In this episode of Smooth Scaling, José Quaresma speaks with Hans Skovgaard, Chief Technology and Product Officer at Queue-it, about a shift that is already underway and accelerating fast: the internet now carries more automated bot traffic than human traffic — and agentic AI is about to make that gap much wider.
Hans explains why the old model of "bots versus humans" is fundamentally broken, and why the real question is no longer who is visiting your site, but what their intent is. The conversation covers why autoscaling can no longer protect against the extreme traffic bursts that AI agents will generate, how to make bot attacks economically unviable, and what a future of AI agents buying concert tickets on your behalf actually looks like in practice. Hans also unpacks the evolving landscape of digital identity — from payment certificates to the EU Digital Identity Wallet — and what it means to build systems that can tell a genuine buyer from a scalper running 100,000 simultaneous requests.
With over 30 years of experience scaling systems, Hans offers a rare combination of technical depth and strategic clarity on one of the most consequential shifts in internet infrastructure happening right now.
Hans J. Skovgaard is Chief Technology and Product Officer at Queue-it, the Copenhagen-founded SaaS company whose virtual waiting room technology helps the world's biggest brands manage traffic surges and prevent bot abuse during high-demand online events. With over two decades of experience leading engineering and product organisations in Nordic software companies, Hans has built a career at the intersection of deep technical expertise and strategic leadership. Before Queue-it, he served as CTPO at Penneo, a Nasdaq Copenhagen-listed RegTech company, and as CTO and VP of R&D at Capture One, where he led the company's spin-off from Phase One, launched its first SaaS product, and shipped Capture One for iPad. Earlier, he held engineering leadership roles at Milestone Systems and Microsoft. He holds an M.Sc. in Artificial Intelligence from the University of Edinburgh and an MBA from IMD, and has published research at AAAI, IEEE, and ACM.
Episode transcript (auto-generated):
José
Hello and welcome to the Smooth Scaling Podcast, where we speak with industry experts to uncover how to design, build, and run scalable and resilient systems. I'm your host, José Quaresma, and today we have the pleasure of chatting with Hans Skovgaard. Hans is the Chief Technology and Product Officer here at Queue-it, and he has over 30 years of experience scaling systems and software organizations, with a specific focus on software and AI systems. We had a great conversation about the future of online traffic in the age of agentic AI and the challenges it brings to traffic orchestration. If you like this episode, please subscribe and leave a review — it really helps the podcast. Enjoy.
Welcome, Hans. It's great to have you on the podcast.
Hans
Thanks.
José
So we'd like to start with the fact that, these days online, we've already crossed the tipping point. We're now seeing more automated bot traffic than human traffic. And for many industries, that means you can no longer assume that the traffic coming into your website is from a real person. Can you start by sharing what online patterns we're seeing today?
Hans
Yeah, we're seeing many things and it's going really, really fast. There's a big shift going on, and I think everybody who works with computers every day feels it. Everybody's going from using link-based searches to asking AI to provide information, and that drives traffic tremendously. In January, Akamai saw that the traffic generated by AI agents doubled in one month. Maybe not the biggest number yet, but if that continues... We all feel it. When did we last use Google in the old-fashioned way? It's almost going away overnight, and that is a big shift happening right now.
José
Yeah, I recognize that myself. I haven't used Google or any other search engine to search anything in a long time — I just go into one of the agents, ask about it, and usually get an answer I'm pretty happy with. So I guess it really is a trend.
Hans
Gartner predicts that by 2030, 80% of all searches — or looking for things you want to buy — will be done through agentic AI. And 20% of all online purchases will be made by AI. That seems a little conservative to me, but you also have to account for the fact that our mothers need to come around and trust that they can actually rely on an agent to make a purchase for them.
José
Yeah, and that will also impact our waiting rooms and how we handle that. But I'd like to get back to that later. First, I want to ask a bit more about the bots side — because before, almost all bots were bad bots. Of course, that wasn't always the case, but it often was. Now we're seeing that shift. And from the bad bots perspective, we're also seeing them get faster, smarter, and harder to stop.
