Ad fraud in 2026: the year the bots learned to act human

Sometime in 2025, a line was crossed that the industry had been watching approach for years: automated traffic overtook human traffic on the open web. Per HUMAN Security’s 2026 benchmark, machine traffic is now growing roughly eight times faster than human traffic. Cloudflare’s network data tells the same story. For the first time, the bots outnumber the people.

Ad fraud didn’t cause that shift. But it is the first business model to fully exploit it — and in 2026, the exploitation got dramatically more sophisticated, because the same generative AI that’s transforming legitimate advertising is now in the hands of the people stealing from it.

Here’s where ad fraud actually stands in June 2026 — the scale, the new techniques, and the genuinely new problem nobody had to solve a year ago.

The scale is no longer abstract

Invalid traffic wasted an estimated $63 billion globally in 2025, and forecasts from Juniper Research and Statista put that figure on a path toward $172 billion by 2028. Those aren’t rounding errors in a healthy market — they’re a structural tax on every advertiser who buys programmatically without protection.

What changed isn’t just the number. It’s the texture of the threat:

• Automated traffic is growing 8× faster than human traffic, and the composition of that automation is shifting from crude bots toward sophisticated, commerce-capable agents.
• AI-agent and agentic-browser traffic grew by more than 7,800% year over year — a category that barely registered two years ago.
• Bot fraud now accounts for the majority of violations in some regions (roughly 82% in North America), while data-center traffic dominates elsewhere — as high as 98% in APAC.

For the first time, the machines on the internet outnumber the people. Fraud is the first business model built to take full advantage of that.

The bots learned to act human

The old tell-tales of invalid traffic — robotic click timing, impossible mouse paths, no scroll depth, instant form fills — are disappearing. Generative AI has handed fraudsters tooling to manufacture traffic that behaves like a person: variable mouse movement, natural scrolling cadence, realistic reading-time pauses, even typing rhythms that mimic human hesitation.

This is the uncomfortable core of 2026’s fraud problem. Detection models trained to spot mechanical behavior are increasingly looking at traffic that doesn’t behave mechanically at all. The signal that used to separate human from bot has narrowed to almost nothing — and it’s narrowing further every quarter.

CTV is the front line

If you want to see where AI-enabled fraud concentrates, look at connected TV. It’s the perfect target: high CPMs, opaque delivery, no browser to anchor identity, and a measurement layer still maturing.

DoubleVerify’s 2026 data is stark. The firm detected 140% more CTV fraud schemes and variants in Q1 2026 than in Q1 2025, identified more than 50 distinct CTV bot attacks in 2025 alone, and found that the number of fraudulent CTV apps it caught was roughly ten times higher than the year before.

The mechanics usually run through server-side ad insertion (SSAI) — the same technology that stitches ads cleanly into a stream can be abused to spoof devices and fabricate impressions at scale. The named operations give a sense of the magnitude:

• ShadowBot, a single operation, generated tens of millions of spoofed mobile devices and, at its peak, was capable of falsifying up to 200 million impressions a month against advertisers without protection.
• SneakyTerra, an SSAI scheme, spoofed millions of devices a day.
• ICEBUCKET — the operation that first defined the category years ago — at its peak accounted for nearly a third of the SSAI-visible programmatic CTV traffic in a single month.

And here’s the part that should unsettle anyone who treats premium buys as inherently clean: DoubleVerify found bot activity inside direct CTV deals from major advertisers — 34% of impressions going to bots in one consumer-healthcare campaign, 25% in a major CPG buy. A direct deal is a contract, not a guarantee. The bots don’t care how the impression was sold.

The genuinely new problem: bot, or agent?

Every fraud trend above is an escalation of something familiar. This one isn’t.

As AI agents begin doing real work on the web — comparison-shopping, managing accounts, completing checkouts on behalf of actual people — the foundational question of fraud detection breaks. An AI agent browsing a product, logging in, and buying something could be acting for a real customer or executing an autonomous fraud operation. The behavior is identical. Only the intent differs.

“Block all automation” was a workable heuristic when automation meant fraud. In 2026 it isn’t, because a growing slice of automated traffic is legitimate and even desirable. The industry is being pushed from bot mitigation — keep machines out — toward something harder: an agent-trust layer that distinguishes beneficial AI agents from malicious ones and governs what each is allowed to do. HUMAN Security was named a Leader in Forrester’s first Bot and Agent Trust Management Wave in Q2 2026; the renaming of the category is the tell.

For ad tech specifically, this means invalid-traffic filtering can no longer be a binary. The next generation of fraud defense has to reason about intent and provenance, not just human-or-not.

The uncomfortable truth about verification

It would be comforting to say the verification industry has this handled. The evidence is more complicated. Independent analyses through 2025 — most prominently from Adalytics — found that ads were still being served to known, garden-variety bots even on inventory covered by major verification vendors. Detection at internet scale is genuinely hard, and a verification tag is a meaningful layer, not a force field.

The lesson isn’t “verification doesn’t work.” It’s that fraud defense can’t be a checkbox you buy and forget. A tag fires after the fact. The economics of fraud are decided earlier — in which supply paths you trust, which sellers you buy from, and whether the impression was ever legitimate to begin with.

What to actually do in 2026

The threat got smarter, but the defensive playbook is clearer than the headlines suggest.

1. Move detection before the auction, not after. Post-bid blocking tells you what you already lost. Pre-bid filtering — refusing to transact on traffic that fails inspection — is where the money is actually saved.

2. Stop trusting paths you can’t see. Most fraud rides in on long, unverifiable supply chains. Clean ads.txt / app-ads.txt and sellers.json, short paths, and a readable SupplyChain object are fraud controls, not just transparency niceties. (We went deep on this in the 2026 state of supply-chain transparency.)

3. Audit your direct and CTV buys like they’re open exchange. “Premium” and “direct” are not synonyms for “clean.” Demand independent measurement on exactly the buys you assume are safe.

4. Get log-level data rights — and actually look. You cannot reconcile fraud you can’t inspect. If your contracts don’t give you the underlying logs, you’re auditing on faith.

5. Start planning for agent traffic now. The buyers and sellers who’ll be ahead in 2027 are the ones building a view of which automation is touching their inventory and why — before “block all bots” quietly starts blocking their best customers’ assistants.

Defense belongs inside the auction

The through-line of 2026 is that fraud has moved upstream — into the bid request, into the supply path, into traffic that looks indistinguishable from the real thing. Defenses bolted on after the auction clears are always one step behind, because by then the impression has already been bought.

That’s the conviction Lumorrow is built on: filtering and intelligence belong inside the auction, evaluating every bid request in real time — before it ever becomes a billed impression. In a world where the machines outnumber the people, the exchange itself has to be the first line of defense, not the last.

---

Lumorrow is an AI-native exchange that evaluates supply quality and traffic validity in real time, pre-auction, across web, CTV, and OTT. See how the platform works → or explore it for demand partners →.