Booking a flight, comparing accommodations, and crafting a tailor-made itinerary… By 2026, entrusting these tasks to an AI agent has become second nature for many consumers.
The travel sector, with its volatile prices and countless variables, sits at the forefront of this quiet revolution. But this convenience comes with a downside.
For while AI agents simplify travelers’ lives, they simultaneously open the door to unprecedented fraud, more sophisticated and harder to detect. This is the stark assessment from DataDome, a specialist in bot protection.
A Security Paradigm to Reinvent
For years, the cybersecurity of e-commerce sites relied on a fairly simple principle: distinguish human traffic from automated visits, then block the latter. This binary logic is now obsolete. With the widespread deployment of AI agents acting on behalf of real consumers, the line between legitimate bots and malicious bots has become markedly blurred.
DataDome now identifies three categories of agents that platforms must contend with: legitimate agents, authorized by real users; malicious bots, designed to harvest pricing data; and, more insidiously, compromised or hijacked agents, which exploit legitimate systems to steal the identities of real consumers.
The challenge is no longer simply to detect bots, but to establish a trust model based on intent.
Travel sites, prime targets
The sector is particularly exposed. Its intrinsic complexity – fluctuating prices, real-time availability, coordination of multiple services – makes it a prime playground for malicious actors.
The threats are multiple. Account takeover lets a fraudster seize a session to make unauthorized bookings, steal miles, or expropriate sensitive data (passports, bank details) by evading traditional detection mechanisms.
Price and stock manipulation constitutes another threat: malicious agents can mass-extract pricing data to allow competitors to adjust their offers in real time, or artificially block inventories to create fictitious demand.
Loyalty programs, however, represent a prime target. Valued at $328 billion in 2024 according to MRFR, this market attracts bots that, using stolen credentials, accumulate points that they convert into aircraft tickets or hotel nights before selling them on the dark web. Beyond direct financial losses, this fraud erodes the trust of the most loyal travelers and weighs on customer service teams.
Becoming “AI-friendly” to safeguard reputation
Facing these risks, DataDome argues that travel players must undergo a strategic shift by becoming what it calls “AI-friendly” platforms capable of welcoming legitimate agents while neutralizing malicious actors in real time. The benefits expected include better visibility in recommendation engines, preserving margins, protecting partnerships and reputations in a sector where trust is the primary driver of loyalty.
