The New Shopper Isn’t Human
The way people interact with retail sites is changing, and this past holiday shopping season made that very clear.
Shoppers have relied on comparison tools and search assistants for years. However, a new pattern emerged last year, with automated activity shaping the experience in ways that were hard to see from the outside. New research into holiday traffic from DataDome shows that this past holiday season saw a wave of automated activity that's changed how retailers handle demand. The sheer volume of activity gives a clear look at how quickly automated shopping has become part of the retail landscape.
Retailers are seeing more automated traffic than ever before. DataDome’s analysis shows that the period from Black Friday to Cyber Monday included over 11 billion bot requests and 560 million requests from artificial intelligence agents and large language models (LLMs). The same dataset blocked more than 3 billion bot attacks during the weekend, doubling the previous year's count for the same period. Researchers also noted that AI-related user agent activity reached record highs. These findings illustrate how quickly automated tools shaped peak season behavior.
The rise in automated shopping has taken place alongside a huge increase in malicious automation. Before the holiday rush, researchers reviewed several major e-commerce sites and found that many struggled to distinguish real shoppers from automated activity. It’s common practice for sign-up flows to allow disposable emails, and several sites lacked basic authentication systems like multifactor authentication. Others had limited protection against large-scale account creation, and some login flows didn't trigger lockouts even after repeated attempts. The rush to create a frictionless shopping experience for consumers has created an environment where fake accounts and takeover attempts can easily blend into the larger stream of traffic. That’s a huge opportunity for malicious actors to take advantage.
Those weaknesses become more visible once you consider how consumer AI tools and attacks intersect during peak seasons. Inventory for popular items now moves more quickly because automated tools are competing for access. Fake accounts use incentives intended for real customers, and automated campaigns test stolen credentials during busy periods when traffic spikes make unusual patterns harder to spot. As a result, human shoppers feel the effects through locked accounts, surprise charges, gift card problems, and long support queues.
This past holiday season provided a clear view of what's to come and how these patterns may evolve. Retailers now receive traffic from shoppers who use AI assistants to browse and purchase. These assistants gather product information, compare options, and pass buyers into checkout flows. This is behavior that will continue to become more common as additional companies introduce similar tools. Malicious groups will continue to automate their activity because it gives them scale during the busiest shopping moments of the year. This will place increasing amounts of pressure on systems that were originally designed for steady human traffic.
To mitigate the impact of malicious automation, retailers will need to review how they validate identity and intent in account creation and login flows. Verification steps help limit fake account activity and reduce takeover attempts. Controls around incentives help reduce automated abuse. Behavioral checks that look at speed, repetition and other patterns help distinguish nonhuman interactions, especially now as we’re seeing AI agents acting just like bots. These are critical steps that can help retailers support a smoother experience for real customers during high-demand periods.
This past year’s holiday shopping season revealed how much automated activity shapes the customer journey. Retailers are tasked with handling a mix of human shoppers, helpful AI agents and large volumes of malicious traffic. The season offered a preview of what future peak periods may look like. Automated shopping is now a huge part of retail, and retailers will need to adjust their systems to support real customers while managing rising levels of nonhuman activity.
Jérôme Segura is vice president of threat research, DataDome, a bot and agent trust management platform.
Jérôme Segura is a well-respected security researcher with a keen focus on malware analysis and the constantly evolving threat landscape, including a deep understanding of malvertising. With years of experience in the cybersecurity field, he has a proven track record of identifying emerging attack vectors. His expertise lies in uncovering the mechanisms behind online attacks and translating complex findings into practical knowledge, providing actionable intelligence to help protect individuals and organizations from malicious actors. His work often involves dissecting complex cyberattacks and sharing his findings to contribute to a safer digital landscape.
