What Is the Agentic Web? AI Agents and the New Internet
Jamie Vinkle
Bot & AI Agent Trust Management
July 09, 2026

-
The agentic web is the phase of the internet where autonomous AI agents browse, research, and act on websites alongside humans, not just answer questions in a chat window.
-
Cloudflare Radar data for June 2026 showed bot/automated requests reaching 57.4% of HTTP requests to HTML content.
-
Four categories cover most agents active today: assistant and browsing agents, autonomous task agents, crawlers and training-data bots, and shopping and transaction agents.
-
Any agent can be authorized, unauthorized, or spoofed. The category tells you what it’s built to do, not whether this particular instance belongs on your site.
-
Legacy signature-based detection struggles because a declared identity, most simply a user-agent string, can be omitted, changed, or copied.
-
The industry is shifting from “is this a bot, block it” to a governance question: what is it, whose identity does it present, what does it intend, and what response fits.
For most of the web’s history, a visitor meant a person sitting at a keyboard, or software built by a person and running on their behalf in predictable, narrow ways.
The agentic web breaks that assumption.
AI agents now research products, fill out forms, compare options across dozens of pages, and in some cases complete purchases, often without a person directing each individual step.
This guide covers what the agentic web is, the kinds of AI agents now active on sites, how they behave, why they’re difficult to verify, and the governance questions their presence raises.
What Is the Agentic Web?
The agentic web is the phase of the internet where AI agents do not only answer questions. They can visit websites, interpret what they find, and take actions on behalf of a user or organization.
That distinction, taking action rather than only answering, is what separates the agentic web from a chatbot.
An assistant that summarizes an article for a user is not yet part of the agentic web. An agent that visits the article’s page, reads it, and acts on what it finds — filling out a form, adding something to a cart, moving to the next step of a task — is.
The term became more visible in 2025 through industry messaging around the “open agentic web” and research into agent-native web interfaces.
It names a real shift in how the web gets used, not a rebrand of automation that was already happening.
The category spans a wide range.
On one end, a simple browsing assistant fetches a single page on a user’s instruction and reports back.
On the other, an autonomous agent plans a multi-step task and acts across several sites without a person checking in between steps.
The middle of that range matters more every quarter. Agents have moved from demos to real, measurable traffic on retail, finance, and content sites, which is why the category now needs a name and a framework of its own.
How the Web Shifted From Human-Only to Humans and Agents
For most of the web’s history, “visitor” meant a person, or software narrow and predictable enough to coexist with human traffic without changing how site owners thought about access: search crawlers, monitoring bots, and other familiar automated systems.
Autonomous agents change that premise.
They browse, decide, and act in ways that used to require a person directing every step. They can also generate request patterns a human user would not produce, especially when comparing options, reading across many pages, or executing a multi-step task.
The scale of that shift has become measurable.
Cloudflare Radar data for June 2026 showed bot/automated requests reaching 57.4% of HTTP requests to HTML content, compared with 42.5% from humans.
That measurement counts requests, not attention. It does not mean people have stopped using the web. It means a growing share of what reaches a site is no longer a person clicking one link at a time.
That distinction matters. A single shopping agent comparing options across a category can generate thousands of page requests that a human comparison-shopping the same category would not. A research agent can read across many pages before returning a short answer to the user. A task agent can move through several pages or sites as part of one delegated workflow.
That’s the agent share of the shift.
The broader rise of automated traffic overall gets its own breakdown of how that traffic splits out by type.
If agents are now a real, measurable part of traffic, the practical questions shift accordingly.
What kinds of agents are actually out there?
How do they behave once they arrive on a site?
And how does an organization tell them apart from humans, and from each other?
The Types of AI Agents on the Web Today
Not every agent on the web does the same thing, and the same agent can be welcome in one context and unwanted in another.
A shopping agent a customer explicitly authorized to complete a purchase is doing exactly what it was asked to do.
A crawler pulling the same product page to train a model without permission is a different situation, even if the two requests look similar at the network level.
