By Guest: Rupesh Chokshi (LinkedIn)
Company: Akamai
Show Name: Secure By Design
Topic: Cybersecurity, Agentic AI
AI-powered bots are no longer a background threat. They are overwhelming digital businesses at a scale we have never seen before. Akamai’s latest State of the Internet report reveals a staggering 300 percent surge in automated traffic in just one year. These new AI-driven bots behave like real users, scrape content at massive scale, and are already reshaping the economics of digital business.
The internet has always evolved quickly, but today’s transformation is unprecedented. In this conversation, Rupesh Chokshi, Senior Vice President and General Manager of Application Security at Akamai, explains why the surge in AI bot traffic represents a major turning point. For many organizations, this surge is not simply a cybersecurity issue. It is a direct challenge to their digital operating model.
Chokshi begins by noting that enterprises traditionally measured success through customer growth, product adoption, and user engagement. Now, they must account for a different type of growth: automated traffic that delivers no tangible business value. These bots are not just scraping content—they are ingesting data, performing multi-step tasks, and mimicking the patterns of legitimate users. Their sophistication makes them harder to detect and dramatically increases the load on digital infrastructure.
Industries that depend on referral traffic or subscription models face the most disruption. In the past, search engines drove readers to publisher websites. Today, AI bots extract the content, generate answers, and prevent the user from ever clicking through. Chokshi explains that publishers are already reevaluating how much content to expose, which AI agents to allow or block, and how to monetize this new world. The same pattern is hitting SaaS companies, digital commerce platforms, and healthcare sites whose public information is widely scraped and repackaged into AI responses beyond their control.
Yet Chokshi is not pessimistic. He compares this moment to older technology shifts—e-commerce, mobile apps, and streaming—each of which disrupted established models before new opportunities emerged. The organizations that adapt will be the ones that understand how to create and capture value in a future where both humans and autonomous agents interact with their systems.
A major factor behind this shift is the rise of agentic AI. These autonomous agents will soon plan trips, shop for products, execute multi-step workflows, and drive entire transactions without a human clicking through a website. As Chokshi notes, businesses will need to optimize their systems for these agents just as much as they do for human visitors. This raises new questions about identity, trust, and intent. Enterprises will need mechanisms to determine who—or what—is interacting with their systems and whether that agent can be trusted.
This becomes even more critical with the rise of malicious AI tools like FraudGPT and WormGPT. Unlike legitimate bots, these systems are designed specifically for harm. They generate phishing content, forge documents, bypass security checks, and perform targeted attacks. They avoid identification, hide their handshakes, and exploit any opportunity to extract sensitive data or plant malicious code.
Distinguishing between legitimate and harmful bots is one of the industry’s hardest challenges. Chokshi highlights experiments like Amazon’s AgentCore, which Akamai participated in, that introduce a form of “digital handshake” to verify bot identity. Over time, these trust frameworks may become a standard requirement, helping determine whether an AI agent is allowed to browse, scrape, shop, or transact.
Organizations also look to OWASP for guidance. OWASP has expanded beyond web applications to provide structured frameworks for APIs, LLMs, and AI-powered apps. Chokshi emphasizes that these frameworks help teams understand the landscape of risks, but the real work is aligning them with internal priorities. Security teams must identify where they are exposed, which data needs protection, and which systems require immediate hardening. Not every issue can be solved on day one, but targeted prioritization can reduce both risk and impact.
The conversation also shifts to strategy. Security is no longer an operational concern—it is a board-level imperative. The first wave of AI emphasized efficiency and automation. The next wave will force companies to rethink how they operate in an economy where AI agents can initiate and complete transactions. Chokshi believes that the organizations that prepare now will be in the best position to benefit as agentic AI becomes mainstream.
Traditional bot detection methods are already aging out. Signatures, rate limiting, and simple traffic filters fail when bots behave like real users. Akamai is investing deeply in intent analysis, guardrails, and AI-native verification infrastructure. Products like Akamai’s Firewall for AI help protect GenAI applications from prompt injection, hallucination risks, and other emerging threats. Detection now requires understanding whether an agent continues to follow its intent or has deviated into suspicious behavior.
Akamai’s greatest advantage, Chokshi explains, comes from the sheer volume of global traffic it sees. Its AI and ML models are trained on patterns across industries—from financial services to travel and commerce. This allows Akamai to identify anomalies and correlate emerging threats before they spread widely. Fighting AI-driven attacks requires AI-driven defenses. That is the core of Akamai’s approach.
In Chokshi’s view, the future of secure digital business will revolve around trust. Whether a request comes from a user or an autonomous agent, organizations will need a way to verify identity, confirm intent, enforce guardrails, and continuously monitor behavior. This will define how companies operate and how they protect themselves in a world where automation is the default.
