HUMAN Security's 2026 benchmark report, released on April 9, 2026, documents the year AI systems stopped merely reading the web and started transacting on it, with agentic traffic up 7,851% and the gap between legitimate automation and fraud narrowing to half a percentage point.

For most of the internet's history, the security question was simple: bot or not. A request either came from a person or from a machine, and machines were treated with suspicion. That binary has collapsed. In 2025, autonomous AI systems began navigating product pages, logging into accounts, and completing purchases on behalf of real shoppers, behaving in ways that are mechanically indistinguishable from the automated attacks security teams have spent years learning to block.

The shift is quantified in the 2026 State of AI Traffic and Cyberthreat Benchmark Report, published by cybersecurity firm HUMAN Security on April 9, 2026. The report draws on more than one quadrillion interactions processed by the company's Human Defense Platform across its global customer base during the calendar year. According to HUMAN, the findings describe a structural change in how the web operates rather than an incremental uptick in bot activity.

The central tension for marketers, retailers, and publishers sits in a single statistic. According to the report, across every interaction the platform analyzed in 2025, only one half of one percent separated the rate of benign automation from the rate of malicious automation. An AI agent rapidly browsing products and completing a checkout might be a consumer's shopping assistant. It might be an automated fraud operation. The behavior is the same. The intent is not.

Automation is growing eight times faster than people

The headline figure frames everything that follows. According to HUMAN, automated traffic across the internet grew 23.51% year over year in 2025, while human traffic increased just 3.10% over the same period. That makes automation's growth roughly eight times faster than the growth of human activity online.

Within that broad category of non-human traffic, AI-driven traffic emerged as the dominant growth vector. The report defines AI-driven traffic as the subset generated by or on behalf of AI systems, separating it from traditional automation such as search engine crawlers, monitoring bots, and conventional scraping tools. According to HUMAN, monthly volumes of AI-driven traffic grew 187% from January to December 2025, nearly tripling over the calendar year.

The growth was not linear. According to the report, total AI-driven traffic nearly quadrupled between January and October, peaking at 3.61 times January's volume before settling into a plateau for the final two months. Retail and media verticals accounted for more than 80% of the increase, with e-commerce alone driving roughly half.

Concentration defines the landscape on multiple axes. According to HUMAN, more than 95% of AI-driven traffic in 2025 was concentrated within three industries: retail and e-commerce, streaming and media, and travel and hospitality. These are the verticals where structured, frequently updated data carries the highest commercial value to AI products.

The operator picture is equally lopsided. According to the report, OpenAI's bots, which include ChatGPT User, OAI-SearchBot, GPTBot, and ChatGPT Agent, accounted for approximately 69% of all observed AI-driven traffic by volume. Meta-ExternalAgent contributed an additional 16%, and Anthropic identities, including ClaudeBot and Claude-SearchBot, made up roughly 11%. The remaining dozens of identified bots collectively represented less than 5% of total volume. According to HUMAN, that concentration means access policy decisions about a handful of companies determine the vast majority of an organization's exposure to AI-driven traffic.

Three kinds of machine: crawlers, scrapers, and agents

The report classifies AI-driven traffic into three categories based on behavior, characteristics, and declared identity. The distinctions matter because each category interacts with websites differently and carries a different governance burden.

Training crawlers still dominate, but their share is falling

Training crawlers collect data in bulk to build or refine machine learning models. Unlike search engine crawlers, which index content for retrieval, training crawlers extract it. According to HUMAN, they made up the largest single component of AI-driven traffic at approximately 67.5% of all observed AI bot volume in 2025.

That dominance is eroding. According to the report, training crawlers accounted for roughly 90% of all observed AI-driven traffic in January 2025, with real-time scrapers making up the remaining 10%. By December, training crawlers had declined to 74% of the total, scrapers represented 24%, and the newly emerged agentic category accounted for 1.7%. Training crawler volume itself grew 136% across the year, with e-commerce and travel verticals driving approximately 85% of the increase.

The report identifies a notable timing pattern. According to HUMAN, between November 17 and December 11, four major AI companies released frontier models in rapid succession: xAI's Grok 4.1, Google's Gemini 3, Anthropic's Claude Opus 4.5, and OpenAI's GPT-5.2. October's crawling surge is consistent with a pre-release data acquisition cycle, suggesting that training crawler volume may increasingly move in anticipation of model release schedules.

