Table of Contents

When Will AI Agents Become the Majority of Web Traffic?

The transition has already begun—but measuring it requires us to distinguish ordinary bots from agents that act on behalf of people.

For most of the web’s history, applications have been designed around a simple assumption: a person is sitting in front of the screen.

That person searches, compares options, fills in forms, clicks buttons, and moves through a workflow one page at a time. APIs and conventional bots operate in the background, but the visible application belongs to the human user.

AI agents are beginning to challenge that assumption.

An agent can research a purchase, schedule an appointment, update an account, prepare a report, or navigate a complicated business application. Instead of merely suggesting what someone should do, it can interact with the application on that person’s behalf.

So when will agents generate more web-application traffic than humans?

My estimate is that agent traffic will become the majority in some application categories between 2028 and 2030. Across the broader transactional web, the crossover is more likely to occur in the early 2030s.

But the answer depends heavily on what we decide to count.

Automated traffic is already the majority

At first glance, the crossover appears to have happened already.

The 2025 Imperva Bad Bot Report found that automated systems produced 51% of all web traffic during 2024. However, that category includes search crawlers, monitoring services, scraping tools, security scanners, spam systems, and malicious bots—not just AI agents acting for users. Thales’ summary of the report also estimated that malicious bots alone accounted for 37% of internet traffic.

AI-related traffic remains a smaller subset. Cloudflare reported that identifiable AI bots generated an average of 4.2% of HTML requests across its network in 2025, with Googlebot—treated separately because it serves multiple purposes—accounting for another 4.5%. More tellingly, AI crawling triggered by a user action increased more than fifteenfold during the year. Cloudflare’s 2025 review suggests that agents are not yet the majority, but their fastest-growing behavior is the kind most closely associated with completing real user tasks.

This distinction matters. A crawler collecting pages for a search index is automated traffic. An agent comparing hotels for a traveler is delegated activity. Both are machines making requests, but only one represents a change in who—or what—uses the application.

There will not be one crossover date

Agent adoption will arrive unevenly.

Applications with structured, repetitive workflows will experience the transition first. Travel booking, procurement, customer support, advertising operations, financial reporting, software administration, and logistics are natural candidates. These systems contain tasks that are valuable, frequent, and tedious enough to justify delegation.

By contrast, entertainment, social interaction, creative exploration, and luxury shopping may remain more human-led. In these environments, browsing is often part of the experience rather than an obstacle standing between the user and a result.

The transition is therefore likely to happen in three waves.

Between 2027 and 2029, agent-ready business applications and machine-heavy marketplaces could see agents become their most active users.

Between 2029 and 2032, agents may produce the majority of task-oriented interactions in areas such as travel, commerce, productivity, and routine financial administration.

During the early to mid-2030s, agents could become the majority across web applications more broadly—assuming reliability, identity, payment authorization, and security infrastructure mature alongside them.

These dates are estimates, not inevitabilities. A major security failure or restrictive platform policy could slow adoption. Better models, standardized agent protocols, or economic pressure to automate office work could accelerate it.

Why the shift may happen quickly

Human browsing is expensive.

A person might open ten product pages, compare several specifications, read reviews, check delivery dates, and reconsider the purchase later. An agent can evaluate hundreds of options, revisit them automatically, and repeat the process for millions of users.

Agents also generate more requests per task. A human may interact with five pages before making a decision. An agent may query dozens of sources, validate conflicting information, inspect policies, and monitor prices before presenting one recommendation.

This creates an important paradox: agents do not need to represent the majority of users to become the majority of traffic. A relatively small number of highly active agents could generate more requests than a much larger population of humans.

The technology is also moving from research into usable products. Computer-using models can already interpret graphical interfaces and operate buttons, menus, and text fields without requiring a purpose-built API. OpenAI’s early Computer-Using Agent, for example, was designed around a repeated perception, reasoning, and action loop for navigating interfaces. Its published evaluations showed meaningful capability while still leaving a clear gap from human performance on difficult computer-use tasks. OpenAI’s technical overview illustrates both the momentum and the remaining limitations.

As that reliability gap narrows, more browsing will become delegation.

The real constraint is trust

Technical capability alone will not make agents the web’s primary users.

People must trust agents with accounts, personal information, purchases, and decisions. Businesses must be able to identify legitimate agents, distinguish them from malicious automation, and understand who authorized an action.

An agent that reads a product page incorrectly is inconvenient. One that purchases the wrong product, cancels a reservation, exposes private information, or accepts a binding agreement creates a much larger problem.

For agent traffic to reach the majority, the web will need stronger infrastructure for:

  • Agent identity and authentication

  • Scoped, revocable permissions

  • Spending and transaction limits

  • Human confirmation for consequential actions

  • Reliable audit trails

  • Machine-readable prices, policies, and availability

  • Protection against prompt injection and hostile page content

  • Clear accountability when something goes wrong

Until these systems become common, agents will remain supervised in high-stakes settings. They may research and prepare an action, but a person will still approve the final step.

Traffic may become the wrong measurement

There is another complication: the web itself may change before agents dominate its current interfaces.

Today, agents often operate websites through browsers because those interfaces already exist. Over time, applications may expose agent-specific APIs, structured action layers, or standardized protocols. An agent may no longer need to render ten pages and click through them. It could request the same outcome through one authenticated transaction.

That would make agents more economically important while potentially reducing the number of conventional page requests they generate.

We may therefore need better measures than raw traffic:

  • What percentage of transactions were initiated by agents?

  • How much purchasing power do agents influence?

  • How many workflows are completed without direct human navigation?

  • What percentage of application revenue comes through delegated > activity?

  • How often is a human making a decision versus approving one prepared > by an agent?

By those measures, agents could become the dominant users of many applications long before they produce most HTTP requests.

The web’s next user is a representative

The most important change is not that websites will receive more machine traffic. They already do.

The change is that machines will increasingly arrive with human intent behind them.

An agent will not simply crawl a travel site; it will represent a traveler’s dates, budget, preferences, and loyalty memberships. It will not merely scrape a software catalog; it will evaluate products against a company’s requirements. It will not browse a financial portal aimlessly; it will attempt to complete a permitted task for an authenticated customer.

That makes the agent something new: neither a traditional user nor a conventional bot, but a digital representative.

The majority crossover will probably happen quietly. First, agents will conduct research. Then they will prepare decisions. Next, they will complete low-risk actions. Eventually, people will stop opening many applications themselves unless something unusual requires their attention.

By the early 2030s, much of the web may still look as though it was designed for people. But behind the traffic, an increasing share of its most consequential users will be agents acting for them.

Author

  • Mickey Boodaei

    Mickey is the CEO and Co-Founder of Transmit Security where he passionately leads the product and development teams in Tel Aviv, Israel. As a pioneer and serial entrepreneur with over 30 years of experience Mickey has co-founded leading cyber companies such as Imperva (IMPV) and Trusteer (acquired by IBM in 2013) and personally invested in over a dozen startups in the field including Armis, Apiiro, and Island.

    View all posts