Bots to Overtake Humans in Traffic by 2027 — What It Means for Ukraine's Cybersecurity and Infrastructure
Cloudflare's CEO warned at SXSW that generative AI will drive bot traffic to levels that exceed human traffic. Why this matters for Ukraine — and what steps the government, the defense sector and businesses should already be taking.
By Tetiana Suchkova-Ladik
March 20, 2026 · 2 min read
What happened
At SXSW 2026, Cloudflare CEO Matthew Prince said that by 2027 total internet traffic generated by bots could exceed traffic from humans. The main driver is the rapid spread of generative AI agents, which visit many more pages while forming responses and collecting data than an individual user does.
"By 2027 bot traffic will exceed human traffic — this is not a hypothesis, but a projection based on how modern AI agents operate."
— Matthew Prince, CEO of Cloudflare (SXSW 2026)
Why it matters
Previously, bot traffic made up roughly 20% and was formed mainly by search engine crawlers. But now hybrid AI agents are being added to that mix, generating far more requests and load. Cloudflare predicts this will require new technical solutions — from dedicated sandboxes for AI to expanded data centers and network architecture.
How this relates to recent AI releases
Against this backdrop, OpenAI launched GPT‑5.4 mini and a Codex app for Windows — models and services that make generative AI faster and more accessible for a wide range of applications. The more such services exist, the more agents begin to carry out automated web navigation and requests, increasing overall traffic volume.
Implications for Ukraine
For Ukraine this is both a threat and an opportunity. On one hand, rising bot traffic increases strain on networks, makes infrastructure more vulnerable to DDoS attacks, and complicates the operation of critical services. On the other hand, it is a signal to accelerate investment in local data centers, distributed networks, and systems that filter out malicious agents.
Cybersecurity experts and infrastructure providers agree that some solutions must be technological (sandboxes, rate limiting, AI-aware filters), while others should be organizational: reserving bandwidth for the public sector and defense, standards for cloud service providers, and coordination with international partners.
What to do now
Practical steps for the state and businesses: assess vulnerabilities of critical infrastructure, invest in distributed data centers and CDNs, implement AI-specific traffic control mechanisms, and build up cybersecurity competencies. For defense companies this is also an opportunity to develop proprietary solutions for analyzing and controlling agent behavior.
Conclusion
Cloudflare’s forecast is not just a technical whim but a marker of how the internet is changing: more automation, more load, different risks. For Ukraine the key question is not only "how to withstand the traffic" but "how to use this trend to enhance the digital resilience of the state and the economy." Are our networks, providers, and public bodies ready to act in concert with this challenge?
