AI agent traffic across the web fell in May 2026 for the first time in months, yet the rate at which that traffic is being actively blocked continued to rise - a split that reveals something more significant than the headline numbers suggest.

According to HUMAN Security's Satori Threat Intelligence Team, overall agentic traffic declined 4.3% month over month in May 2026. The finding comes from the company's monthly State of Agentic Traffic benchmark series, which draws on observations across the HUMAN Defense Platform and extends findings from the annual 2026 State of AI Traffic & Cyberthreat Benchmark Report. The May 2026 edition was published by Aviad Kaiserman on June 4, 2026.

The decline in raw volume did not translate into a decline in vigilance. The blocking rate - the share of agentic traffic being actively stopped or filtered - climbed from 8.2% in April to nearly 9% in May. That gap between declining traffic and rising blocking is the clearest signal in the data: operators are not relaxing. They are building policy controls and applying them with increasing frequency, even as the total flow of agent sessions slows.

The dominant agents and who gained ground

Comet Browser, developed by Perplexity AI, and Atlas, developed by OpenAI, held their positions as the two largest sources of agentic traffic in May 2026. According to HUMAN Security, Comet accounted for 47% of observed agentic traffic, while Atlas accounted for 20.3%. Both figures represent declines in absolute volume compared to April: Comet dropped 6.8% and Atlas dropped 9.2%.

Those are not small movements. For the two products that together generate roughly two-thirds of all agentic web traffic, a combined absolute decline in a single month is notable. Perplexity launched Comet in July 2025, initially restricting the browser to subscribers of its $200-per-month Max plan before making it freely available in October 2025. OpenAI introduced Atlas later that year, positioning it as an action-oriented agentic browser capable of autonomous task completion across authenticated sessions.

Despite the overall dip, two operators expanded their share. The Claude Chrome Extension, built by Anthropic, increased its share of agentic traffic from 17.3% in April to 18.6% in May, with absolute volume growing 2.6%. Anthropic launched the Claude for Chrome extension as a research preview in August 2025, initially reaching 1,000 Max plan users before opening a wider waitlist. Its steady growth in HUMAN's data suggests adoption has continued to expand beyond that early cohort.

Genspark also continued its expansion, reaching 2.9% of agentic traffic in May and growing 18.2% in absolute volume. According to HUMAN Security, that growth extends a trend maintained over at least four months. ChatGPT Agent, a separate product from Atlas within OpenAI's lineup, remained relatively stable month over month.

The divergence between the declining dominant players and the growing challengers raises a question the monthly data alone cannot answer: whether May represents a seasonal dip, a saturation effect among early Comet and Atlas adopters, or the beginning of a structural redistribution in how agentic traffic is generated.

Where agents go: the sector distribution

Media held the largest share of AI agent traffic in May at 43.4%, followed closely by e-commerce at 40.5% and travel at 13.7%. Those three sectors combined accounted for nearly 98% of all observed agentic activity. The remaining 2% was distributed across financial services, SaaS, streaming and gaming, healthcare, advertising, government, and education.

The concentration in media, e-commerce, and travel reflects what kind of work today's agentic systems are primarily deployed to do. Research, comparison shopping, content retrieval, and travel planning are tasks for which AI browsers and extensions have been explicitly designed and marketed. These are also the sectors where the utility of autonomous browsing is most immediately legible to consumers: an agent that can scan dozens of hotel prices or summarize a week of news articles delivers visible value with relatively low risk.

Separate consumer research published by HUMAN Security in May 2026 found that 82% of respondents would trust a human travel agent more than an AI travel assistant for a high-stakes booking - even among users comfortable with AI-assisted research. That asymmetry between research tasks and transactional tasks appears to be reflected directly in the traffic data.

Financial services remained less than 1% of total agentic traffic in May, but the sector more than doubled in absolute volume, growing 124% month over month. According to HUMAN Security, that continues a multi-month upward trend. The financial services number is small enough that month-over-month growth rates will naturally appear dramatic, but the directional signal is consistent enough across multiple reporting periods to warrant attention.

What agents are actually doing on websites

The page-category breakdown in HUMAN Security's May data provides a more precise picture of agentic behavior than sector-level figures alone. According to the report, more than three-quarters of all agentic activity - 76.4% - was concentrated in product and search routes: browsing product listings, reading articles, and conducting searches.

The remaining activity was distributed across user account routes at 6.4%, authentication routes at 5.6%, content engagement at 4.7%, miscellaneous actions at 4.5%, and checkout and payment flows at 2.4%.

The checkout figure - 2.4% - is worth examining carefully. It is small in relative terms, but it represents a meaningful category of agentic behavior that did not exist at scale two years ago. HUMAN Security's annual benchmark report, published April 9, 2026, documented 2025 as the year AI systems moved from reading the web to transacting on it. Checkout-phase agentic traffic is the concrete expression of that shift.

The authentication route figure - 5.6% - carries different implications. An AI agent attempting to authenticate on a user's behalf looks, from a server's perspective, behaviorally similar to an account takeover attempt. The session structure is the same. The credential flow is the same. The difference lies in intent and authorization, neither of which is visible in standard server logs. That is the core measurement problem the whole industry is now working around.

The measurement problem for marketers

Most web analytics platforms were not built to distinguish AI agent sessions from human ones. They classify traffic by referrer, browser, or device - categories that agentic browsers actively complicate. Comet Browser and Atlas present as browsers. The Claude Chrome Extension presents as Chrome with an extension. ChatGPT Agent signs its HTTP requests using the HTTP Message Signatures standard, which HUMAN Security has documented and built allowlisting support for, but that technical standard is not yet universally supported across analytics stacks.