Hans
Yeah, and it's going to be much, much easier for people without deep technical skills to create bad bots, because now you have agentic AI that can help you create them very easily. So there's going to be even more strain on separating what we'd call good intent from bad intent. In the past, we separated bots from humans and said humans are good and bots are bad. That distinction has to change — it needs to shift from bots versus humans to good intentions versus bad intentions. You can have agents with good intentions and humans with bad intentions. That is a big shift, and it's going to be tricky to handle.
José
Yeah, and I really see that the world we're in now, with the AI tools we have, it's like what often happens with powerful technologies and big shifts — it's a powerful tool that can be used both for good and for bad. It brings some really positive advances in many areas, but it also makes it harder to fight the bad actors, because it makes them more powerful too.
Hans
Absolutely. And if we look at, for example, the people who want to attract visitors to their site, they will now start transforming their sites to also cater for agents. Because you actually want the good agents to have a good experience and find the information they're looking for. That's going to be a big transformation — and it's going to happen first in the e-commerce space, where vendors are thinking about how to build an API-first interface where agents can ask: do you have this in inventory, what's the price, and so on — without having to act like a human clicking through a website. And that is going to open a new entry point for how to access a site.
José
And still from the bad bot perspective — how does that impact the volume of potential traffic and attacks? I would guess it makes it easier to generate big bursts of volume?
Hans
Agentic AI could build up traffic in 10 seconds. If agents figure out that something goes on sale at 10:00, they're all going to be there at 10:00:01 — not 10:00 while opening a browser and clicking around. So bursts are going to be even more violent than we see today. Autoscaling isn't going to be the answer — it may get faster, but this problem just multiplies exponentially, because intelligent programs can act at exactly the same point in time.
José
And do you think all industries are being impacted? Probably not equally, but are you seeing it across the board?
Hans
I think we haven't seen the full impact yet. E-commerce is a front runner because they really want to cater to these agents. We're currently involved in two projects — one in Japan and one with a large e-commerce retailer — on how to funnel agent traffic through the same queue as human traffic, so that being an agent doesn't give you an advantage. And of course, what we need to work on is how we then separate good bots from bad bots, because there's a lot of thinking going into that.
Bots are still going to be able to mimic humans going through a website, so there will still be a need for bot detection. It's also a matter of cost — we need to find the traps and honeypots that make it expensive for a bot. You might be willing to pay 50 cents in compute to get into a queue. But if you're trying to place 100,000 entries, the cost becomes exorbitant.
On the other side — more on the agentic AI purchase side — an agent needs to be able to identify itself as capable of performing a credit card transaction. That agent identity piece is very much in flux right now. Visa, Mastercard, they all have new thinking about what protocol should be used to validate that there is a real credit card behind the agent capable of completing a transaction. That's something we as a queuing company need to follow closely and support.
I was talking to a major hyperscaler in January and they'd come up with a new protocol — had a three-letter abbreviation. I said, "Do you realize that two weeks ago, another company launched a protocol with the same three-letter abbreviation?" There was silence, and then it became a four-letter abbreviation instead. Things are moving really, really fast. There's Google's Universal Commerce Protocol and others. There's no standard yet — it's probably going to be one of those situations where somebody says, "There are 14 now, let's create the 15th, which will then become the standard." It'll be a bit of a Wild West for a while. But we need to support all the protocols out there.
José
And what's the North Star here — the ideal success flow? Is it just me as a user telling my AI agent: "Tomorrow tickets go on sale for this artist, go buy me two in this section of the stadium" — and then the AI agent handles everything, including going through the waiting room?
Hans
The AI agent will probably have a certificate issued by some certificate provider that defines what it can buy, in what timeframe, and for approximately how much. So it won't just be given a credit card and told to go crazy. There'll be some kind of scoped authorization — and that certificate will expire, so you don't end up with agents running around three years later buying tickets you never wanted. There are definitely very interesting things in development around how these automatic purchases will work.