The clearest way to talk about agents is by function, the same principle that applies to automated traffic generally.
Four functional categories cover most agent activity organizations are likely to encounter today.
| Agent Type | What It Does | Typical Examples |
|---|---|---|
| Assistant and Browsing Agents | Browses and acts on a user’s behalf inside a chat or assistant interface | ChatGPT browsing, Operator, Perplexity, Gemini |
| Autonomous Task Agents | Plans and executes multi-step tasks across sites with limited supervision | Manus and similar planning agents |
| Crawlers and Training-Data Bots | Indexes content or gathers data to train language models | GPTBot, ClaudeBot |
| Shopping and Transaction Agents | Researches products and completes purchases on a person’s behalf | Retail and commerce-site shopping agents |
A closer look at each category shows where the harder questions sit.
Assistant and Browsing Agents
ChatGPT with browsing, Operator, Perplexity, and Gemini are clear examples of this category.
A person asks a question or delegates a task, and instead of answering only from what it already knows, the assistant leaves the chat window to research, compare, or complete part of the task on the open web.
This category was not central to older explanations of bot traffic, but it is becoming more important as browsing assistants and task agents create measurable automated traffic on ordinary websites.
Autonomous Task Agents
Manus is a current example of the category: agents built to chain actions across multiple pages and sites toward a goal, checking in with a person only at defined points, if at all.
That scope is what separates a task agent from a browsing assistant that acts on one instruction at a time and reports back.
A task agent’s session can span far more of a site, and far more sites, than a single browsing request ever would.
Crawlers and Training-Data Bots
GPTBot and ClaudeBot are common examples of this category, indexing content or gathering data used to train language models.
Some of this traffic is legitimate and expected, in the same way search crawlers have always been part of a healthy web. Some of it may be unauthorized for the specific content it is pulling.
Calibrated controls for automated scrapers exist precisely for that gap, catching extraction that looks routine at first glance but is not.
Shopping and Transaction Agents
This category raises some of the hardest questions, because an agent researching products and completing a purchase on a person’s behalf produces an action that can look like a normal sale, but may or may not match a site’s policy for automated transactions.
Retailers preparing for this shift build toward AI agents transacting in commerce journeys as a defined category, rather than treating every automated purchase attempt the same way a human checkout gets treated.
Any of these four categories can be authorized, unauthorized, or spoofed.
An authorized agent is acting on a user’s behalf or with the site’s permission. An unauthorized agent is acting without that permission. A spoofed agent is adversarial software imitating a known agent to inherit its reputation.
The category tells you what an agent is built to do.
It does not tell you, on its own, whether this particular instance belongs on your site.
How AI Agents Behave on a Website
Agents interact with a site in a fairly narrow set of ways, even though the tasks behind those interactions vary widely.
In practice, most agent activity falls into four behaviors:
- Browse. Read pages, follow links, and gather information the way a research task requires.
- Form-fill. Complete and submit forms, from a simple signup to a detailed application.
- Transact. Complete a purchase, booking, or other transaction on a person’s behalf.
- Hand off. Pass a task back to a human, or pick one up that a human started.
That last behavior, the handoff, is one of the defining traits of the agentic web.
A person can start a task, researching a product, comparing options across a few sites, then delegate the rest to an agent, and return later to finish it themselves.
The same browsing session can be part human and part agent from start to finish, so handoffs between humans and AI agents need tracking as one continuous journey, not two unrelated visits from two unrelated entities.
At a high level, agents tend to move faster than people, repeat actions more precisely, and follow paths a typical visitor wouldn’t take.
None of that makes an agent’s presence a problem by itself; speed and precision aren’t guilt.
The real challenge is telling an authorized agent doing exactly what it was asked to do apart from an unauthorized or adversarial one running the same behaviors for a different reason.
Why Legacy Detection Struggles to Verify AI Agents
Older approaches to identifying a visitor rely on a signature, most simply the user-agent string a request declares about itself.