The practical consequence is that agentic sessions appear in analytics dashboards as browser traffic, often without clear attribution. A product listing viewed 40 times in an hour by a price-comparison agent looks, in standard reporting, identical to 40 separate human visits. Google Analytics addressed part of this gap in May 2026 by adding a dedicated AI Assistant channel to the Default Channel Group, automatically classifying traffic from ChatGPT, Gemini, Claude, and other recognized AI assistants. But that classification covers AI assistant referral traffic - humans clicking links from chatbots - not autonomous agentic browsing sessions.

HUMAN Security itself moved to address this in April 2026, expanding its Agentic Visibility capabilities beyond security teams to serve marketing and commerce organizations directly. The expansion included native integration into Adobe Experience Platform. According to HUMAN Security, the Sightline platform can differentiate between human, bot, and AI agent activity with granularity that standard analytics systems do not offer, and can classify agent intent as a session unfolds rather than after the fact.

The blocking rate and its implications

The rise in blocking rate from 8.2% in April to nearly 9% in May deserves more attention than the headline traffic decline. Blocking is an active decision. It requires a website operator to configure a policy, deploy it, and maintain it as agent behavior changes. The fact that blocking rates are rising while overall agentic volume is falling suggests that operators are not simply reacting to traffic surges - they are building infrastructure for ongoing control.

A broader analysis published by PPC Land on June 7, 2026, drawing on third-party data through the week ending June 5, found bots accounting for 57.4% of web traffic to HTML content. The crossing of the majority threshold, according to that analysis, happened faster than observers had projected. Against that backdrop, a 9% blocking rate for agentic traffic specifically represents a fraction of the overall non-human traffic that websites are dealing with.

The tools for blocking have expanded considerably over the past year. Cloudflare introduced a pay-per-crawl mechanism in July 2025 and followed with expanded crawl control options in August 2025, giving operators a third option between open access and full blocking. Microsoft Clarity introduced bot activity dashboards in January 2026, giving marketers a measurement layer without requiring separate enforcement infrastructure.

The Comet Browser case illustrated why measurement and blocking have both accelerated. Perplexity's agents became the subject of a federal court injunction in March 2026, blocking Comet's agents from accessing Amazon's password-protected account sections. The legal action framed agentic browsing through authenticated sessions as a distinct policy problem from general web crawling, and it likely accelerated the adoption of explicit blocking policies among operators in adjacent sectors.

Why this matters for the marketing community

Agentic traffic is not yet large enough to reshape attribution models or media plans at scale. But the trajectory documented across HUMAN Security's monthly series points toward a future in which a meaningful fraction of product page views, search interactions, and potentially checkout flows originate from AI systems rather than human browsers.

For media companies at 43.4% of agentic traffic, the immediate question is whether AI agents reading articles should be treated as readers, scrapers, or something in between. The economic models built around human readership - advertising CPMs, subscription conversion funnels, time-on-page engagement signals - do not translate cleanly to autonomous agent sessions.

For e-commerce operators at 40.5%, the checkout figure of 2.4% of all agentic activity is the most operationally significant data point. An agent completing a purchase generates a transaction record, but it also generates a session that may not respond to retargeting, may not match loyalty program identifiers, and may complete the purchase with different timing and flow than human checkout. These are not hypothetical edge cases - they are live infrastructure questions for any operator whose checkout flows are now being accessed by agentic browsers.

For travel companies at 13.7%, consumer research published in May 2026 confirmed that AI agents are being used extensively for price research and itinerary comparison, with human approval still required before actual bookings in most cases. The research phase of travel planning is already substantially agentic. The booking phase is following, more slowly.

The ad tech industry has been reconfiguring itself around this reality since late 2025. Amazon, Google, and the IAB Tech Lab all introduced agentic infrastructure in November 2025. The IAB Tech Lab followed with a Programmatic Governance Council in April 2026. These are not exploratory initiatives - they are structural responses to a measurable shift in how digital interactions occur.

HUMAN Security's May 2026 data does not resolve the strategic questions these shifts create. What it does is provide a monthly baseline that did not exist a year ago. For an internet where bots and agents are becoming a structural majority of traffic, that baseline is the foundation on which any response has to be built.

Timeline

Summary

Who: HUMAN Security's Satori Threat Intelligence Team, monitoring agentic traffic across the Human Defense Platform, with secondary actors including Perplexity (Comet Browser), OpenAI (Atlas and ChatGPT Agent), and Anthropic (Claude Chrome Extension).

What: According to the May 2026 State of Agentic Traffic report, total agentic web traffic declined 4.3% month over month in May 2026, while the blocking rate rose from 8.2% to nearly 9%. Comet Browser (47%) and Atlas (20.3%) remained dominant but both fell in absolute volume. The Claude Chrome Extension grew from 17.3% to 18.6% share. Media (43.4%), e-commerce (40.5%), and travel (13.7%) accounted for nearly 98% of all agentic traffic destinations. More than three-quarters of all agentic activity - 76.4% - was concentrated in product and search routes, with checkout flows accounting for 2.4%.

When: The May 2026 data was published on June 4, 2026, covering agentic traffic observed across HUMAN Sightline Cyberfraud Defense during May 2026.

Where: The data covers agentic traffic observed globally across the Human Defense Platform's Sightline infrastructure, reflecting publisher-level integration across the web with sector and route categorization based on destination endpoint.

Why: The report matters because it documents an internet in structural transition - one where automated AI agent sessions are becoming a measurable and growing fraction of web traffic, creating measurement gaps in standard analytics platforms, raising new questions for fraud detection and attribution, and prompting website operators to build blocking and policy infrastructure that did not exist at scale 18 months ago.