With 2026 well underway, bots – AI, agents, automation (wanted and unwanted) – are increasingly disruptive to security, reliability, and entire operating strategies. While traditional AppSec challenges could often be solved with a block or allow, bots and agents require an unprecedented level of nuance that forces organizations to develop new strategies tailored to this type of traffic.
Bot traffic requires more than a broad ‘is it a bot’ assessment, instead demanding strategic decisioning at the business level to determine which traffic is truly wanted, what risks it poses, and what content and apps that traffic can and should access. While bot management and other security solutions offer a level of insight into whether a request is from a bot and, if so, what kind, pairing that insight with the bot’s intent offers critical context needed to inform business strategy.
In light of this dynamic, we focused this edition of Fastly’s Threat Insights Report on pairing the insights yielded by a bot management solution with bot intent – is the request for an application’s most popular (cached) assets or APIs, or not (to origin)? Each has its own considerations, implications, and direct impacts on business operations, as detailed in this report.
The saying “adapt or fall behind” is apt here. As we watch AI change the way we do business online, and the very internet itself, those who succeed in this new “AI era” will be those who adapt, strategically.
