Travel agents are back—but they’re not human. AI agents like ChatGPT, Perplexity, and Claude are no longer just research tools—they’re booking flights, reserving hotels, and planning complex itineraries on behalf of travelers.

For travel brands, this shift brings clear opportunities: new conversion paths, faster decision-making, and a more frictionless buying experience. But it also introduces a hard security reality. The same automation that helps travelers book can be used to scrape, manipulate, and defraud. 

The result is a dual challenge for cybersecurity and fraud teams: enable legitimate AI agent activity while stopping malicious bots—without adding friction that harms the customer experience.

Why travel is at the forefront of agentic commerce

Travel booking is inherently complex. Booking flows are information-dense and time-sensitive: availability changes quickly, pricing fluctuates, and customers often need to coordinate multiple reservations across time zones, currencies, and policy constraints.

This makes AI agents genuinely useful for consumers. They can compare tradeoffs and complete repetitive steps faster than a human at several different points in the booking process.

According to The Future of Search and Discovery Report, 38% of consumers have already used AI for shopping tasks, demonstrating that purchase decisions increasingly start with AI agents instead of traditional search.

This means even if you haven’t launched an “agentic booking” feature, AI agents and LLM-driven automation may already be interacting with the most business-critical steps of the customer journey.

The dual challenge: Enabling agents while stopping threats

Basic bot detection focused on a simple question: is this traffic human or automated? If automated and unwanted, block it. That approach fails when legitimate AI agents represent valuable customers.

The new challenge requires verifying identity and evaluating behavior in real time, distinguishing between:

• Legitimate AI agents acting on behalf of real travelers to research and book trips
• Malicious bots & AI agents designed to scrape pricing data, hoard inventory, or execute fraud. 
• Compromised or spoofed agents that start as legitimate systems but get hijacked or impersonated. For instance, Galileo, DataDome’s threat research team, recently identified that 80% of AI agents do not declare themselves properly when visiting websites.

This requires moving from simple bot detection to intent-based trust management. The question isn’t “what is this?” but rather “what is it trying to do, and should we allow it?”

For Dohop, a B2B travel platform serving dozens of major airline partners, DataDome plays an integral role in protecting their systems and maintaining trust with airlines. 

“DataDome helped Dohop cut bot traffic by 70% during peak travel season, blocking over 3 million malicious requests in a month and keeping 75+ airline partners protected when it matters most,” said Kristjan Gudni Bjarnason, CTO of Dohop.

Three critical threats facing the travel industry

1. Agent takeover and account fraud

When customers delegate purchasing authority to AI agents, those agents become high-value targets. If a fraudster compromises an agent’s credentials or hijacks a session, they can make unauthorized bookings, drain loyalty points, and access personal information like passport and credit card details.

An attacker who gains control of an agent acting on a customer’s behalf can execute fraudulent transactions that appear completely legitimate, bypassing traditional fraud detection systems designed to spot unusual human behavior patterns. When the buyer isn’t human, those behavioral signals lose their predictive power.

Over 90% of travel and hospitality websites are not fully protected against simple bot attacks, according to our 2025 Global Bot Security Report, making heightened security critical to prevent account takeover as agentic commerce grows.

2. Inventory hoarding and price manipulation

AI agents can systematically scrape prices, inventory levels, and availability data at machine speed. Competitors use this intelligence to undercut your pricing. Malicious actors exploit it to manipulate market dynamics by holding inventory without completing purchases, artificially inflating demand, and reducing availability for genuine customers.

The challenge is that legitimate AI agents also make rapid, repeated requests while researching travel options. You need real-time behavioral analysis to distinguish between an agent comparing flight options and a scraper extracting your entire pricing database.

Rail Europe, which aggregates train tickets across Europe, uses DataDome to protect against scraping bots, credential stuffing, and vulnerability scanning. After deploying DataDome, Rail Europe found that 30% of its incoming traffic was malicious, threatening its sales funnels and partner inventories.

3. Loyalty point abuse at scale

Travel loyalty programs represent billions of dollars in value, making them prime targets for automated fraud. Bots execute credential stuffing attacks, testing stolen credentials from data breaches. Once compromised, attackers can redeem points for flights and hotel stays or sell them on dark web marketplaces.

The business impact goes beyond the immediate loss of points. Loyalty fraud erodes trust in the program, increases customer service load, and can drive long-term attrition among high-value travelers.

The competitive advantage of getting agentic commerce right

Agentic commerce will reward travel brands that can enable automation safely. The winners won’t be the companies that “lock everything down,” or the ones that “let everything in.” They’ll be the ones who create trusted access.

When you can distinguish between legitimate agent activity and malicious automation in real time, you unlock practical advantages:

• Increased brand visibility: Support legitimate AI agent access to preserve your presence in AI search results and recommendations, while competitors who block all agents may jeopardize their discoverability.
• Better customer experiences: Protect conversion and user experience by avoiding unnecessary friction for real customers using AI assistance.
• Protected profit margins: Stop price scraping and inventory hoarding to preserve your competitive positioning and prevent the exploitation of pricing strategies.
• Stronger partner relationships: Clean traffic and secure systems help maintain trust with airline, hotel, and service provider partners.
• Preserved customer trust: Protect loyalty accounts and prevent unauthorized bookings to safeguard customer relationships and brand reputation.

These advantages will determine which travel brands thrive in the agentic era, and which fall behind. Learn how to prepare your business for the shift with DataDome’s agentic commerce guide. 

What comes next for the travel industry

Agentic commerce is not a future scenario; it’s an active shift in how traffic behaves and how purchases get initiated. The travel industry faces a new baseline: some automated traffic is legitimate, and some is not—despite appearing similar at first glance. 

Travel brands that make this transition successfully will capture the agentic commerce opportunity while protecting their infrastructure, their partnerships, and their customers’ trust.

DataDome’s platform analyzes 5 trillion signals daily, detecting AI agents at the protocol level and applying real-time trust scoring. For travel companies, this visibility is essential—you need to know which AI agents are accessing your systems before they can cause damage.

Test your site today for free to see if your business is vulnerable to AI agent and bot attacks and better prepare for the future of agentic commerce.