That approach works best when the software behind a request is predictable and has little reason to hide.
It breaks down with agents because the declared identity can be omitted, changed, or copied.
That gap matters for the agentic web.
Some agents declare themselves honestly and can be checked against what they claim.
Some do not declare themselves at all, leaving nothing reliable to check.
Some imitate a known assistant specifically to borrow its reputation.
A single request can fit any of these three patterns, and judged on signature alone, they can look similar.
The shift underway is conceptual as much as technical.
Verifying an agent is becoming less about matching a signature against a known list and more about establishing the entity behind a request, whether its presented identity holds up, and what its behavior suggests it is trying to do.
That is the direction the industry is moving: away from a one-time signature check and toward ongoing governance across the session.
The organizations getting this right work to govern automated traffic across humans, bots, and agents rather than just screening it once.
For the mechanics of how spoofed and unauthorized agents get caught in practice, a detailed guide to detecting malicious AI agents and synthetic interactions goes further into that ground.
The Governance Question the Agentic Web Creates
Traditional bot tools were built around one primary question: is this a bot, yes or no?
That question is no longer enough when the answer can be an authorized agent, an unauthorized agent, or an adversarial agent imitating a trusted one.
Legacy detection logic breaks down because it was not built to sort between those outcomes. It was built to separate humans from everything else.
The industry has started calling this structural problem the Governance Gap: organizations need to govern automated traffic, not just identify and exclude it.
A complete approach answers four questions in sequence:
- Entity: what is actually hitting the page?
- Identity: whose identity does it present, and does that claim hold up?
- Intent: what does its behavior suggest it is trying to do?
- Control: what response fits, given the answers to the first three?
The response side has changed just as much as the detection side.
Modern responses are not built around a single switch. A working spectrum includes:
- Allow traffic that checks out, without adding friction.
- Monitor activity that is borderline but not yet acting against the site.
- Step-up verification when more confidence is needed before allowing the next action.
- Constrain what an entity is permitted to do once it is on the site.
- Throttle aggressive but not clearly malicious traffic to limit impact while more signal accumulates.
- Misdirect confirmed adversarial traffic toward a controlled environment instead of the live site.
- Block entities where confidence is high and the policy response is clear.
A spectrum like this lets an organization match its response to the actual risk, and to whether an agent is wanted at all, instead of choosing between letting everything through and blocking everything that does not look human.
AI agent governance is the term the industry has converged on for building toward that kind of layered, proportional response.
Verifying an agent and reading its intent are related, but they are not the same problem.
Final Thoughts
The agentic web is no longer only a future scenario.
Cloudflare Radar data already shows bot/automated requests representing a majority of HTTP requests to HTML content, and AI agents are becoming a more visible part of how sites are accessed, read, and acted on.
Organizations that treat this only as a detection problem will keep relying on signals that agents can omit, change, or copy.
The more durable approach is governance: identify what is hitting the page, verify the identity it presents, evaluate what its behavior suggests, and apply the response that fits.
Verifying who is behind a request is the first step, not the whole answer.
Agent trust versus agent intent covers what happens next once an agent has been identified.
The Agentic Web FAQs
What is an AI agent?
An AI agent is software that can perceive information, decide on a next step, and take an action on the open web with limited or no step-by-step human direction.
That distinguishes it from a simple script, which only follows a fixed set of instructions, and from a chatbot that only answers questions inside its own interface.
An agent compares options across multiple sites, fills out a form, or pushes a transaction through, whatever the delegated task calls for.
Are AI agents the same as bots?
They overlap, but “agent” describes a newer and more capable category within the broader term.
Every AI agent is technically a kind of bot, in the sense that both are software performing automated tasks over a network, but not every bot is an agent.
Traditional bots, like search crawlers or simple scrapers, follow fixed rules and don’t plan or adapt mid-task.
Agents interpret what they encounter and decide what to do next.
For the fuller picture of how bots break down as a category, the bots pillar covers the broader foundation this guide builds on.
