eCommerceNews UK - Technology news for digital commerce decision-makers
United Kingdom

Guides

#
commerce systems
#
customer data platforms
#
data analytics
#
digital signage
#
payment technologies

Search

Simon wistow
#
Firewalls
#
Edge Computing
#
Physical Security

Setting boundaries for AI bots' exploitation of web content

Tue, 23rd Dec 2025
By Simon Wistow, Co-Founder, Fastly

Artificial intelligence systems' appetite for web content is growing at an alarming rate and publishers and the open web need to be prepared. Increasingly AI bots are scraping vast quantities of digital information - from news articles and product descriptions to user reviews and support documentation - often without permission or attribution. 

Harvesting is central to the development of large language models (LLMs), but it presents a challenge for businesses in how to regain control over the commercial value and security of their digital assets.

It is important to distinguish between different classes of AI bots. Some crawl the web at scale to collect training data used to build LLMs, the focus of much of today's debate around scraping and consent. Others operate quite differently, using Retrieval Augmented Generation (RAG) to fetch up-to-date articles and data in real time to answer specific user queries. While both classes of AI bots rely on access to web content, they pose distinct challenges and should not be treated as a single, homogeneous threat.

Some AI bots are less predictable and less compliant, and many actively ignore standard protocols like robots.txt which were designed to inform bots of acceptable behaviours. This shift from rule-abiding indexing tools to evasive data harvesters is causing some sites to experience huge spikes in web traffic, resulting in substantial and ongoing financial costs. It demands a reassessment of how we protect web content in an age of automated intelligence.

Hidden guests on your website

AI bots today are highly sophisticated and able to avoid detection, by tricking browser headers, rotating IP addresses or routing traffic through anonymised proxies. This makes them difficult to detect without sophisticated tools. Their activity adds pressure to infrastructure, inflates costs and can expose organisations to inadvertent data leaks, particularly when proprietary or licensed content is involved.

The impact is already being felt among digital publishers, eCommerce platforms and SaaS providers in particular. Curated high-value web content is at risk of being ingested by AI systems without context, credit or compensation. As the economic models behind generative AI begin to mature, the imbalance becomes even more astute. Content trains their model and their model undercuts engagement.

Legal ambiguity, practical urgency

The legality of AI scraping remains murky. Courts are still weighing up how copyright law applies when LLMs are trained on public-facing content. In the meantime, the onus falls on organisations to take practical steps to defend their digital value. Good behaviour will not prevail in these circumstances. The content that is worth stealing is already being targeted.

Organisations that work in publishing and eCommerce need smarter, more adaptive defence mechanisms. The goal should not be to block all automation, but to distinguish between legitimate use cases (such as accessibility tools or recognised search bots) and unverified, unwanted scraping activity.

Three lines of defence

Taking control of digital content is therefore a necessity. Companies that ignore AI bots' advances today risk losing both content and business value tomorrow. The question is therefore not whether AI will use your content, but how it will happen and on whose terms. This is why content creators must also set the terms and consider three concrete solutions. 

Modern web application firewalls and bot management systems can detect even malicious or evasive AI bots, even when they try to hide. These tools work by recognising patterns in how the bots behave on websites. They can also distinguish between different types of AI bots and determine which ones should be granted access.

Secondly, businesses should have the power to choose how to respond once suspicious traffic has been identified. Some might decide that a full-on blanket ban of all AI agent types or IP ranges is the way to go. Conversely, others may serve obfuscated content to AI bots whilst retaining full functionality for human users. In higher value sectors, there's a growing push towards licensing frameworks where AI companies are required to pay for structured access. The point is there are a range of options. Creators deserve the ability to choose what to do about the bots that exploit their content.  

Finally, invisible but traceable signatures embedded within content - sometimes referred to as 'digital watermarks' - can help organisations track how and where their content is used downstream. This is especially useful when identifying whether material has been incorporated into AI-generated outputs, supporting claims of misuse or establishing eligibility for compensation.

AI access: not if, but how

It's important to accept that no strategy will guarantee perfect exclusion. Determined external actors will find ways to adapt and break through defences, but it is about setting the terms. That means deciding what is shared, with whom and under what conditions. Businesses should not wait for regulatory clarity to act because this inertia is costing them when the tools to defend digital content are out there in the world. 

AI scraping works provided that it is used within fair, transparent frameworks. There are platforms that support real-time AI applications, from inference acceleration at the edge to secure data exchange. But innovation should not come at the expense of content creators and digital service providers.

The internet is built on mutual value exchange. Users receive free access to content in exchange for ad views or subscriptions. AI disrupts that model by decoupling consumption from engagement. Reasserting boundaries doesn't necessarily mean shutting the door on AI, but it does mean keeping that value exchange intact and sustainable.

Final thoughts

AI bots are already reshaping the digital ecosystem, but it is still very much an emerging phenomenon. Most publishers are figuring out how AI bots interact with their content and what the crawlers mean for control, cost and value over time. 

This challenge is not being tackled in isolation. There is a growing ecosystem of companies - from Fastly to TollBit and Supertab to Dappier - that are developing tools to help publishers regain visibility, enforce permissions and monetise access. At the same time, the industry is starting to coalesce around shared standards and best practices that can bring greater clarity and consistency to how AI systems access the open web.

Whether an organisation is ready or not, its content may be contributing to systems it cannot audit and models it cannot influence. The equation can be rebalanced by deploying adaptive controls, investing in real-time visibility and asserting licensing terms where appropriate. This is a strategic move in which setting boundaries today means ensuring resilience moving forward into 2026.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Rebecca Dawson hailed in UK list of inspiring women
AI in eCommerce delivery to headline London TDC 2026
ProGlove unveils AI tools to cut strain, boost safety
Moglix unveils Cognilix AI OS, plans USD $5m research
IDeaS scores triple recognition at 2026 HotelTechAwards

Top stories

UK businesses brace for 2026 fiscal strain & AI oversight
Akeneo unveils AI‑driven Winter Release for agentic commerce
Hendrix Rose PR to boost Verde Digital’s UK profile
Targa Telematics links OEM data to Motability fleet
Connecting global workforces through intelligent video