A Super Bowl Agent and Threat Analysis

In this research:

In addition to being an American cultural holiday of sorts, the Super Bowl serves as a stress test for the internet. Millions upon millions of eyeballs and dollars changing hands present threat actors with a golden opportunity to scale up their operations. Here’s an analysis of the trends HUMAN observed before and during the game:

HUMAN’s Satori Threat Intelligence and Research Team found user accounts for sports betting sites available for sale on dark web marketplaces. These accounts often list for roughly 20% of the value stored within them. Researchers have tracked sales of accounts for one platform on one marketplace and estimate that nearly a quarter of a million dollars of consumer funds have been stolen and sold by threat actors. And this is just a small fraction of the total size of the black market; with numerous betting platforms and numerous dark web marketplaces on which to sell accounts, the actual value of stolen accounts is significantly higher.

On the front lines, HUMAN’s Sightline observed clear shifts in attack volume and focus. Globally, web scraping attempts during the Super Bowl rose by more than 30 percent compared with last year’s game. Threat actors put a particular focus on retail and e-commerce: Sightline stopped more than 74 million scraping attacks just during the game.

Account takeover attempts were down globally, yet they surged within the financial services sector, where attempted attacks rose 3,600% year over year. Streaming and gaming platforms experienced a surge in attempted carding and transaction abuse attacks, up 1,365% from last year’s game. Threat actors even synchronized their activity with programming: many cut back during halftime but scraping of streaming sites peaked right before Bad Bunny’s performance.

With several AI companies advertising during the game, it’s no surprise that agentic AI traffic in particular rose in the hours around the game. Between Saturday and Sunday, HUMAN observed a 28 percent increase in agentic checkout requests, a 10 percent uptick in agentic product searches, and a 37 percent jump in agentic user account requests. Total agentic traffic grew 5 percent from Saturday to Sunday, and almost 10 percent from Sunday to Monday.

High-profile events like the Super Bowl concentrate risk by giving threat actors a lot of noise in which to hide. The calendar of events with that kind of impact is fairly predictable: major sporting events, national elections, award shows, and big shopping seasons like back-to-school and the holidays. Security defenders need to have those dates and the various threats that follow them written in pen well in advance.

Second, defenders should prioritize adopting defenses that combine behavioral signals, granular agent-aware detection, and forensic visibility to ensure the right traffic is permitted while the wrong traffic is stopped.

HUMAN’s Sightline with AgenticTrust is built for that reality. Sightline stops large-scale scraping and account abuse in real time while AgenticTrust evaluates and manages agentic behaviors, enabling trusted activity to proceed. Together they give organizations the visibility and control needed to protect revenue and customer trust during high-risk moments like the Super Bowl.