José
And I imagine one part of this puzzle is the agent proving it has a credit card or certificate to make a purchase. But on the other side, there's also the question of proving it's representing a specific person. Are we seeing the proof of payment ability become the same thing as the proof of a person being behind it?
Hans
I don't think we can fully recognize that there's a person there. But you could say: if Visa's certificate confirms there's a credit card, you assume there's a person behind it. One thing that will help us is that right now you can place 100,000 entries in queues with one credit card. But if you go through the agentic channel with a certificate, we can see, "You're already here — it's the same certificate." And Visa is going to limit how many credit cards one person can actually have. That may reduce some of the bot load through the agentic channel. But bots will still try to mimic humans, and for a long time we'll have to deal with traffic orchestration that gives a fair experience to both agents and humans with good intent.
José
Yeah, that's a very hard problem — but it's also what makes it exciting. From our platform's perspective, is there anything specific you'd focus on? Is the API side more ready for the agentic AI world? What are the main things you see us doing differently?
Hans
At least when it comes to bots that go through the human-like website path, we need to come up with a new class of challenges that are computationally expensive for AI. They need to be more dynamic, more frequently changing — easy for people to solve, hard for bots acting as humans. Then of course we also need to mix that with agentic AI going through APIs, and create challenges there too. Even though IDs are coming, they're still in their infancy.
It'll be up to our customers to decide: do we only allow traffic with an ID through this channel, or do we allow traffic that can't identify itself with a purchase capability? That might still make sense for e-commerce — you might want an agent to browse five sites and compare prices. But at checkout, the rules might be different and much stricter. That flexibility is what our system needs to give customers — how do they manage different risk levels at different stages? Less strict when people are accessing the site, much stricter when it comes to an actual purchase.
José
You mentioned that challenges will need to evolve too, and that goes back to the layered defense approach. I was thinking about CAPTCHAs — for a long time they were the go-to, but these days I think it's probably harder for a human to solve them than for a bot. I sometimes struggle to prove I'm not a bot myself. It's a very exciting space — what can we build that's super easy for humans but super hard for bots? It sounds like a tough challenge.
Hans
It's a tough challenge. On the dark web, if you want to buy a thousand solved challenges, you can. And you don't actually know if it's 200 people solving them or some AI — the price may not be that different. But it has to drive a cost to be meaningful. And the more agents have seen the same challenge, the less compute they need — they just train on that specific problem. So having the problems change frequently is super important for it to remain hard to solve.
José
And getting back to the layered approach — beyond challenges, are there other components or layers you think we need to keep focusing on in the fight against bad bots?
Hans
We just have to, as a company that faces these problems first, keep monitoring how things develop. But one thing that isn't entirely about bots — it's more about traffic volatility — is that we really need to keep improving the performance of our systems, because the volatility is going to increase. Right now our system is prepared for a certain level of volatility and handles it really, really well. But that ceiling is going up. We need to build more buffer, scale faster, and so on. We're not immune to these changes. But for our business, it's most likely a good thing — because it's going to be a problem for everybody, and they'll need some sort of solution to manage the volatility that is, honestly, going to go out of control. And based on what we're already seeing with the increase in agentic AI traffic, it's going to come really fast.
José
I was also thinking — one side of the coin is identifying bad bots and blocking them, but the other side is identifying real people and letting them in. Here in Denmark and the Nordics, we have MitID — it helps people identify themselves in digital services. Is that something you see playing a role in our system?
Hans
It is a possibility. In the Nordics it's BankID, in Belgium it's itsme, in Germany they have the Ausweis app — and so on. But it's quite scattered and quite hard to integrate, because you need to go through brokers, and the transactions can be expensive. MitID is relatively cheap, but elsewhere you might pay a euro per transaction to validate someone's identity, and it's not always clear who's footing that bill.
What is very interesting is the new EU Digital Identity Wallet. By law, by 2027, all EU member states are supposed to make a wallet available that can be used for transactions across borders — so that everyone in Europe can identify themselves through a common system. But that's also competing with Visa and Mastercard, who want to provide similar services. We're on the receiving end — we need to support whoever wins. It's a super interesting area to be in, because it's evolving month by month.
