Home
News
Details

AI traffic exceeds human traffic; websites struggle to verify real users

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
AI and crypto news reveals that AI-generated traffic now exceeds human users, disrupting online business models. Websites are blocking AI crawlers as Cloudflare rolls out anti-bot tools. Behavioral biometrics and zero-knowledge proofs are emerging to verify real users. Real-world assets (RWA) news shows growing interest in linking digital systems to physical verification. Ad revenue and engagement face new challenges as AI reshapes web interactions.

Article by: Vaidik Mandloi

Compiled by: Luffy, Foresight News

Since its launch at the end of 2022, ChatGPT has given rise to an extensive ecosystem of AI agents. Currently, the combined network traffic generated by these programs exceeds that of all human users worldwide. The online behavior of AI agents differs sharply from that of humans: they do not browse advertisements, click links, or engage in online shopping; instead, they simply scrape web data to complete tasks and depart immediately once the task is finished.

The original architecture and business logic of the internet were built around human behavior and usage patterns. Yet today, the vast majority of web traffic does not come from real people, causing significant challenges for websites. Over 2.5 million websites have begun blocking AI web crawlers, and platforms like Perplexity have become embroiled in related lawsuits. Cloud service provider Cloudflare has even created a "honeypot maze," using AI-generated nonsensical text to construct infinite loop pages designed to trap various data scrapers.

However, some advanced AI agents have already developed the ability to bypass these protective measures. In response to the escalating human-machine arms race, the entire industry is now focusing on developing a more reliable human verification system. This system must accurately determine whether the operator on the other side of the screen is human: human actions exhibit hesitation, typing errors, and subtle tremors in cursor movement unique to the human nervous system. This article will analyze the causes behind this transformation, the two leading technical approaches, and the choice users will face: accepting centralized biometric surveillance or adopting encrypted zero-knowledge proof technology for anonymous human verification.

AI is disrupting internet business models

Websites are increasingly blocking AI programs, as AI simultaneously undermines the very commercial foundations upon which the internet relies. The traditional internet business model is built on user attention: users visit pages and view ads, allowing content creators to earn revenue. But if AI handles online shopping for users, it can instantly search through thousands of websites, whereas an average person typically browses only four or five pages.

AI can read and process information far faster than humans, completing cross-site price comparisons or even placing orders within minutes, all without generating any ad impressions. This means websites bear the cost of server operations but receive no revenue in return.

Meanwhile, AI search continues to divert website traffic. After Google added an AI-powered summary section at the top of search results, only 8% of users click through to the original websites, causing content sites to experience a direct 33% drop in referral traffic from Google. Within just one year of launching, the feature surpassed 1 billion monthly active users, and platform search volume has doubled every quarter since its release.

Most of you probably remember the homework help platform Chegg. Originally thriving on its search ranking advantages to provide academic Q&A services, it has now officially shut down its Q&A section, attributing its failure to the impact of ChatGPT. Content creators are caught in a double bind: on one hand, web crawlers indiscriminately scrape content from their sites; on the other, AI summaries intercept traffic before users even reach the website.

The data disparity is even more striking: previously, for every referral traffic visit an OpenAI crawler brought to a partner website, it would scrape data from 400 pages; for Anthropic, this ratio reached 38,000:1. These companies freely use publicly available web data to train their AI models, then divert traffic away from websites using their finished products.

In other industries, such predatory data collection practices would have long ago triggered countless lawsuits, but in the AI field, these companies have achieved valuations in the trillions.

Your body is the new password.

Over the past 25 years, the internet has primarily relied on CAPTCHAs to distinguish between humans and machines. Users were required to identify traffic signs or enter distorted characters—a system that worked because, in earlier years, machines' image recognition capabilities were far inferior to those of humans.

The situation has been completely reversed. OpenAI’s intelligent automation software scores far higher than humans in Google’s CAPTCHA systems, accurately clicking interfaces and copying and pasting content; AI-generated images can fool identity verification systems, and deepfake video calls have even been used by criminals to complete bank transfers. The foundational assumption behind traditional verification methods—that machines are less capable than humans—no longer holds true.

The industry is currently focusing only on areas where AI cannot yet replicate human behavior—namely, behavioral biometrics, which capture the physical gestures humans exhibit when operating electronic devices. Companies such as IBM and BioCatch are developing systems that not only verify identity during login but also continuously monitor user behavior throughout their session, collecting data points including cursor movement speed, scrolling patterns, typing rhythm, keystroke pressure, text editing habits, and phone holding angle. The device’s gyroscope records this information in real time.

The system can also detect details such as the user's dominant hand and finger swipe patterns. IBM only needs eight usage samples to build a unique behavioral profile for each user, and subsequently compares every action in real time against the baseline data.

