If your security software enforces a “no bots” policy, you’re only hurting yourself.
Bad bots
Yes, there are some bots you want to keep out.
“Scrapers” that obtain your proprietary data without your consent.
“Ad clickers” from your competitors that drain your budgets.
And, of course, non-human identities that fraudulently crack legitimate human and non-human accounts (ATO, or account takeover).
Good bots
But there are some bots you want to welcome with open arms.
Such as the indexers, either web crawlers or AI search assistants, that ensure your company and its products are known to search engines and large language models. If you nobot these agents, your prospects may never hear about you.
Buybots
And what about the buybots—those AI agents designed to make legitimate purchases?
Perhaps a human wants to buy a Beanie Baby, Bitcoin, or airline ticket, but only if the price dips below a certain point. It is physically impossible for a human to monitor prices 24 hours a day, 7 days a week, so the human empowers an AI agent to make the purchase.
Do you want to keep legitimate buyers from buying just because they’re non-human identities?
(Maybe…but that’s another topic. If you’re interested, see what Vish Nandlall said in November about Amazon blocking Perplexity agents.)
Nobots
According to click fraud fighter Anura in October 2025, 51% of web traffic is non-human bots, and 37% of the total traffic is “bad bots.” Obviously you want to deny the 37%, but you want to allow the 14% “good bots.”
Nobot policies hurt. If your verification, authentication, and authorization solutions are unable to allow good bots, your business will suffer.
Bredemarket 