New data shows AI bots pushing deeper into the web, prompting publishers to roll out more aggressive defenses. The viral virtual assistant OpenClaw--formerly known as Moltbot, and before that Clawdbot--is a symbol of a broader revolution underway that could fundamentally alter how the internet functions. Instead of a place primarily inhabited by humans, the web may very soon be dominated by autonomous AI bots. A new report measuring bot activity on the web, as well as related data shared with WIRED by the internet infrastructure company Akamai, shows that AI bots already account for a meaningful share of web traffic. The findings also shed light on an increasingly sophisticated arms race unfolding as bots deploy clever tactics to bypass website defenses meant to keep them out.

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks (CDNs) and edge computing place programmable defenses closest to users and bots, making them natural enforcement points for machine-learning (ML) driven inspection, throttling, and isolation. This survey synthesizes the landscape of AI-enhanced defenses deployed at the edge: (i) anomaly- and behavior-based Web Application Firewalls (WAFs) within broader Web Application and API Protection (WAAP), (ii) adaptive DDoS detection and mitigation, (iii) bot management that resists human-mimicry, and (iv) API discovery, positive security modeling, and encrypted-traffic anomaly analysis. We add a systematic survey method, a threat taxonomy mapped to edge-observable signals, evaluation metrics, deployment playbooks, and governance guidance. We conclude with a research agenda spanning XAI, adversarial robustness, and autonomous multi-agent defense. Our findings indicate that edge-centric AI measurably improves time-to-detect and time-to-mitigate while reducing data movement and enhancing compliance, yet introduces new risks around model abuse, poisoning, and governance.

Interpreting what the internet means to the world -- the good and the bad, its enormous scale and its endless potential -- was a challenge that immediately inspired me,

Lots of things are being called "smart" these days -- everything from light bulbs to cars. Increasingly, the smarts come from some form of artificial intelligence or machine learning. AI is no longer limited to big central data centers. By moving it to the edge, enterprises can reduce latency, improve performance, reduce bandwidth requirements, and enable devices to continue to operate even when there's no network connectivity. One of the main drivers for the use of AI at the edge is that the sheer amount of data produced in the field would cripple the internet if it all had to be processed by centralized cloud computing solutions and traditional data centers.

Content delivery platform provider Akamai announced Wednesday platform security enhancements intended to increase cybersecurity protections for web applications, APIs and user accounts. Akamai said its machine learning algorithms leverage insights from a dataset of over 1.3 billion daily client interactions to automate threat detections, time-consuming tasks and security logic to help cybersecurity analysts make better decisions faster. The company said it is taking these steps to keep up with attackers who are using AI, machine learning and automation to increase the frequency and sophistication of their attacks. "At Akamai, our latest platform release is intended to help resolve the tension between security and ease of use, with key capabilities around automation and machine learning specifically designed to intelligently augment human decision-making," said Aparna Rayasam, Akamai's senior vice president and general manager for Application Security, in a press release. "Smart automation adds immediate value and empowers users with the right tools to generate insight and context to make faster and more trustworthy decisions ... while anticipating what attackers might do next."

Amy O'Connor, chief information officer at Cloudera and Patrick Sullivan, global director of Security Strategy at Akamai, discuss the growing use of artificial intelligence in both public and private sector cyber security, The latest agency to consider using artificial intelligence to augment their cybersecurity systems is the Internal Revenue Service. A request for proposals went out in June for an analytics platform to identify risks at the agency, and AI cloud providers are jumping at the opportunity. "I think it's encouraging that the IRS is going down this path. We see both in the private sector and public sector that people are turning to machine learning. One of the challenges that we face is not only are the threats growing… but just the challenge of finding qualified security professionals is daunting. There's estimates from ISACA that we will be about two million security personnel short next year and that grows to three and a half million based on estimates a couple of years from there," said Patrick Sullivan, global director of Security Strategy at Akamai "So what you end up with is a lot of great security tools that there's no human there that is trained to consume those, to inspect those. That's one opportunity with machine learning is to have better inspection of that enormous security perimeter that you have there."

You know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006. Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.

A week and a half ago I was in Berlin for the hub conference. I had the opportunity to speak on a panel about cybersecurity (no surprise there) and shared my views on how countries and corporate entities can work together. I touched on the need for better channels of communication between the aforementioned. This generated a fair amount of discussion after the panel and all of it was positive. The next day I was off to the airport to head home.

Eric Swildens knows how damaging intellectual property trials can be. In 2002, Speedera Networks, the content delivery network he cofounded, was sued for patent infringement and trade secrets violation by Akamai. "It was trial by fire," says the 50-year-old engineer. "I learned a bunch of stuff I didn't necessarily want to learn." Mark Harris is a freelance journalist reporting on technology from Seattle. Sign up to get Backchannel's weekly newsletter, and follow us on Facebook, Twitter, and Instagram.