BioCatch’s technology can even identify online fraud scenarios. When victims recite their account passwords under the guidance of scammers over the phone, the system precisely captures the erratic and interrupted typing rhythm caused by panic. In just one year, this system helped 257 banks identify approximately two million money laundering accounts. Now, the European Union has begun piloting gait recognition technology. Only three years after the advent of the AI agent era, EU border officials are already collecting data on citizens’ walking patterns.

Related research also incorporated the Stroop effect: when the word “blue” is written in green font, the human brain experiences a conflict between the meaning of the text and the visual color, resulting in significantly slower reaction times—yet AI remains unaffected. The study found that this cognitive interference is directly reflected in typing behavior. The platform does not even need to administer specific tests; simply by analyzing typing rhythm, it can determine whether the operator is human—typing patterns reveal unique human brain information-processing characteristics.

Previous online tracking primarily recorded user behaviors such as browsing, clicking, and spending, which users could evade by blocking cookies, using virtual private networks, or disabling location services. However, behavioral biometrics captures innate human characteristics—such as cursor movement patterns and typing rhythms—that are difficult to alter intentionally.

Everyone’s behavioral traits are as unique as a fingerprint. Unlike passwords or keys, this biometric profile cannot be changed or reset. Once this technology becomes widespread, all platforms will be forced to adapt. Voice simulation technology already can convincingly mimic human speech during calls, and video deepfake technology is quickly following suit. If this is the future, the most critical question emerges: Who will ultimately control these biological data?

Who controls the identity verification system?

The industry has currently split into two camps, each exploring real-person identity verification solutions.

The first is Sam Altman’s World (formerly Worldcoin). Users must approach a spherical iris-scanning device, which captures their iris data and generates an encrypted credential to verify that they are a unique human being. To date, 18 million people across 160 countries worldwide have completed iris registration. In April 2026, World partnered with dating app Tinder, video conferencing platform Zoom, and e-signature service DocuSign to implement user verification; it also collaborated with Coinbase to launch AgentKit, enabling users to link their AI agents to their verified real-world identities—allowing the platform to confirm that an AI agent is operated by a real person without exposing any personal user information.

However, iris scanning technology has been explicitly banned by several countries. The public is unaware of the risks associated with authorized biometric data collection, which is the core reason for global resistance. An investigation by MIT Technology Review also found that World collected multiple vital signs—including heart rate and respiration—without proper authorization, in addition to iris data.

The second type is cryptographic zero-knowledge proofs, which allow you to prove you are human without revealing your real identity, location, or appearance. Vitalik Buterin proposed this idea as early as 2023. He argued that if a decentralized human identity system cannot be built, the internet will ultimately succumb to centralized identity control. Once identity verification authority falls into the hands of corporations or governments, surveillance mechanisms will become embedded in the very foundation of the network.

Previous large-scale attempts to implement a decentralized real-person identity system ultimately failed. Idena is among the first blockchain projects to champion “one person, one identity.” Within just two years of its launch, 40% of all accounts and 48% of all rewards on the network were controlled by 23 organizations. In regions such as India and Russia, account operation teams hired ordinary individuals to lend their identities for less than one dollar per hour, earning up to 55 times the payout in return. Researchers also discovered that children’s identity information was being used to operate puppet accounts.

Vitalik had long anticipated this type of risk. He stated that the most cost-effective attack on real-person verification systems is not deepfakes or advanced hacking techniques, but rather paying individuals in low-income regions to lend their personal identities. Any real-person verification system relies on financial support: devices for iris scanning and on-chain verification nodes all require ongoing investment.

Once identity credentials are assigned economic value, a black market for identity renting will emerge. In the real world, where wealth inequality is stark, those with capital will always control such markets.

Enforcing a one-person-one-vote rule in a system with real economic incentives will ultimately repeat the failures of similar social experiments in the twentieth century.

Objectively speaking, both development paths have significant flaws. The centralized approach can achieve scalable implementation, but users' biometric data would be entrusted to companies that excessively collect information—companies that themselves profit from the current proliferation of bots. The crypto-based approach theoretically protects privacy, yet struggles to overcome real-world economic imbalances, ultimately leaving loopholes for gray-market industries to exploit.

If I had to place a bet, I’d still bet on cryptographic solutions. Behavioral biometrics and centralized iris scans permanently record your biological information, and ownership of that data belongs to whoever deploys the system. Once they have your data, you cannot delete or transfer it—it’s locked in the hands of the company that collected it.

Even though zero-knowledge proofs may be exploited, they are still worth developing because they allow verification of your humanity without revealing additional information. Conversely, if we abandon this path, every website we visit in the future will collect data on our physical behaviors. Today, this centralized, surveillance-based solution is being deployed far faster than cryptographic alternatives.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.