WAFPlanet
Security News

AI Bots Will Outnumber Humans Online by 2027, Cloudflare CEO Warns

Cloudflare CEO Matthew Prince predicts AI bot traffic will surpass human traffic online by 2027. The shift has major implications for WAF operators and bot management strategies.

Avatar for Zoutje
2 min read
AI Bots Will Outnumber Humans Online by 2027, Cloudflare CEO Warns
AI Bots Will Outnumber Humans Online by 2027, Cloudflare CEO Warns

Cloudflare CEO Matthew Prince dropped a striking prediction at SXSW this week: AI bots will generate more internet traffic than humans by 2027. The shift is already visible. Bot traffic has moved well beyond the old 20% baseline, driven by the data hunger of large language models from OpenAI, Google and others.

The Numbers Are Moving Fast

Prince noted that for years, roughly 20% of web traffic came from bots. Google was the biggest crawler, alongside a mix of scrapers, spammers and attackers. Generative AI changed that equation. LLMs need massive volumes of web data for training and retrieval, and the crawling has become relentless.

The problem gets worse with agentic AI. When an AI agent shops for a camera or plans a trip on behalf of a user, it visits a thousand times more pages than a human would. Scale that across millions of users delegating tasks to agents, and the traffic multiplies fast.

What This Means for WAF and Bot Protection

This is a direct challenge for anyone running a web application firewall. Traditional bot detection relied on distinguishing automated requests from human ones. When bot traffic was 20%, that was manageable. When it becomes the majority, the entire model flips. WAF operators need to decide which bots are legitimate (search indexers, AI assistants acting on behalf of real users) and which are hostile (scrapers, credential stuffers, DDoS tools).

Imperva's 2025 report already showed automated traffic crossing the 50% mark, with bad bots at record levels. Imperva and Cloudflare both offer bot management solutions, but the volume shift means even good-faith AI crawling can put serious strain on origin servers.

WAFplanet Take

Prince is not exaggerating. The trajectory is clear and the infrastructure is not ready. Most WAF configurations still treat bot traffic as the exception, not the rule. That assumption is about to break. Organizations should audit their bot management policies now. Allow-listing known AI crawlers, rate-limiting aggressively and monitoring traffic composition should already be standard practice. The alternative is paying for compute that serves machines you never intended to serve.

Read the full story at The Independent

Original source article on Cloudflare CEO's bot traffic predictions.
Offizielles Logo für Cloudflare Web Application Firewall

Cloudflare Web Application Firewall

Featured

Industry-leading WAF with global CDN integration, offering robust protection against OWASP threats with easy setup and generous free tier.

4.5/5 Free tier available
View Full Profile

Tags

security-news cloudflare bot-protection ai-security

Related Posts

Cloudflare launches stateful API vulnerability scanner

Cloudflare Launches Stateful API Vulnerability Scanner Targeting BOLA Flaws

Mar 11, 2026

NSFOCUS full-chain web security protection system

NSFOCUS Outlines Full-Chain Web Security System Combining WAF and Tamper Protection

Mar 11, 2026

Radware Introduces Alteon Protect to Deliver Scalable Application Security Without Compromise

Radware Launches Alteon Protect: Cloud-Augmented WAF Without SSL Key Sharing

Mar 11, 2026