Close Menu

    The web belongs to the machines now 

    For the first time, machines generate more web traffic than people – and the economics are unravelling. 
    By

    The web belongs to the machines now 

    Bot traffic has overtaken human traffic online – and South African operators warn that automated traffic, from relentless scrapers to targeted attacks, is straining what local infrastructure can absorb, while a subtler threat from AI hollows out the local content economy. 

    Automated bot traffic recently surpassed human traffic on the internet for the first time in history – 57.5% versus 42.5% in early June, per data from Cloudflare Radar. Even Matthew Prince, CEO of Cloudflare, admitted on X that he was caught off guard by how quickly the tipping point arrived. 

    What some called the “dead internet” theory – that much of online activity is made up of bots, data scrapers and AI directives rather than real people – is no longer a theory. 

    The sharp rise in bot traffic is largely attributed to AI agents: software that can browse the web like a human but never sleeps, dispatching its own armies of sub-agents to run searches, scrape content, check prices and harvest data for AI training at a scale and speed no person could match. Unlike the clunky bots of old, these agents mimic human browsing behaviour by design. That makes them both powerful and nearly impossible to stop. 

    For South African consumers and businesses, the consequences are tangible: websites pay for bandwidth, and when aggressive bots flood a site to scrape its content, those bills rise – costs that filter down through hosting fees, subscriptions and product prices. Internet service providers investing in security scrubbing and extra capacity to manage automated traffic face the same pressure. And that is before the direct attacks. 

    The enemy looks just like you 

    Warwick Ward-Cox, chief technical officer of wholesale transit provider Network Platforms, said spotting malicious automated traffic is now one of the most difficult challenges facing local network operators. Many bots no longer behave suspiciously – they check in with their controllers only once or twice a day and send requests identical to those from a human behind a keyboard. “The traffic looks like a standard HTTP request,” he says. “It’s hard to determine how much traffic is bots, scrapers or crawlers [versus human activity].” 

    The problem is no longer arriving solely from abroad. Ward-Cox said Network Platforms is tracking automated attack traffic originating inside South Africa, too – from consumer devices compromised by malware and locally hosted virtual servers hijacked without their owners’ knowledge. 

    Read: DDoS attacks expose South Africa’s cyber response gap

    Distributed denial-of-service (DDoS) attacks are where the consequences turn most concrete. These attacks flood a network with more traffic than it can process, effectively shutting it down. Defending against them requires spare capacity to absorb a surge while it is being filtered. 

    Ward-Cox said South African ISPs do not have that headroom, and attacks have grown large enough to expose the gap. “ISPs in South Africa cannot have 1Tbit/s-plus of available idle capacity on the edge of their networks,” he said. 1Tbit/s is roughly equivalent to streaming 200 000 HD videos simultaneously – the kind of volume that would overwhelm local infrastructure entirely. 

    Network Platforms chief technical officer Warwick Ward-Cox
    Network Platforms chief technical officer Warwick Ward-Cox

    When asked whether Network Platforms would consider throttling or blocking AI crawlers at the transit layer, Ward-Cox held the line on net neutrality. The problem, he says, is not policy but detection: “They are sophisticated and look like valid traffic patterns.” 

    The Internet Service Providers’ Association (Ispa) urged greater perspective. “Concerns about non-human internet traffic is not a new concern,” it said in e-mailed response to questions from TechCentral. It pointed to Robert Metcalfe’s 1995 prediction that automated traffic would collapse the internet by the end of 1996 – a forecast he retracted by blending and then physically eating the printed column at a public conference. 

    Ispa draws a distinction that often gets lost: roughly 25% of non-human traffic is “good” – search engine indexing, network monitoring and similar functions. The rest ranges from DDoS attacks to AI scrapers that are disruptive but not targeting any one network specifically. 

    South Africa’s strong local peering infrastructure – through Ispa’s INX-ZA exchanges in four provinces as well as NAPAfrica at Teraco’s data centre facilities – provides a meaningful buffer, keeping traffic flowing locally rather than through expensive international routes. 

    On formal regulation, Ispa warns that ISPs need to be able to remain agile in how they handle attacks that vary widely in nature. Rigid reporting obligations could distract operators from actually stopping attacks as they happen. 

    Ispa’s biggest concern is what happens after the scraping. 

    Drowning local content 

    AI crawlers harvest content from South African websites and feed it into systems that answer users’ questions directly – bypassing the original source entirely. As a result, publishers lose the advertising revenue and visitor traffic their businesses depend on. 

    “If local content generators are no longer able to generate income because AI engines disintermediate end users from that content,” Ispa said, “then we will no longer have locally generated content.” 

    That, the association argued, is the real emergency. “Ispa suggests that focusing on this impact should be a higher priority for South African policymakers and regulators than the impact of bot traffic on ISP networks.”  — (c) 2026 NewsCentral Media

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Share.

    Related Posts