TechLevity
← Back to Insights
ai governanceai automationai strategycloud

When AI Agents Attack — The 7,851% Traffic Surge

·9 min read

AI agent traffic surged 7,851% in 12 months. Most companies can't distinguish agent traffic from human traffic. Here's how to prepare your infrastructure.

When AI Agents Attack — The 7,851% Traffic Surge

TL;DR

  • AI agent traffic surged 7,851% in a single year — most companies didn't notice
  • 30% of web traffic is now non-human and AI-generated
  • Most security and infrastructure tools can't distinguish agent traffic from human
  • Companies need AI-specific traffic management or risk infrastructure failure

Excerpt: In November 2025, hackers used Claude AI to attack 30 global organisations. That was a rehearsal. AI-powered attacks are no longer theoretical — they are operational, machine-speed, and polymorphic. Here is what the threat landscape looks like now.

Slug: when-ai-agents-attack-threat-landscape

Categories: ai-governance, compliance, ai-strategy

In November 2025, hackers weaponised Claude AI to attack 30 global organisations in a coordinated campaign. The attacks were automated, adaptive, and fast. By the time security teams identified the pattern, the damage was done.

That was not an anomaly. It was a rehearsal.

Elastic's 2025 Elusive Threats Defence Report reveals a threat landscape that has fundamentally shifted. The attackers are no longer lone hackers with scripts. They are fleets of AI malware agents — coordinated, self-modifying, and operating at machine speed. And most organisations are not prepared to defend against them.

The numbers are already here

Let us start with the current state of play, because the data is unambiguous.

67% of organisations have been targeted by AI-enabled attacks in the past year. Two-thirds. This is not an emerging threat. It is the current baseline. If you have not been targeted yet, you are either exceptionally well-defended or exceptionally unaware.

61% of organisations report that their AI assets have already been compromised. Not "at risk of being compromised." Already compromised. More than half of companies running AI have had those systems exploited in some way.

The financial consequence is measurable. 25% of AI initiatives have been cancelled or postponed specifically because of security concerns. Security failures do not just create risk. They destroy planned investment. A quarter of all AI projects are being shelved because organisations cannot defend what they have built.

And the trajectory is steepening. Annual cybersecurity spend for AI is projected to rise 55% by 2028. Not because organisations want to spend more on security. Because they have to. The threat volume is growing faster than the defence capacity.

How AI agents attack

The offensive use of AI is not just "better phishing." It is fundamentally different from what came before. Three characteristics define the new threat.

Speed. AI agents operate at machine speed. They scan, probe, exploit, and move laterally in seconds, not hours. Human defenders cannot keep up with the cadence. By the time an analyst opens an alert, the attack has already progressed through three more stages.

Adaptability. AI agents learn from defensive responses. When a firewall blocks one attack vector, the agent tries another. When a security team patches one vulnerability, the agent identifies the next. Traditional defence relies on static signatures and known patterns. AI-powered attacks change their patterns mid-campaign.

Scale. A single attacker can now deploy fleets of AI agents — dozens or hundreds — each targeting a different organisation simultaneously. The economics of attack have inverted. It costs almost nothing to generate and deploy AI malware at scale. It costs a fortune to defend against it.

Three attack scenarios you should prepare for

The Elastic report identifies three scenarios that are already playing out. Each exploits a different vulnerability in how organisations use AI.

Scenario 1: Automated financial fraud

AI agents can generate realistic vendor invoices, complete with correct formatting, plausible line items, and matching purchase order references. They can craft emails that mimic the tone, style, and timing of legitimate vendors. They can follow up with phone calls using AI-generated voice.

The attack is not a single invoice. It is a coordinated campaign — an AI agent that researches your vendor relationships, identifies payment patterns, generates fraudulent invoices that match those patterns, and times the submission to coincide with your actual payment cycles.

For a mid-market company processing hundreds of invoices monthly, this is nearly impossible to catch manually. The fraud looks like business as usual because it was designed by an AI that studied your business as usual.

Scenario 2: Supply chain sabotage

Your supply chain runs on interconnected systems — procurement platforms, logistics software, inventory management. AI agents can target not just your systems, but your suppliers' systems. A compromised supplier API becomes a vector into your operations.

The attack might look like altered shipping instructions. Rerouted inventory. Modified quality specifications. None of these trigger traditional security alerts because they look like legitimate business transactions. The AI agent has learned what legitimate looks like and replicates it.

51% of organisations report that their infrastructure cannot support multi-agent environments securely. If your infrastructure cannot secure your own AI agents, it certainly cannot defend against someone else's. As our analysis of the AI infrastructure readiness gap shows, this is a systemic problem.

Scenario 3: Shadow AI blast radius

Your employees are using AI tools you did not approve. Those tools have API connections to your core systems — CRM, accounting, project management. When a shadow AI tool is compromised, the attacker inherits every connection that tool has made — a risk that our shadow AI governance guide addresses in detail.

