From the final snap of Super Bowl LX on February 9, 2026, threat actors executed coordinated attacks across retail, financial services, and streaming platforms. HUMAN Security tracked scraping attempts that increased more than 30% compared to 2025, concentrated attacks on specific verticals, and a 5% rise in AI agent activity that extended beyond game day.

The cybersecurity firm blocked more than 74 million scraping attacks against retail and e-commerce sites during the game itself. Scraping attempts targeting this sector jumped more than 35% compared to the previous year's game, according to data shared by HUMAN Security on February 10, 2026.

Financial services faced dramatic attack surge

Account takeover attempts against financial services platforms rose 3,600% during Super Bowl LX compared to the 2025 game. While overall account takeover attacks decreased across other sectors, threat actors concentrated efforts on financial institutions during the broadcast window.

The pattern revealed targeted exploitation rather than opportunistic attacks. Financial services platforms manage customer accounts containing stored balances, making them high-value targets during periods when legitimate traffic surges create cover for malicious activity.

Carding attacks - attempts to validate stolen credit card information - also shifted focus. Streaming and gaming sites experienced a 1,365% increase in carding attempts during the game compared to the previous year, despite overall carding attacks declining across other verticals.

Halftime created predictable threat patterns

Minute-by-minute analysis revealed threat actors took breaks synchronized with the halftime performance. Attack volume decreased during the show, then resumed after the break - mirroring legitimate user behavior patterns.

One notable exception disrupted this pattern. Scraping attacks on streaming and media sites peaked just before Bad Bunny took the stage for the halftime performance. This timing suggested automated systems targeting media platforms operated independently of the broader attack patterns that followed user engagement cycles.

The data showed threat actors understand traffic patterns well enough to time their operations for maximum effectiveness while minimizing detection likelihood. During periods of massive legitimate traffic, distinguishing automated attacks from real user activity becomes more challenging for security systems.

Dark web marketplace activity intensified

HUMAN Security's Satori threat intelligence team observed elevated dark web activity in the days leading up to Super Bowl LX. Accounts for major betting platforms appeared on underground marketplaces, with balances exceeding $1,000 in stored value.

According to HUMAN's data, attackers typically sell compromised accounts for approximately 20% of their stored value. An account holding $1,000 would sell for roughly $200 on dark web marketplaces.

Over the past two years, researchers tracked nearly $50,000 in sales of accounts from one major betting platform on a single dark web marketplace. This volume represented approximately $250,000 in stolen consumer funds from that platform alone.

The timing aligned with increased betting activity around the Super Bowl. The advertising industry has documented substantial Super Bowl spending, with 30-second spots selling for $8 million during the 2026 game. This massive advertising investment drove consumer engagement with betting platforms, creating opportunities for threat actors to monetize compromised accounts.

AI agents showed sustained adoption beyond game day

Between Saturday, February 8 and Sunday, February 9, HUMAN observed a 5% increase in total agentic requests. The breakdown revealed specific usage patterns across different interaction types.

Agentic checkout requests increased 28% from Saturday to Sunday. Product and search requests rose 10% during the same period. User account requests jumped 37%, suggesting consumers deployed AI agents to manage betting accounts and track wagers.

Monday following the game saw continued exploration of agentic technologies. ChatGPT Atlas specifically outpaced its average request rate from the previous week, indicating sustained interest in AI-powered tools beyond the immediate game period.

The data provided insight into how consumers use AI agents during major events. Rather than replacing human activity entirely, the technology appeared to augment existing behaviors - particularly for tasks like account management and product research.

Invalid traffic rates increased during broadcast

HUMAN detected 33% more invalid bid requests during the game compared to the four hours immediately before kickoff. The firm tracked AI-related bid requests across three time periods.

In the four hours before the game: 192,000 AI-related bid requests During the four-hour game window: 144,000 AI-related bid requests
In the four hours after the game: 116,000 AI-related bid requests (overnight for many Americans)

The declining pattern through the evening reflected natural user behavior as viewership dropped off after the game concluded. The 33% increase in invalid traffic during the game itself indicated threat actors exploited the massive spike in legitimate advertising traffic.

The digital advertising industry saved an estimated $10.8 billion through anti-fraud efforts in 2023, according to research from the Trustworthy Accountability Group. That research found invalid traffic rates in TAG Certified Channels remained below 1% globally.