Vertical concentration for crawlers skews heavily toward commerce. According to the report, retail and e-commerce sites made up 62.5% of all training crawler traffic, with media at 19.70% and travel at 16.60% rounding out a top three that together accounted for over 98% of crawler volume.

The reliability of declared identity is a recurring concern. According to HUMAN's Satori threat intelligence team, a significant portion of requests claiming to be ChatGPT, Mistral, and Perplexity bots did not originate from those operators' infrastructure. Attackers spoof user-agent strings to exploit the trust organizations extend to recognized AI crawlers, bypassing robots.txt allowlists and rate-limit exemptions. According to the report, organizations that whitelist crawler traffic based solely on user-agent strings are granting access to an unknown number of unauthorized actors. The challenge of distinguishing legitimate AI crawlers from hostile extraction has been a persistent theme in coverage of publisher resistance to AI scraping.

Scrapers feed the inference layer in real time

AI scrapers differ from training crawlers in both purpose and tempo. According to the report, where crawlers accumulate data in bulk, scrapers extract specific, timely information to feed real-time AI features: live pricing, current inventory, breaking news summaries, and competitive intelligence. They serve the inference layer of AI products, including retrieval-augmented generation pipelines and dynamic comparison tools that depend on fresh data with every query. Scrapers represented 31.9% of all observed AI bot traffic.

According to HUMAN, AI scraper traffic grew 597% from January to December, and at its October peak reached 12 times the January baseline. Media, travel, and e-commerce drove 97% of the total increase. The report attributes the acceleration to a structural mechanism: each time a user queries an AI assistant that grounds its answers in live web data, that query generates scraper traffic.

The vertical distribution for scrapers inverts the crawler pattern. According to the report, media led at 40.90%, compared with retail's 36.70%, reflecting the demand from AI-powered search and news summarization products for a constant stream of freshly published content. That dynamic has driven news publishers to confront AI training data intermediaries directly.

Agents do not read the web - they act on it

Agentic AI is the category the report identifies as the most structurally novel in this year's data. Where crawlers and scrapers are best understood as automation built to serve AI systems, agents are AI systems that perform the automation themselves. According to HUMAN, they navigate pages, fill forms, compare products, initiate transactions, and manage account workflows. The category encompasses two form factors: agentic browsers such as ChatGPT Atlas and Perplexity Comet, which embed AI capabilities into a full browsing environment, and general-purpose agents such as ChatGPT Agent and OpenClaw, which operate autonomously across applications.

According to the report, agentic AI traffic grew 7,851% year over year. The firm notes important context: 2024 volumes started from a very low base, so the multiplier reflects rapid early-stage adoption rather than a mature channel. The launch of ChatGPT Atlas on October 21, 2025 was among the agentic browser releases that contributed to the steep curve through the fourth quarter. According to HUMAN, agentic browsers grew faster than purpose-built agents, roughly doubling agent traffic by late in the fourth quarter.

The behavioral breakdown is where the commerce orientation becomes clear. According to the report, product and search pages dominated at 77% of agentic activity. Account pages accounted for 8.82% and authentication flows for 4.95%, indicating that agents are operating within logged-in sessions on behalf of users. Checkout pages made up 2.31%.

That checkout figure is small in relative terms but significant in kind. According to HUMAN, agents completing checkout flows represent autonomous transaction execution without direct human involvement, a behavior that was largely theoretical before 2025 and that the data confirms is now operational. This matches the broader market movement, from OpenAI's instant checkout launch on September 29, 2025 to Google's Universal Commerce Protocol on January 11, 2026 and Microsoft's Copilot Checkout.

The vertical spread for agents is more even than for the other two categories. According to the report, retail and e-commerce led at 46.6%, followed by streaming and media at 28.5% and travel and hospitality at 19.2%. The two form factors behave differently: agentic browsers concentrate heavily in e-commerce at 55.8% of browser traffic, while purpose-built agents skew toward travel at 38.4% of agent traffic. Technology and SaaS registered 4.10% for agentic traffic, notably higher than the 1.10% for crawlers or 0.80% for scrapers, suggesting agents are being used for product evaluation, trial sign-ups, and integration testing.