An employee connects an unapproved AI note-taking app to their email and calendar. The app is compromised. The attacker now has access to every email, every meeting, every strategic discussion that employee has participated in. Not because you were breached. Because your employee's £10-a-month AI tool was breached.

The blast radius of shadow AI is asymmetric. A single compromised tool can expose an entire organisation's intellectual property, customer data, and strategic plans.

Why defence is falling behind

The fundamental problem is speed. 70% of security professionals say threats are evolving faster than their defences. The attackers have AI agents. The defenders have dashboards and manual processes.

64% of organisations still rely on human-based remediation for AI security exposures. When an AI-powered attack moves through your environment in seconds, a human responding in minutes is not a defence. It is a damage assessment — and closing this gap requires AI-native engineering support that builds automated defence capabilities.

Elastic's researchers describe a "fleet of AI malware agents" that weaponises zero-day vulnerabilities faster than human defenders can identify them. These agents are polymorphic — they change their code signature mid-attack, rendering traditional antivirus and endpoint detection useless.

The result is a growing gap between offensive capability and defensive readiness. The attackers have industrialised their operations. Most defenders are still artisanal.

What AI-powered defence looks like

The answer is not more humans monitoring more dashboards. The answer is AI defending against AI. The same capabilities that make AI agents dangerous as attackers — speed, adaptability, scale — make them powerful as defenders.

AI-powered defence means autonomous threat detection that operates at machine speed. It means behavioural analysis that identifies anomalous patterns across your entire environment, not just at the perimeter. It means automated response that contains an attack in seconds, not minutes.

But here is the challenge. To deploy AI-powered defence, you need the infrastructure to support it. And 51% of organisations say their current infrastructure cannot securely support multi-agent environments. The defence requires the same foundational capability as the offence: a secure, governed AI infrastructure — one designed with proper agent architecture for production AI.

Practical steps

Map your attack surface

Before you can defend against AI-powered attacks, you need to know what you are defending. Map every AI tool, API connection, and data flow in your organisation. Include the ones your IT team approved and the ones your employees installed themselves.

Prioritise AI identity management

Every AI agent — yours and attackers' — creates identities. API keys, access tokens, service accounts. Organisations with elevated AI identity risks have a 52% higher incident rate. Get control of non-human identities before they become the vector for your next breach.

Invest in AI-powered detection

Signature-based detection is dead against polymorphic attacks. You need behavioural analysis that identifies anomalous patterns regardless of the specific signature. This requires AI defending against AI.

Run adversarial simulations

Do not wait for a real attack to find your gaps. Run tabletop exercises that simulate the three scenarios above — financial fraud, supply chain compromise, shadow AI blast radius. Find the weaknesses before the attackers do.

Prepare for Jevon's Paradox in security

As defensive AI gets cheaper and more accessible, total security spending will increase, not decrease. This is Jevon's Paradox applied to cybersecurity. Plan for rising spend, and make sure it is directed at the right problems.

The bottom line

The attackers have AI agents. They are fast, adaptive, and operating at scale. 67% of organisations have already been targeted. The question is not whether AI-powered attacks will reach your organisation. The question is whether your defence will be ready when they do.

The answer, for most companies, is no. 64% still rely on human remediation. 70% say threats are outpacing defences. The gap is widening. Closing it requires the same technology the attackers use, deployed defensively — often with AI-native engineering support that brings security expertise specific to agentic systems.

The attackers have AI agents. Your defenders need them too.

Is your AI security ready for adversarial AI? TechLevity offers a focused threat assessment that maps your attack surface, identifies your exposure to AI-powered attacks, and builds a defence roadmap. Book yours before the next rehearsal becomes the real thing.

[Book your AI threat assessment →]

Key Takeaways

  • 7,851% traffic surge from AI agents is the new normal — and it's accelerating
  • 30%+ of traffic is now AI-generated, breaking analytics and cost models
  • Agent traffic management is a new infrastructure discipline every company needs
  • Rate limiting alone won't work — sophisticated agents bypass traditional controls
  • Prepare now — the next surge will be larger and faster than the last

<!-- INTERNAL LINKS:

  • Link to /insights/agent-architecture-production-ai from section about agent infrastructure
  • Link to /insights/cloud-cost-optimization-guide from section about infrastructure costs
  • Link to /insights/ai-sdlc-maturity-framework from section about maturity
  • Link to /services/ai-governance from CTA

-->

Want a second opinion on your AI initiative?

30-minute sanity check call. No pitch, no slides.

Book your call →

Newsletter

This is where I share what I can't post publicly.

AI strategy for UK scale-ups. Monthly. No fluff.

Subscribe to Beyond Growth →