Zainab Hussain is a seasoned e-commerce strategist who has spent years navigating the intersection of customer engagement and complex digital operations. As the retail landscape shifts toward automation, she has become a leading voice on how businesses can survive the deluge of automated traffic without sacrificing the human experience. In this discussion, we explore the findings of a recent report detailing the massive surge in AI agent activity, the rising threat of bot impersonation, and why visibility is the only way forward for modern digital platforms.
With AI agent requests reaching nearly eight billion in just the first two months of the year, how are infrastructure requirements shifting for modern enterprises? What specific metrics should technical teams monitor to ensure these surges do not degrade the experience for genuine human users?
The scale of 7.9 billion requests in just January and February of 2026 is a staggering wake-up call for anyone managing web infrastructure. This 5% increase over the previous quarter shows that the demand on servers is not just growing; it is accelerating at a pace that can easily overwhelm traditional hosting setups. Technical teams need to keep a very close eye on the percentage of agentic traffic, which has already hit 9.75% for some organizations, to ensure it doesn’t eat up the bandwidth meant for actual shoppers. If you aren’t monitoring resource utilization specifically tied to these automated agents, you risk a scenario where your site feels sluggish and unresponsive to the very people trying to spend money.
Known bots like Meta-externalagent and ChatGPT-User are now frequently impersonated by malicious actors to bypass security. How can organizations verify the true identity of a request beyond simple user-agent strings, and what steps are necessary to prevent spoofed traffic from accessing sensitive data?
We are currently in the middle of a massive identity crisis because relying on a user-agent string is like letting someone into a high-security building just because they are wearing a name tag. With 16.4 million spoofed requests for Meta-externalagent and another 7.9 million for ChatGPT-User, the danger of misplaced trust is incredibly high. Organizations have to implement deeper verification methods that analyze the behavior and origin of the request rather than just taking the label at face value. It is particularly alarming to see that PerplexityBot has an impersonation rate of nearly 2.4%, proving that even newer, specialized bots are being used as masks for malicious intent.
Digital platforms in the e-commerce and real estate sectors currently see up to 20% of their traffic coming from automated agents. Why are these specific industries such high-priority targets for data harvesting, and what are the long-term business consequences of failing to manage this volume?
E-commerce and retail are prime targets because they are rich with transactional data and pricing information that competitors and aggregators are desperate to get their hands on. Real estate follows closely behind at 17% of volume because property listings are essentially the lifeblood of that industry’s digital ecosystem. If a business fails to manage this 20% of traffic effectively, they aren’t just paying for the server costs of their own demise; they are losing their competitive edge as their data is harvested and reused elsewhere. It creates a hollowed-out business model where your “visitors” are actually competitors systematically draining the value of your original content.
High-volume agents often vary in utility, with some driving referral traffic while others purely scrape content for no return. How do you distinguish between “high-value” and “high-risk” agents, and what framework should a business use to decide which bots to allow or block?
You have to look at the return on investment for every bot that hits your site, starting with heavy hitters like Meta ExternalAgent, which accounts for 25% of top agent traffic. While a bot like ChatGPT-User, at 19.1%, might eventually lead a user to your site through an AI-generated answer, others are purely parasitic and offer no referral value. A smart framework involves categorizing these agents by their intent and their transparency; if an agent is hiding its true identity or ignoring your crawl rules, it is high-risk regardless of how “famous” its name might be. Deciding whether to block or allow shouldn’t be a guess, but a data-driven choice based on whether that bot is actually helping your bottom line.
Many organizations currently suffer from a visibility gap where they cannot accurately classify the intent of automated traffic hitting their servers. What specific architectural changes are required to gain this clarity, and how does improved visibility change a company’s overall defense strategy?
The biggest hurdle right now is that invisible traffic is essentially unmanaged traffic, and you cannot defend what you cannot see. Organizations need to move toward an architecture that includes dedicated agent trust management, which provides a granular look at who is visiting and why. This shift allows a company to move away from “all-or-nothing” blocking and toward a strategy where Meta WebIndexer’s 14.3% share of traffic is handled differently than a rogue scraper. Improved visibility turns a defensive crouch into a strategic advantage, allowing you to welcome beneficial AI while slamming the door on those looking to exploit your platform.
What is your forecast for AI agent traffic?
I expect that we will see these 7.9 billion requests look like a small drop in the bucket as agentic browsers become the primary way people interact with the web. The 5% quarterly growth we saw in early 2026 is just the beginning of a trend where automated agents will eventually perform the majority of search and discovery tasks. Industries like travel and tourism, which already see 15% of their traffic from agents, will have to completely redesign their booking flows to accommodate machine-to-machine commerce. If companies do not gain visibility into this traffic now, they will be completely overwhelmed by an automated tide that doesn’t sleep and doesn’t stop.
