IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Night data center control room cyber attack alerts cinematic
#
Digital Transformation
#
Application Security
#
Physical Security

Spoofed AI agents flood websites, straining defences

Tue, 17th Mar 2026
Author image
By Sean Mitchell, Publisher

AI agents are generating billions of requests to websites, and many organisations lack the visibility to tell legitimate automated traffic from malicious activity, according to new research from bot management firm DataDome.

DataDome recorded 7.9 billion AI agent requests across January and February 2026, a 5% increase from the previous quarter. For one customer, agentic traffic accounted for 9.75% of all requests over a 30-day period.

The findings point to a growing operational and security problem for operators of large websites. AI agents now crawl, index and interact at volumes that can affect performance, increase infrastructure costs, and complicate decisions about access and data use. DataDome also highlighted a rise in spoofing that targets known agents.

Visibility gap

DataDome said the central issue is identification. Many organisations cannot reliably classify AI agents by identity and intent, making it difficult to decide what to block and what to allow.

Many sites allow known crawlers based on a user-agent string, creating an opening for impersonation. Malicious actors can send requests that claim to be from a well-known agent, and a permissive allowlist can become a route to access.

Jérôme Segura, VP of Threat Research at DataDome, said organisations are struggling to measure and control what is happening on their sites.

"Invisible traffic is unmanaged traffic. And right now, most organizations cannot see this clearly enough to do anything meaningful about it," said Jérôme Segura, VP of Threat Research at DataDome.

He added that agent traffic varies widely in how it identifies itself and how transparent it is about its purpose.

"AI agent traffic is complex. Billions of requests are hitting sites every month, from agents with different identities, different purposes, and varying degrees of transparency about who they are," Segura said.

Impersonation risk

DataDome said impersonation is already widespread. In its observations, Meta-externalagent was the most impersonated agent, with 16.4 million spoofed requests, followed by ChatGPT-User with 7.9 million.

PerplexityBot had the highest impersonation rate among the agents tracked: nearly 2.4% of requests that claimed to be PerplexityBot were fraudulent.

The figures reflect a broader shift in how automated traffic interacts with web services. Traditional bots often perform narrow tasks such as scraping, price monitoring or credential stuffing. AI agents can carry out more varied sequences of activity, including browsing flows, form submissions and other interactions that can resemble human behaviour at the request level.

For security teams, the challenge is not only volume but also classification and policy. Blocking too broadly can lock out legitimate crawlers that drive discovery and referral traffic. Allowing too much can expose content and data to scraping and automated abuse.

Sector exposure

DataDome said agentic browser traffic was concentrated in sectors with transactional or high-value consumer information. E-commerce and retail accounted for about 20% of observed volume, real estate 17%, and travel and tourism 15%.

It described agentic browsers as an underappreciated risk in these industries because the underlying data is attractive for scraping and aggregation. Product listings, availability, pricing, property information and travel inventory are frequently updated and can carry commercial value for third parties.

DataDome also distinguished between high-volume and high-value traffic. Meta ExternalAgent represented nearly 25% of top AI agent traffic on its network in February 2026, ChatGPT-User 19.1%, and Meta WebIndexer 14.3%.

Not every agent sends traffic that benefits the destination site, DataDome argued. Some requests may support discovery or referrals, while others focus on collecting content for training and indexing. Either way, the traffic consumes bandwidth and compute resources.

Operational decisions

The research highlights the growing need for web operators to set policies on automated access, including rate limits, authentication requirements, and selective access to specific paths or APIs. It can also raise commercial questions, such as whether some automated access should be restricted or moved behind paid data feeds.

DataDome said the deciding factor is confidence in identification. Without accurate classification by identity and intent, organisations cannot make consistent allowlisting and blocking decisions.

Its analysis focused on AI agent traffic patterns across its network in early 2026. DataDome said the trend is rising and that spoofing of well-known agents is already significant, adding that organisations will face increasing pressure to verify automated identities as agent traffic grows.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment