The Anti-Bot Vendors' P&L: AKAM, FFIV, FSLY

Every web scraper has an adversary with a quarterly earnings call, and that adversary is winning the segment of its business that matters most. In their most recent reported quarters, all three listed bot-mitigation vendors — Akamai, F5 and Fastly — grew their security lines faster than the legacy content-delivery businesses those lines are replacing. Akamai’s security segment reached $590mn in the first quarter of 2026, up 11% year on year; Fastly’s security revenue grew 47% to $38.8mn; F5’s product revenue, where its bot-defense software sits, rose 22%. The defense is compounding, and it is compounding on the data-extraction industry’s side of the ledger.

That matters because the cost a scraper pays to reach a page is not set in a vacuum. It is set by how much detection infrastructure the target has bought — and the vendors selling that infrastructure are reporting the demand in dollars.

Akamai now books more security than delivery

Akamai’s first-quarter 2026 numbers make the rotation explicit. Total revenue was $1.074bn, up 6%, but the composition tells the real story: security at $590mn now accounts for roughly 55% of the company, growing 11%, while the Delivery segment — the original CDN business — fell 7% to $389mn. Cloud Infrastructure Services jumped 40% to $95mn, lifted by a $1.8bn, seven-year commitment from a frontier AI-model provider.

Management tied the security demand directly to automated attack volume. On the call, chief executive Tom Leighton said the company had in recent weeks neutralised “a series of app-layer attacks with millions of malicious requests per second from millions of widely distributed IPs,” and the CFO named web-application-firewall, API-security and Guardicore segmentation as the products driving the quarter. For anyone running a crawler, the read-through is plain: the budget Akamai customers spend on WAF and API protection is the same budget that turns a clean 200 response into a challenge page. The stock closed down 4.34% at $116.69 on the print, as a four-point drop in GAAP operating margin — to 11% from 15% — soured the market on the cost of the AI build-out.

F5 hides bot defense inside a 22% product line

F5 does not break out a security or bot-mitigation segment, which is itself instructive. Its second-quarter fiscal 2026 results reported total revenue of $812mn, up 11%, with product revenue up 22% — a seventh consecutive quarter of double-digit product growth. Systems revenue rose 26% to $226mn and software 17% to $184mn; non-GAAP earnings were $3.90 a share, and the company raised full-year revenue-growth guidance to 7–8%.

F5’s bot-mitigation business — Distributed Cloud Bot Defense, the former Shape Security — sits inside that software line. It targets exactly the traffic scrapers generate: credential stuffing, fake-account creation and, named explicitly in F5’s own product materials, scraping. The company markets it as detecting “attacker retooling” without CAPTCHA friction, which is the polite way of saying it adapts faster than a static crawler can. Investors liked the trajectory enough to push the shares up 6.5% after the report. A vendor that can bury a friction product inside a 22%-growth line and raise guidance is a vendor whose customers are paying up for defense without flinching.

Fastly’s 47% security growth is the cleanest signal

Fastly offers the purest read on the cost-to-access curve because it isolates the number. First-quarter 2026 revenue was a record $173mn, up 20%, but security was the standout: $38.8mn, up 47%, now 22% of the total. Network Services — the core CDN line — grew just 11% to $126.2mn. Non-GAAP gross margin hit a record 65.1%, and remaining performance obligations rose 63% to $369mn.

The market’s reaction was the revealing part. Despite beating on revenue and earnings — non-GAAP EPS of $0.13 against an $0.08 consensus — Fastly shares fell roughly 38% after hours, because the core delivery business is decelerating even as security accelerates. That is the entire industry’s structural problem in one stock chart: commoditised bandwidth is a low-growth business, and the escape route every CDN is taking is to sell more defense against the automated traffic that scrapers represent. The faster the security line grows, the harder the wall gets.

What the opponent’s P&L implies for cost-to-access

Three vendors, three disclosure styles, one direction. Security grew 11%, 22% and 47% respectively while the legacy delivery lines stalled or shrank. The vendors are not merely defending; they are reallocating their growth strategy toward stopping the automated access that data-extraction operators depend on, and the AI-driven surge in both attack and scraping volume is the explicit demand driver each one cited.

The practical consequence is that the gap between hobby-grade scraping and infrastructure-grade scraping is widening on a vendor-funded schedule. As targets buy more Akamai WAF, more F5 bot defense and more Fastly security, the unmanaged residential and datacentre IPs that once worked degrade faster, pushing serious operators toward managed platforms — Apify actors, Bright Data’s proxy networks — that amortise detection-evasion R&D across many users. The same earnings calls that cheer rising security ARR are, read from the other side, a bill of materials for the rising cost of getting in.

These three P&Ls are a leading indicator, not a lagging one: detection spending booked this quarter becomes the access friction every crawler meets next quarter. Watch whether F5 ever breaks bot defense out as its own number.