COMMENTARY: I’ve been thinking a lot about how the internet has changed, and it feels like one of those quiet shifts that ends up being huge.The web was simpler even just 10 years ago. People searched, clicked, browsed. Traffic was human, intent was pretty clear, and we could more or less understand who was on the other side.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Then APIs and bots showed up, still structured, still somewhat predictable.But now it feels like we’re entering something completely different. AI agents, autonomous crawlers, LLMs… they’re starting to become the main way people interact with the web.People aren’t always going to websites anymore. In a lot of cases, the website comes to them, through assistants, chat interfaces, or agents running tasks on their behalf.And that changes what “traffic" even means.A single user might now have dozens of agents acting for them, generating dozens of requests behind the scenes: searching, comparing, booking – without ever opening a browser. So, traffic isn’t just human vs. bot anymore. It’s this messy mix of delegated intelligence.Which raises a weird question: who’s actually behind a request?At the same time, marketing has been pushing this even further. Traffic isn’t just coming from Google or ads anymore, it’s coming from AI search, LLM recommendations, automated workflows, social loops. These are real sources of growth, but they blur everything.Organic, automated, malicious – it’s getting harder to tell them apart.And that’s where everything gets tricky.Security teams aren’t just blocking “bad traffic” anymore. Now they have to figure out what’s valuable automation vs. what’s harmful, without breaking the experience.We can’t just block aggressively anymore, because that “bot” might actually be a customer.But we also can’t just let everything through.So now we have this tension:• Automated traffic can be a customer or an attacker.• AI agents can drive growth or open new attack surfaces.• The scale has become too big for manual control.• Traffic costs are increasing exponentiality, but visibility isn’t keeping up.To deal with this, security has started to evolve, kind of the same way AI evolved.We’re not really replacing systems like WAFs, SIEMs, EDRs. We’re layering intelligence on top of them, trying to make them more adaptive, more context-aware, more connected.And I think it’s all most obvious at the network layer.Traffic just isn’t stable anymore. Sources change constantly, identities are abstract, and intent has become much harder to understand.The old way of static rules, scattered tools, no real context - just doesn’t hold up. A lot of the time, teams either blocked too much and hurt the business, or gave up and let too much through.That’s why people started losing trust in these systems.But now there’s a shift toward something more unified: platforms that actually try to understand context. Not just whether it’s “good or bad” traffic, but who it represents, how it behaves, and why it’s there.The goal looks more like:• See all traffic in one place (CDNs, WAFs, edge).• Understand the app and business logic.• Plug into the rest of the security stack.• Actually classify automation properly.• Let legitimate AI-driven traffic through while stopping abuse.Because in this new AI world, it’s not about blocking traffic anymore, it’s about understanding it.Security teams are slowly shifting from being gatekeepers to something closer to enablers. It’s not just about protection, it’s about making sure the right interactions happen, because that’s where revenue comes from.This feels bigger than just another tech trend. It’s a change in how the internet actually works.So the companies that figure out how to deal with AI-driven traffic without killing growth are going to shape what the web looks like next.And that’s an exciting prospect.Itai Gafni, co-founder and CEO, HuskeysSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




