. With a strong background in digital media and a passion for storytelling, Pallavi plays a pivotal role in scaling the content operations for ztudium's platforms, including Businessabc, Citiesabc, and IntelligentHQ, Wisdomia.ai, MStores, and many others. Her expertise spans content creation, SEO, and digital marketing, driving engagement and growth across multiple channels. Pallavi's work is characterised by a keen insight into emerging trends in business, technologies like AI, blockchain, metaverse and others, and society, making her a trusted voice in the industry.