When agents misbehave

The abuse potential is not hypothetical. According to HUMAN's Satori team, analysis of traffic from publicly exposed OpenClaw gateways found patterns spanning routine automation to clear abuse. Instances were observed generating synthetic referral traffic by tagging requests with fabricated social media UTM parameters to simulate organic engagement at scale. Others conducted automated reconnaissance, including high-velocity directory brute-forcing against web applications. According to the report, researchers also documented infostealer malware adapted to target OpenClaw environments, exfiltrating configuration secrets including API keys and agent identity data. The firm states that such tools lower the skill threshold for internet fraud, enabling users with no security expertise to conduct attacks that previously required hands-on technical knowledge.

A second example sits directly at the intersection of agentic commerce and payment fraud. According to Satori researchers, a carding-like checking pattern mediated by an AI agent was observed, in which the threat actor rapidly cycled through multiple credit-card additions and repeated payment-completion attempts to see which card would authorize. The sequence included 11 card-add attempts and 6 payment attempts across two sessions, followed by a pivot to loyalty-point redemption after the card paths failed. According to the report, the workflow mirrored established carding techniques but was executed through an AI browser agent, and researchers described how the speed, hybrid human-automated sessions, and ability to operate within authenticated sessions make agents useful tools for threat actors.

The fraud benchmarks behind the AI story

Independent of the AI-driven traffic patterns, the report documents trends across four attack types the Human Defense Platform protects against: account takeover, carding, web scraping, and fake account creation. The benchmarks use two measures, the typical customer represented by the median and the heavily-targeted customer represented by the 90th percentile.

Account takeover shifts past the login

According to the report, overall account takeover volume fell more than 30% in 2025, but the percentage of login traffic attempting a takeover saw its biggest jump in years. The global median rate reached 3.37% in 2025, and the rate from EMEA-attributed traffic exceeded 13%, compared with less than 3.5% globally.

The more significant change is tactical. According to HUMAN, attacks focused on post-login account compromise, in which attackers abuse session tokens, manipulate account settings, or exploit weak step-up controls after a legitimate login, more than quadrupled. In 2024, the firm flagged nearly 100,000 such attempts per customer. In 2025, that figure rose to an average of 402,000. According to the report, the firm's Threat Tracker capability identified more than 208,000 unique threat profiles attempting account takeover attacks during the year.

The report attributes the shift partly to defenses working at the point of login. According to HUMAN, the spike in post-login compromise, alongside the decline in overall takeover attempts, may indicate widespread adoption of protections at the login stage, forcing threat actors to adopt more technical and manual approaches.

Carding volume climbs even as rates hold steady

According to the report, the percentage of checkout traffic attempting a carding attack remained low and stable, while the volume of global checkout interactions blocked rose more than 20% from 2024 and 250% since 2022. For the second consecutive year, attacks from US-attributed IP addresses made up an outright majority of all carding attempts stopped. According to HUMAN, Threat Tracker identified more than 80,000 unique threat profiles attempting carding attacks in 2025.

Scraping approaches one in five visits

Web scraping shows both rising volume and rising prevalence. According to the report, the global volume of attempted scraping attacks rose almost 47% from 2024 and 138% since 2022. The median global percentage of traffic attempting a scraping attack was just over 10% in 2022; by 2025 it was approaching 20%. For heavily-targeted companies, that figure now exceeds 61% of traffic.

According to HUMAN, EMEA-attributed activity showed a median scraping rate exceeding 43%, with heavily-targeted businesses in the region seeing 87% of traffic attempting a scraping attack. Despite those percentages, American threat actors made up the bulk of attacks, accounting for almost two-thirds of all scraping blocked by the platform in 2025. The firm's Threat Tracker identified more than 476,000 unique threat profiles attempting scraping attacks, representing 62% of all profiles identified during the year. The report explicitly connects this growth to the rise of AI crawlers and scrapers, noting that scraping is one of the key tasks asked of these bots and agents. The infrastructure strain from this activity echoes Cloudflare and ETH Zurich research on AI bots breaking web caching layers.

Fake accounts keep multiplying

According to the report, the overall volume of fake account creation attempts increased 259% from 2023 to 2024 and an additional 89% in 2025. The tactic remains attractive when organizations offer incentives for new users, draining promotional budgets and serving as a precursor to other fraud. According to Satori researchers, large-scale streaming fraud operations rely on fake accounts to generate authentic-looking engagement at scale, with fraudsters using AI to automate identity spoofing and rotate proxies to simulate geographically diverse listeners.

