Every year, the Verizon Data Breach Investigations Report gives the security industry a shared set of facts to argue about. This year’s edition is no different, and the AI threat numbers are already getting plenty of attention. AI bot traffic is growing 21% month-over-month. Bot-driven crawlers are reshaping how content gets consumed. And a new, automated threat landscape that security teams aren’t ready for is materializing.
I don’t dispute any of that. But as someone who has contributed Cequence’s unique threat data to this year’s DBIR, across four consecutive years, I want to add some important context that gets lost when you’re looking at traffic from the CDN layer.
Why AI bot traffic looks bigger at the CDN layer
CDNs are excellent at observing the internet’s surface. They process and serve cached content, the same kind of content that Googlebots have been crawling for decades. Much of what looks like an AI bot surge at the CDN layer is, frankly, the same pattern we’ve always seen: automated systems fetching publicly cacheable content for faster retrieval. The names have changed. The behavior largely has not.
When you move past the CDN and look at what actually reaches the APIs behind it, the picture changes considerably. APIs handle dynamic, transactional, authenticated interactions. They’re where real business logic lives. And the AI agents operating at that layer, the ones making decisions, executing transactions, and interacting with systems on behalf of users, represent a much smaller slice of overall traffic than the headline numbers suggest.
To put a number on it: one major beauty retailer processes over 150 million API requests every day. The number of those requests attributable to AI agents using agentic commerce protocols is fewer than 100. Not 100,000. Not 100 million. Fewer than 100.
That’s not a reason to dismiss the threat. It’s a reason to be precise about where it actually lives.
Residential proxy attacks remain the workhorse
While the industry focuses on AI bots, the attack patterns we’re contributing to the DBIR tell a different story about what’s driving actual harm at the API layer. Residential proxies, infrastructure that routes malicious traffic through legitimate consumer IP addresses, remain the workhorse of the attacks we see every day. They’re harder to detect, harder to block, and increasingly commoditized. Attackers don’t need sophisticated AI to cause significant damage when they can route credential stuffing and account takeover campaigns through millions of residential IPs that look entirely legitimate to most defenses.
Here’s why residential proxy attacks are so hard to stop: the defenses most teams rely on were built to spot bad infrastructure, not bad behavior. IP reputation lists, rate limiting, and geo-blocking all assume the attacker looks different from a real user. A request routed through a residential IP doesn’t. It carries a clean reputation, a plausible location, and a normal-looking request rate. Stopping these API attacks means analyzing what the traffic does, not where it claims to come from, which is where behavioral detection earns its keep. At the volume these campaigns run, even a fraction of a percent success rate per attempt translates into thousands of compromised accounts, which is why the API layer, not the CDN, is where the real damage accrues and where defenders should concentrate their attention.
This isn’t a new message. We’ve been making this point in the DBIR for years. But the signal is getting louder, and the attacker ecosystem around residential proxy abuse is growing more accessible, not less.
What API security teams should prioritize
Three priorities follow from the data. First, get continuous visibility into what actually reaches your APIs, not just what the CDN sees. You can’t defend an attack surface you can’t inventory. Second, treat credential hygiene as a frontline control, because credential stuffing and account takeover remain the highest-volume API attacks year after year in the DBIR. Third, invest in API security that reads behavior rather than reputation, so residential proxy traffic has nowhere to hide. None of this is new or glamorous. It is, however, what separates teams who understand their security posture from teams who are about to learn it the hard way.
Where agentic AI threats go next
The agentic AI attack surface is real, but it’s not yet the primary vector. That will change. Agentic AI threats are coming to the API layer, and the fewer-than-100 agentic requests in today’s traffic will not stay that low. The teams who build visibility and behavioral detection now will be the ones ready when autonomous agents start transacting at scale. Preparing for that future starts with seeing the present clearly.
The bots are coming. Some of them are already here. But knowing which layer they’re operating at, and what they’re actually doing when they get there, matters more than the headline growth rate.
Got bots? Let us show you how we can help. Book a personalized demo with our experts.