The Super Bowl represents unique challenges for fraud detection. Legitimate traffic volume during the game far exceeds normal levels, creating opportunities for invalid traffic to blend with real user activity. Invalid traffic detection standards established by the Media Rating Council define IVT as traffic failing to meet quality or completeness criteria.

Retail sector bore concentrated scraping burden

The 74 million blocked scraping attacks against retail and e-commerce platforms during Super Bowl LX represented the most significant threat vector by volume. Web scraping has increased across the internet, with platforms deploying technical measures to prevent automated data collection.

Scraping attacks serve multiple purposes for threat actors. Price monitoring, inventory tracking, and product data collection enable competitive intelligence gathering. More malicious uses include identifying vulnerabilities in web applications or gathering customer data.

The 35% year-over-year increase in retail scraping attacks during the Super Bowl suggests threat actors view major advertising events as optimal times to gather data. Amazon blocked AI bots from major tech companies in August 2025, updating its robots.txt file to prohibit crawlers from Meta, Google, Huawei, and other firms.

Legitimate e-commerce platforms face challenges distinguishing between authorized web crawlers - like search engine bots - and malicious scraping operations. The volume of attacks during high-traffic events compounds this difficulty.

Advertising fraud creates measurement challenges

The concentration of advertising spend during the Super Bowl creates heightened incentives for fraud. Brands paid $8 million for 30-second spots during Super Bowl LX, with more than 127 million viewers watching the 2025 game.

Invalid traffic undermines advertising measurement and attribution. When bots generate ad impressions or clicks, advertisers pay for interactions that never reached real consumers. The 33% increase in invalid bid requests during Super Bowl LX indicated fraudsters targeted the programmatic advertising surge.

Programmatic advertising faces ongoing challenges with supply chain transparency. Research from Pixalate found 25% of programmatic traffic failed validation checks in Q4 2023, with traffic failing validation showing 64% higher invalid traffic rates.

Major advertising events like the Super Bowl compress massive spending into short time windows, creating both opportunity and risk. Brands seek maximum reach during peak viewership, while threat actors exploit the traffic surge to monetize invalid impressions.

Streaming platforms faced dual attack vectors

Streaming and media sites experienced both scraping attacks and carding attempts during Super Bowl LX. The scraping attacks peaked just before the halftime show, suggesting automated systems targeted content metadata and streaming infrastructure.

The 1,365% increase in carding attacks against streaming and gaming platforms indicated threat actors tested stolen payment credentials on services experiencing high legitimate transaction volume. Valid payment information enables fraudulent subscriptions or in-game purchases.

Streaming platforms manage both content delivery and payment processing, creating multiple attack surfaces. Account credentials provide access to subscription services, while payment information enables broader financial fraud.

The timing of scraping peaks before the halftime performance suggested attackers anticipated increased demand for streaming access. This proactive positioning indicated sophisticated understanding of user behavior patterns around major live events.

Pattern recognition enables better defenses

HUMAN Security's minute-by-minute tracking revealed patterns that security teams can use to strengthen defenses during future events. The halftime dip in most attack types demonstrated that threat actors monitor events in real-time.

The exception - streaming scraping attacks peaking before halftime - provided insight into automated attack systems that operate based on predetermined timing rather than reactive monitoring.

Financial services platforms should anticipate concentrated account takeover attempts during major events. The 3,600% increase demonstrates the value threat actors place on accounts with stored balances during periods of high legitimate transaction volume.

Retail platforms face sustained scraping pressure during advertising events. The 35% year-over-year increase suggests this threat vector will continue growing as data collection becomes more valuable for both competitive intelligence and malicious purposes.

AI agent adoption creates new traffic patterns

The 5% increase in AI agent requests from Saturday to Sunday, followed by sustained Monday usage, indicated shifting consumer behavior. AI agents for business automation have expanded across multiple sectors, with platforms like Adobe launching enterprise AI agents in September 2025.

ChatGPT Atlas specifically exceeded its weekly average request rate on Monday following Super Bowl LX. This sustained adoption beyond the immediate event window suggested users found value in AI-powered tools for post-game tasks like account management and information retrieval.

The 37% increase in agentic user account requests demonstrated consumers deploying AI tools for account-related activities. This pattern raised questions about authentication and security as AI agents increasingly interact with user accounts on behalf of consumers.

Advertisers and platforms must adapt to traffic patterns that include both human users and AI agents acting on their behalf. The distinction matters for measurement, attribution, and fraud detection as automated systems generate legitimate traffic that resembles bot activity.

Super Bowl advertising ecosystem under pressure

The convergence of massive advertising spend, high-value financial accounts, and sophisticated threat actors creates complex security challenges. Super Bowl LX demonstrated how threat actors exploit major events across multiple vectors simultaneously.

The 74 million blocked retail scraping attacks, 3,600% increase in financial services account takeover attempts, and 33% rise in invalid bid requests occurred within the same four-hour broadcast window. This coordinated activity suggested organized fraud operations rather than isolated incidents.

Security teams protecting digital advertising infrastructure face challenges scaling defenses to match legitimate traffic surges while maintaining effectiveness against evolving threats. The patterns documented by HUMAN Security during Super Bowl LX provide baselines for future event planning.

As AI-powered tools reshape digital advertising, distinguishing legitimate automated activity from malicious bot traffic becomes more difficult. The 5% increase in AI agent usage during the Super Bowl weekend foreshadowed broader adoption that will require new approaches to traffic validation and fraud prevention.

Timeline

Summary

Who: HUMAN Security, a cybersecurity company specializing in bot attack disruption and digital fraud prevention, tracked threat activity during Super Bowl LX. The analysis covered retail and e-commerce platforms, financial services institutions, streaming and media sites, gaming platforms, and betting platforms. Threat actors executed coordinated attacks across these sectors, while consumers deployed AI agents including ChatGPT Atlas for account management and product searches.

What: HUMAN Security documented multiple fraud vectors during Super Bowl LX on February 9, 2026. Scraping attacks against retail and e-commerce sites increased more than 35% year-over-year, with HUMAN blocking more than 74 million attacks during the game. Account takeover attempts on financial services platforms surged 3,600% compared to the 2025 game. Carding attacks against streaming and gaming sites rose 1,365% year-over-year. Invalid bid requests increased 33% during the game compared to immediately before. AI agent requests rose 5% from Saturday to Sunday, with specific increases of 28% for checkout requests, 10% for product searches, and 37% for user account interactions.

When: The primary data collection occurred during Super Bowl LX on February 9, 2026, with comparative analysis against the 2025 game on February 9, 2025. HUMAN tracked AI-related bid requests in three four-hour windows: before the game (192,000 requests), during the game (144,000 requests), and after the game (116,000 requests). Minute-by-minute analysis revealed threat activity decreased during the halftime performance before resuming afterward, with the exception of streaming scraping attacks that peaked just before Bad Bunny took the stage. The firm also monitored Saturday, February 8 through Monday, February 10 to track AI agent adoption patterns beyond game day.

Where: Attacks targeted multiple digital sectors across the United States and globally. Retail and e-commerce platforms experienced the highest attack volume by raw numbers. Financial services platforms faced concentrated account takeover attempts. Streaming and media sites encountered scraping attacks timed to the halftime show. Gaming platforms saw increased carding activity. Betting platforms appeared on dark web marketplaces with compromised accounts holding over $1,000 in stored balances. The programmatic advertising ecosystem experienced invalid bid request surges during the broadcast window.

Why: Major events like the Super Bowl create optimal conditions for fraud operations across multiple vectors. The concentration of advertising spend - with 30-second spots selling for $8 million during Super Bowl LX - generates massive legitimate traffic that provides cover for malicious activity. More than 127 million viewers watched the 2025 game, creating traffic surges that challenge fraud detection systems. Betting platforms hold stored account balances that threat actors can monetize, with HUMAN tracking nearly $50,000 in sales representing approximately $250,000 in stolen consumer funds from one major platform over two years. The halftime performance drove predictable user behavior that threat actors exploited, with streaming scraping attacks peaking before Bad Bunny's performance. The rise in AI agent usage - with ChatGPT Atlas outpacing its weekly average on Monday - demonstrated sustained technology adoption that created new traffic patterns requiring updated fraud detection approaches.

Share this article
The link has been copied!