Industry targeting and the dark web signal

The report tracks how attack distribution shifts as threat actors change targets. According to HUMAN, 2025 was a retail and e-commerce year for account takeover, with that vertical absorbing 54.92% of attempted takeover attacks, alongside a resurgence in attacks centering on technology and SaaS businesses. Retail and e-commerce held the largest share of carding attacks for the fourth consecutive year at 71.75%, and the report notes that the share targeting technology and SaaS businesses has tripled since 2022.

The retail figures are stark in absolute terms. According to the report, the overall volume of attempted scraping attacks against retail and e-commerce businesses surpassed 150 billion in 2025, and one major retailer recorded 9.2 billion attempted scraping attacks in December 2025 alone.

Dark web pricing offers a lagging signal of where defenses are holding. According to HUMAN, accounts that become harder to steal command higher prices, while falling prices indicate attackers have found easier paths. The report states that hacked accounts on one crypto exchange now command up to $4,500 on the dark web, up from under $500, and email accounts for one provider nearly tripled to $999.50. By contrast, one hotel chain's loyalty program accounts fell from $201 to $40.50, and one national airline's accounts from $175 to $45.50.

Why this matters for the marketing community

The report's central finding lands directly on the people who run advertising, commerce, and content operations. Behavior that once reliably signaled an attack, including rapid page navigation, programmatic form completion, and automated checkout, may now represent a legitimate agentic commerce workflow. According to HUMAN, organizations that treat all automation as hostile will block revenue, while those that allow it unchecked will absorb fraud.

The commercial stakes are not abstract. Agentic commerce has moved from experiment to infrastructure across the industry, with skepticism about its viability coexisting alongside aggressive protocol development. Analysis published on PPC Land identified eight structural challenges to agentic commerce adoption, including retailer incentives against AI intermediation and consumer preferences for evaluating options before purchasing. At the same time, only a small number of sites had implemented Google's commerce protocol months after its launch, even as the conversion gap between AI and traditional traffic narrowed. According to figures cited in that coverage, AI traffic sources were 49% less likely to convert than non-AI sources in January 2025, a gap that had fallen to 23% by July 2025.

Measurement is the unresolved problem. As HUMAN Security's own positioning for marketers makes clear, when an AI agent crawls a product catalogue, evaluates pricing, or interacts with a checkout flow, traditional analytics tools surface almost none of it. The arrival of tools such as Microsoft Clarity's bot activity dashboard in January 2026 reflects a broader scramble to give marketing and analytics teams visibility into automated traffic at the property level. The broader failure of fraud detection has been documented before: an investigation reported by PPC Land found that major verification systems routinely missed declared bots operating from data centers.

According to the report, the question is no longer whether traffic is automated. It is whether a given interaction is trustworthy, regardless of whether it comes from a human, an AI agent, or an agentic browser. HUMAN states that early 2026 data confirms the momentum has not slowed, with agentic traffic continuing its upward trajectory and becoming more deeply embedded in commercial workflows. For marketers, the practical consequence is that policy decisions made now about how to manage this traffic will shape both revenue capture and fraud exposure for years.

Timeline

Summary

Who: HUMAN Security, a cybersecurity firm specializing in distinguishing human, bot, and AI agent traffic at internet scale, supported by analysis from its Satori threat intelligence team.

What: The 2026 State of AI Traffic and Cyberthreat Benchmark Report, drawing on more than one quadrillion interactions, documents that AI-driven traffic grew 187% over 2025, agentic AI traffic grew 7,851% year over year, and only half of one percent now separates the rate of benign automation from malicious automation. The report also benchmarks account takeover, carding, scraping, and fake account creation trends.

When: The report was released on April 9, 2026, covering the 2025 calendar year with multi-year comparisons stretching back to 2022 and early 2026 data confirming continued momentum.

Where: The findings reflect traffic observed across HUMAN's global customer base, with geographic attribution distinguishing EMEA-origin and US-origin activity, and concentration in retail and e-commerce, streaming and media, and travel and hospitality.

Why: As autonomous AI systems begin transacting on the open web, the behavioral signals that once separated legitimate visitors from attackers have collapsed, leaving organizations to determine the intent behind each interaction rather than relying on the old binary of bot or not. The shift carries direct consequences for revenue capture, fraud exposure, and measurement across the marketing and commerce ecosystem.