TL;DR: AI agents now account for 57.5% of HTML web traffic versus 42.5% from humans on Cloudflare Radar, while HUMAN Security says agentic AI traffic grew roughly 7,851% year over year. The shift is structural: apps, APIs, analytics, and commerce flows now need to work for machine actors as well as people.
At a glance
What this is: This article argues that AI agents have become the majority of web traffic and that apps must be redesigned for machine-mediated browsing, commerce, and analytics.
Why it matters: For IAM practitioners, this changes how identity, authorization, telemetry, and transaction flows are modeled across human, NHI, and autonomous system interactions.
By the numbers:
- AI agents now account for 57.5% of HTML web traffic versus 42.5% from humans.
- 27 days
👉 Read WorkOS's analysis of how AI agent traffic is changing apps, APIs, and analytics
Context
AI agent web traffic is now large enough to distort the assumptions behind analytics, access control, and transaction design. The core issue is that a machine actor can generate many more requests than a human user, complete tasks faster than a person would, and do so through interfaces that were built for human pacing and visual interaction.
For identity and access teams, that means the boundary between human intent and machine execution is no longer stable. Applications, APIs, and commerce flows must account for autonomous browsing, delegated action, and agent-mediated transactions without assuming that session volume or click patterns reflect human behaviour.
This is not a bot-detection story alone. It is a governance problem for any organisation that relies on web-facing identity, because the same access paths now serve users, non-human identities, and increasingly autonomous agents.
Key questions
Q: How should security teams govern AI agents that browse and transact on behalf of users?
A: Security teams should govern AI agents as delegated actors with narrow, task-scoped permissions, not as enhanced browsers. The right model is to bind access to the specific action being performed, preserve auditability at the transaction layer, and separate machine identity from the human principal wherever possible.
Q: Why do AI agents make web analytics less reliable?
A: AI agents can complete tasks much faster than humans and generate request patterns that do not resemble normal browsing. That makes sessions, bounce rate, and time on page poor proxies for user intent unless machine traffic is segmented and analysed separately.
Q: What breaks when websites are designed only for human browsing?
A: Task completion breaks first. Forms without native semantics, content hidden behind visual-only controls, and flows that require mouse-based interaction create failure modes for agents and accessibility tools alike. The result is lost conversion, distorted reporting, and unnecessary friction in machine-mediated journeys.
Q: How do organisations prepare for agent-mediated commerce without over-granting access?
A: Organisations should treat checkout, booking, and fulfilment as identity-governed workflows. That means limiting agents to the minimum transaction scope, adding explicit approval points where needed, and logging each action so the organisation can prove what the agent was authorised to do.
Technical breakdown
Why agent traffic breaks human-centric analytics
Traditional web analytics assume that a session represents a person with a normal browsing cadence. AI agents collapse that assumption by browsing, extracting, and transacting at machine speed, often completing a task in seconds that would take a human minutes. That means pageviews, bounce rate, and session duration stop being clean proxies for interest or intent. In identity terms, the telemetry is still valid, but the interpretation is wrong. If machine traffic is not segmented, programme teams will misread demand, conversion, and abuse signals. The underlying architectural shift is that analytics now need actor-aware classification, not just request counting.
Practical implication: segment machine and human traffic before using engagement metrics for business or security decisions.
How browser-based agents change web and API access patterns
Browser-based AI agents interact through the DOM and backend functions rather than human visual cues. That makes form semantics, structured data, and stable APIs more important than front-end polish. A native submit button, labelled inputs, and server-rendered HTML help both accessibility and agent compatibility. More advanced models, such as structured tool exposure through WebMCP, push the pattern further by letting agents call defined functions instead of clicking through interfaces. That is not just a UX change. It shifts the control plane from visible navigation to machine-readable invocation, which raises the bar for authentication, authorisation, and auditability.
Practical implication: design transactional endpoints and forms so machines can complete them without brittle UI workarounds.
Agentic commerce requires identity and authorisation at the transaction layer
When an agent can browse, compare, and purchase on behalf of a user, the identity problem moves from login to delegated action. Protocols such as UCP and ACP show where the market is heading: agents need scoped credentials, transaction context, approval boundaries, and clear resource-level permissions. The control question is no longer whether an agent is allowed to open a browser. It is whether the agent is authorised to complete a purchase, consume inventory, or initiate payment on behalf of a principal. That turns commerce into an identity governance problem, not just a web integration problem.
Practical implication: bind agent permissions to transaction scope, not broad account access.
Threat narrative
Attacker objective: The objective is to complete tasks, consume content, or execute transactions at scale through machine-mediated access while remaining invisible to human-centric telemetry.
- Entry via normal web browsing or API access, but with machine traffic generating far more requests than a human session would produce.
- Escalation occurs when agent behaviour bypasses human pacing assumptions, creating inflated access, distorted telemetry, and automated completion of multi-step tasks.
- Impact is mismeasured demand, broken attribution, and transaction paths that favour machine-readable services over human-only interfaces.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Human-paced analytics is now a broken assumption: web telemetry was designed for visitors whose browsing, comparison, and checkout behaviour unfolded in human time. That assumption fails when AI agents can traverse hundreds of pages and complete tasks in a single delegated session. The implication is not simply better reporting. It is that identity-aware telemetry must distinguish actor type before programme teams can trust any conversion, engagement, or abuse signal.
