Exploding use of autonomous AI agents saw the volume of traffic generated by agentic AI increase by 7,851 per cent last year, according to a new report, with a 187 per cent surge in AI-related traffic exposing the degree to which machine-to-machine (MTM) exchanges are coming to dominate the internet.

Automated MTM traffic is growing eight times faster than human traffic, Human Security found after analysing over a quadrillion data transfers across its global customer base – and concluded that “once a niche category, AI agents are now a measurable commercial force.”

Data bandwidth consumed by AI agents outpaced even the automated training crawlers that major generative AI (genAI) services use to update their systems – which accounted for 67.5 per cent of AI-related traffic – but even those are ceding their dominance.

Competing for bandwidth are the fast-growing population of AI scrapers, which grew by 597 per cent efficiently extract data from retail, e-commerce, streaming, media, travel, and hospitality sites – all of which have been enthusiastic adopters of AI agents.

Nearly one in five site visits related to data scraping, the analysis found, with the data tapped for benign purposes such as travel and product comparisons, and AI searches – part of a shift in online commerce that will increasingly see AI agents buying products for you.

AI agents are rapidly becoming productivity workhorses, with OpenClaw automation and tools like Microsoft Copilot and Anthropic’s Claude Cowork driving a market rebalancing in software company shares.

The strength of this shift means “AI systems are not just reading the web but transacting on it,” Human Security CEO Stu Solomon said, flagging a “fundamental shift in how the internet operates.”

“AI-driven traffic is no longer experimental,” he said, but “becoming embedded in core digital customer experiences, particularly in industries where agentic adoption is moving fastest.”

The risks of moving quickly

For all their appeal, the increasing prevalence of automated AI agents poses its own challenges – not the least the need for companies to monitor their behaviour to avoid unexpected consequences like mass deletion of data.

AI agents are also intrinsic to the operations of systems like Anthropic’s Claude Mythos, a concerningly effective automated vulnerability detection system that uses swarms of such agents to pressure-test cybersecurity infrastructure of target companies.

Agents are also proving effective in collecting data to power custom scam campaigns, with the Australian Securities and Investments Commission (ASIC) recently advising it had taken down 11,964 phishing and investment scam websites last year – up 90 per cent over the previous year.

“Scammers are using AI to make fake investment ads look more polished, more convincing and harder to spot,” ASIC commissioner Alan Kirkland said.

Human Security, for its part, observed extensive use of AI agents for malicious attacks, such as account takeover attacks in which cybercriminals scrape credentials for post-login account compromises.

Security researchers saw an average of 402,000 such attacks per organisation – and with automated data traffic growing eight times faster than human traffic, Solomon noted that the trend has direct implications for companies’ cybersecurity strategies.

“As these systems evolve from browsing to transacting,” he explained, “they are redefining online engagement and raising the stakes for how businesses understand and manage the traffic coming to their platforms.”

Holding back a tsunami

As these and other analyses of bot traffic have confirmed, the nature and volume of that traffic continues to increase at dizzying pace – with Cloudflare CEO Matthew Prince recently adding his voice to the chorus of those warning companies to tread cautiously.

Whereas a human shopping for a product might go to a handful of websites, Prince reportedly said at the recent SXSW conference in Texas, an AI agent might go to 1,000 times as many sites while doing its research.

“So it might go to 5,000 sites,” he said, “and that’s real traffic… which everyone is having to deal with and take into account.”

By next year, he predicted, “the amount of bot traffic online will exceed the amount of human traffic that’s online” – a milestone that, by some other accounts, has already passed.

Security firm Thales, for one, last year reported that bots were responsible for over half of all internet traffic, with 72 per cent of that traffic attributed to malicious bots aiming to harvest personal data, manipulate ticketing systems, and run cyberattacks.

Exacerbated by surging volumes of data traffic, this kind of risk profile means companies need to pivot to get ahead of the coming flood – and the security issues it will create for them.

A quarter of all enterprise genAI apps will see at least five minor security incidents per year by 2028, analyst group Gartner recently advised, warning that as enthusiasm for AI agents grow, “software engineering leaders must be prepared for the security realities that follow.”