Grid of eight identical toy astronaut figures shot in x-ray style, with one figure highlighted in red among the uniform white grid

AI Crawlers Surge on Bank Websites, Radware Data Shows

Traffic from AI training and retrieval bots on financial services sites jumped more than 50% in a single month during the first quarter, new Radware data shows.

AI crawler traffic hitting financial institution websites surged more than 50% from January to February 2026 and stayed elevated through March, according to first-quarter data Radware published Thursday, the second installment in a two-part series on bot activity in the financial sector.

AI crawlers are automated bots, run by AI companies, that visit web pages and scrape data. Training crawlers download site content to feed AI datasets for large language model training. Retrieval crawlers fetch a specific page in real time to answer a live question inside a chatbot or AI assistant, like a search engine.

AI crawlers exist in a gray zone on the internet—they could serve useful purposes to businesses but can also be exploitative at scale,” report author Dhanesh Ramachandran wrote.

Crawling a public webpage is neither illegal or malicious. However, Radware argues this is a security and governance problem for banks. It outlines top concerns:

  • Unauthorized commercial reuse of proprietary pricing
  • Research and product data with no compensation or attribution
  • Rising compute and bandwidth costs from crawler load that banks never approved and can’t bill anyone for
  • A visibility gap, since most banks have no reliable way to tell which AI platform is pulling data off their site at any given moment
  • Compliance exposure — in an industry bound by GLBA and SEC disclosure rules.

“We don’t know who’s accessing our data” is not a position that holds up under examination, Radware argues. It also points out that the same security tooling banks already have put in place to catch bad bots is now being resource taxed by AI bots that typically us the same evasive techniques — rotating IPs, spoofed user agents.

Who Is Driving This Traffic?

The company’s first-quarter bot threat landscape report, found financial services are facing rising account takeover attempts and an expanding automated-traffic attack surface generally.

Radware said the bulk of AI crawler traffic comes from training crawlers that harvest loan and credit card product pages, market research and regulatory filings. A smaller but growing share comes from retrieval crawlers fetching information in real time.

Radware said Meta leads training-focused crawling and OpenAI shows a mix of both training and real-time retrieval traffic. AI crawler traffic on bank websites jumped over 50% in a month, Radware data shows, with Meta and OpenAI driving most of it.

Financial content is attractive to AI crawlers precisely because it is authoritative, frequently updated and considered a reliable training source, researchers wrote. Banks have limited tools to distinguish wanted crawling — such as from search engines they want indexing them.

Where bots have traditionally indexed sites for search engines and potentially triggered user traffic back to a site, which could be converted to new business, AI crawlers do not.

Photo by NEOS LEA on Unsplash

Author

  • Tom Spring

    Tom Spring is a cybersecurity journalist covering identity, AI, cloud security and enterprise risk. He is the founder of Security Point Break and former Senior Editorial Director at CyberRisk Alliance, where he led coverage for SC Media, MSSP Alert and ChannelE2E.

    An award-winning reporter, his work has been recognized by the Society of Professional Journalists, ASBPE and the Jesse H. Neal Awards. He focuses on cutting through cybersecurity hype to deliver clear, grounded reporting for security and business leaders.

Total
0
Shares

Leave a Reply

Previous Article
Fishing hook piercing a cracked smartphone screen showing a mobile banking checking account balance

RedHook Android Trojan Resurfaces with Root-Level Upgrade

Related Posts

Discover more from Security Point Break

Subscribe now to keep reading and get access to the full archive.

Continue reading