Agentic commerce creates a delegated identity problem, not a UI problem: once an agent can transact on behalf of a person, the real control question becomes who or what is authorised to act, at what scope, and with what audit trail. Resource-level permissions, scoped credentials, and transaction boundaries matter more than visual funnel design. Practitioners should treat checkout and fulfilment as identity-governed workflows rather than front-end journeys.
Machine-majority traffic introduces identity blast radius: one user request can now fan out into many machine requests across sites, APIs, and payment systems. That expands the blast radius of a single delegated action far beyond the old human-session model. The practical conclusion is that access, attribution, and throttling controls need to be evaluated at the level of the principal plus the agent chain, not the browser alone.
Structured access will become the default governance pattern for the open web: sites that expose machine-readable forms, APIs, and transaction endpoints will increasingly outperform those that assume human navigation. That does not eliminate the need for human UX. It means the governance model must support both human and non-human actors without treating either as an edge case.
Agent-readable surface area: the more your site depends on visual-only controls, the more likely agents are to fail, retry, or bypass expected flows. That is a governance design flaw, not just a front-end nuisance. Teams should align application access policy with machine-parsable interaction patterns and clear delegation boundaries.
From our research:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- 53% of security leaders expect AI to run major portions of their infrastructure autonomously within the next three years, which means delegated access decisions are already ahead of many governance models.
- That is why teams should pair this topic with OWASP Agentic AI Top 10 when they are mapping tool use, delegation, and runtime control boundaries.
What this signals
Machine-majority traffic will force identity teams to separate delegation from browsing. The practical shift is that access policy, telemetry, and transaction controls now need actor-aware classification before they can be trusted for reporting or enforcement. With 70% of organisations already granting AI systems more access than they would give a human employee performing the exact same job, per the 2026 Infrastructure Identity Survey, the governance gap is structural rather than cosmetic.
Agent-readable surfaces will become a control objective, not just a UX preference. Teams that ignore structured forms, APIs, and machine-friendly workflows will see more failed transactions and more opaque delegation paths. The right response is to make access boundaries legible to both human and machine actors while preserving audit trails that show which principal initiated the action.
The most exposed programmes will be those that still equate web volume with human demand. As agent traffic grows, the measure of control maturity will be whether the organisation can explain, separate, and govern delegated machine actions without losing sight of the human principal behind them.
For practitioners
- Segment machine traffic from human traffic Create separate reporting for AI crawler, browser agent, and human sessions so pageviews, conversion, and abandonment are not mixed into the same KPI set. Use actor-aware labels in analytics pipelines and review which dashboards still assume a single visitor type.
- Audit forms for machine compatibility Test key workflows with DOM-based interaction, native submit controls, labelled inputs, and server-rendered fallback paths. If a task depends on hover states or unlabeled elements, agents and accessibility tools will both struggle.
- Define transaction-scoped permissions for agents Limit delegated access to the smallest purchasable or service-specific action set, and require explicit boundaries for checkout, payment, booking, or account changes. Treat agent permissions as task-scoped rather than account-scoped.
- Review crawl and access policy as a governance decision Decide which crawlers or agent endpoints are allowed to retrieve content, which require authentication, and which should be blocked. Make the policy explicit so content access, licensing, and infrastructure cost are managed together.
Key takeaways
- AI agents have made web traffic actor-mixed, which breaks human-centric analytics and transaction assumptions.
- Identity governance now has to cover delegated browsing and commerce, not just login and session control.
- Teams that cannot separate human, NHI, and agent behaviour will misread demand, over-grant access, and lose auditability.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent browsing and delegated commerce raise runtime control and tool-use risks. | |
| NIST AI RMF | Delegated machine action needs governance, measurement, and accountability. | |
| NIST CSF 2.0 | PR.AA-1 | Identity-aware access and telemetry are central to mixed human and machine traffic. |
Map agent-facing flows to OWASP agentic controls and limit tool access to explicit task scope.
Key terms
- Agentic traffic: Traffic generated by AI systems that browse, compare, or transact on behalf of a principal. It behaves differently from human browsing because it can produce many more requests in less time and complete tasks without the pacing patterns that traditional analytics expect.
- Delegated action: An action performed by one identity on behalf of another, with some authority borrowed from the principal. In agentic environments, delegated action needs explicit scope, auditability, and revocation boundaries because the executor is not the same as the beneficiary.
- Machine-readable interface: A web or API surface that exposes structured inputs, outputs, and transaction paths that software can reliably consume. It reduces dependence on visual cues and hidden front-end behaviour, which improves both accessibility and compatibility with AI agents.
- Identity blast radius: The amount of unintended access, request volume, or downstream impact that can result from one identity decision. For autonomous or delegated actors, the blast radius grows when a single principal can trigger many machine actions across systems in a short period.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by WorkOS: AI agents now make up the majority of web traffic. Read the original.
Published by the NHIMG editorial team on 2026-06-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org