15 Jun 2026

57% of web traffic is now bots, and agentic browser traffic is up nearly 8,000% this year alone. That number should stop consumer finance leaders cold.

We've spent years obsessing over conversion rate optimisation, A/B testing hero images, and tweaking application journey copy to nudge human visitors through a funnel. Most of that work assumes a person is reading the page. Increasingly, something else is.

AI agents browsing on behalf of users don't experience your carefully crafted UX. They parse structure, extract information, and make decisions or recommendations based on what they can reliably interpret. If your loan product pages are built around visual hierarchy and emotional copy rather than machine-readable content, you are already losing share of voice in the channel that is growing fastest.

For UK consumer credit specifically, this creates a compliance question nobody is asking loudly enough yet. When an AI agent surfaces a loan product to a consumer, who is responsible for ensuring that recommendation is fair? The FCA's consumer duty requires firms to act to deliver good outcomes for retail customers. If an intermediary is now a non-human agent operating outside any regulated perimeter, the chain of accountability gets murky fast.

The practical implication for anyone running a credit broker or lender is this:

• Your SEO and content strategy needs to account for AI citation rates, not just Google rankings
• Your product information architecture needs to be structured for extraction, not just human readability

The metric shift matters too. Referral traffic from AI platforms is already trackable. Most marketing teams I speak to aren't tracking it yet, which means they have no baseline when it becomes significant.

We are in a window right now where getting your information architecture right for machine consumption is still a competitive advantage. In two years it will be table stakes. The firms that treat this as a web development footnote rather than a distribution strategy decision will find out the hard way that their products simply don't appear when an agent goes looking.

The identity problem with AI agents is not about passwords or MFA. It is about the fact that an AI agent operating inside your loan origination platform has entitlements, makes decisions, and leaves an audit trail — and most ISPM programmes were designed for humans sitting at laptops, not for software entities that act autonomously at scale.

For anyone running consumer credit operations in the UK, this matters right now. The FCA's expectations around operational resilience and Consumer Duty already require you to demonstrate that your systems act in customers' best interests and that you can explain why decisions were made. If an AI agent is touching application data, triggering affordability checks, or routing cases between queues, you need to know what it was permitted to do, what it actually did, and whether those two things match.

The concept of closed-loop remediation in the article is worth taking seriously. The traditional model — posture tool flags an issue, ticket gets raised, engineer fixes it three weeks later — is completely incompatible with how quickly agentic systems accumulate risk. An agent given broad entitlements on day one will have exploited that scope long before anyone reviews the access review report.

Two things UK technology leaders should be prioritising:

• Treat AI agents as non-human identities with their own lifecycle, from provisioning through to decommissioning, with explicit scope boundaries rather than inherited permissions
• Build audit evidence into the agent's execution loop from the start, not as a retrofit, because regulators will ask for it and you do not want to reconstruct it after the fact

The firms that get this right will have a genuine advantage when regulators start asking harder questions about automated decision-making in credit. The ones that treat AI agents as just another API integration will find themselves unable to explain their own systems.