José
And hopefully... do you think it will be a winner-takes-all scenario at some point? We're now seeing a lot of different protocols, but do you think they'll converge?
Hans
I think at some stage there's going to be a consolidation to a few protocols, and maybe a standard will emerge. But there are also other ways of identifying yourself beyond a credit card — a Google account, an Apple account. Those at least limit the number of accounts someone can realistically create. They go to quite some lengths to prevent abuse.
There's also reputation building. If an agent can say: "I bought socks on this platform four years ago, I've made purchases in Target, I'm in Taylor Swift's fan club" — that's probably a pretty good indicator that you're a real person who wants two tickets, not a thousand to resell. That kind of reputation-based proof is a bit further out, but it's something a lot of people think will become more prominent.
José
And I think with the passport verification angle, we get even further into the trust component. Not everyone would trust a service by default that requires uploading a picture of their passport. So that balance between verification and trust is really important.
Hans
Yeah, and it is possible today — there are apps that can validate any passport from anywhere in the world. But you need to download an app, and those transactions are even more expensive than MitID or BankID. The interesting part with the EU wallet is that you'd get a digital certificate of who you are. It'll be interesting to see how much uptake it actually gets.
José
We'll be here to see it. Maybe we can do another episode in a few years and follow up on the state of the world — how our waiting rooms are adapting to agentic AI, and how traffic orchestration is evolving across everyone's systems.
Hans
Yeah, and I think Queue-it is in a super exciting position in the market right now. The volatility, the bot detection, the good intent versus bad intent question — there are a lot of complex things that need to be solved. And we're uniquely positioned to be key to solving them. Somebody's got to do it. It's not for the faint-hearted. We've seen the peaks of internet traffic and handled them. And those peaks are going to be even bigger and more intense in the future. So there's a very interesting future ahead for the engineering team at Queue-it.
José
I think to wrap up, we like to do a few rapid-fire questions. First: do you have any advice for someone just starting out in this industry and in the kind of work we do?
Hans
Agentic AI is changing both our environment and how we work every day. We see massive changes in an engineering department — in how our processes work and how individuals work. And that's all exciting. With agentic AI, you've got to be looking for: where does it create problems, and what problems are unsolved?
There's a tendency to think AI will solve everything. Somebody remembers when we were promised self-driving cars — we're slowly getting there, but there was a bit too much optimism on how fast things would change. Industrial revolutions happen, but they take time. That said, on the internet traffic side, I'm genuinely surprised by how fast the traffic patterns are changing.
José
Is there a book, podcast, or any other material you'd recommend on this topic?
Hans
That's actually a good question. I was looking for good resources on internet traffic, and reports that are six months old are already outdated. You almost have to go look at what Fastly, Cloudflare, Akamai, and Thales are publishing right now. Because that's the reality — it's moving so fast that something six months old might be completely wrong. Maybe in six months you'll look back at this podcast and say, "Oh, we got it so wrong."
José
Maybe. Or maybe we got it right — time will tell. And last question: what does scalability mean to you?
Hans
Scalability is — it's both the ability to handle the load technically, but also to manage a good experience around it. Because you could in principle put someone on a phone queue that works perfectly well, and 12 hours later they've had the worst experience of their life standing there with their phone. So handling scalability while also creating a user experience that is meaningful and acceptable for whoever has to wait — honestly, even if it's a bit of a rough situation — is super important. And it's what differentiates a good solution from a bad one.
José
Awesome. Thank you for coming by, Hans.
Hans
Thank you for having me.
José
And that's it for this episode of the Smooth Scaling Podcast. Thank you so much for listening. If you enjoyed it, consider subscribing — and perhaps share it with a friend or colleague. If you want to share any thoughts or comments with us, send them to smoothscaling@queue-it.com. This podcast is researched by Joseph Thwaites, produced by Perseu Mandillo, and brought to you by Queue-it — your virtual waiting room partner. I'm your host, José Quaresma. Until next time, keep it smooth, keep it scalable.
[This transcript was auto-generated and may contain errors.]