Home Insights Your Security Logs Are Becoming Your AI Discovery...
Inbound Qualification

Your Security Logs Are Becoming Your AI Discovery Dashboard

MT
Michael Thomas Co-founder & CEO, TailyX AI July 2026

A few weeks ago I started paying closer attention to a section of our daily security report I'd mostly been ignoring: AI discovery traffic. It was buried under exploit attempts and bot scans — the stuff that actually looked like a threat.

Then I looked at the numbers properly.

20 AI discovery requests in the last 24 hours. 1,354 over the last 60 days.

To be clear: this is expected traffic, not an attack. Our reports separate AI discovery from exploit attempts and bot scans — this is a growth signal, not a threat signal. But it's a signal almost nobody is treating as a signal.

I wasn't expecting that. I built TailyX's Agent API and MCP server because we believed agentic commerce was coming — but seeing over a thousand machine-driven discovery requests hit our endpoints in two months made it clear this isn't a "coming soon" trend. It's already running in the background of many API-first SaaS products, whether you're watching for it or not.

Here's what I think most teams are missing about agentic discoverability, and what our own logs taught us about where the gaps actually are.

Discoverability is a stack, not a file

The common advice right now is "publish an llms.txt and you're done." That's a start, not an answer. Our logs show discovery agents probing a much wider surface:

  • /agent/v1/lookup — 161 requests (60d)
  • /.well-known/openapi.json — 112 requests
  • /.well-known/traffic-advice — 88 requests
  • /.well-known/security.txt — 51 requests
  • /.well-known/agents.json — 58 requests
  • /.well-known/ai-catalog.json — 24 requests

That's OpenAPI specs, agent manifests, catalogues, and traffic policies — not one canonical file, but an ecosystem of machine-readable entry points. If you've only shipped llms.txt, you're indexed for one discovery pattern and invisible to a dozen others.

The file everyone tells you to build isn't the one agents actually want

Here's what surprised me most in the raw log: llms.txt — the file every "how to prepare for AI agents" guide tells you to publish first — sat at 37 requests over 60 days. Below agents.json. Below security.txt. Nowhere near the top.

Meanwhile a bare robots.txt-style check didn't even register as a distinct agentic discovery signal — because that file answers a different question. It tells crawlers what they're allowed to index, not what an agent can do on your behalf.

That's the gap in most of the current advice. llms.txt is a passive, descriptive document — it's markdown, meant for an LLM to read and summarize. It's not something an agent can execute against. The endpoints actually climbing our logs — openapi.json, agents.json, agent-card.json, traffic-advice — are all structured, machine-parseable, and actionable. An agent can read them and immediately know how to call your API, authenticate, and act.

In other words: llms.txt tells an agent what you are. The rest of the stack tells it what it can do about it. Agents are increasingly built to skip the "what are you" step and go straight for the "how do I act" step — which is exactly why the actionable manifests are outpacing the descriptive one.

Discovery is step one of a much longer chain

A working agent integration isn't a single request. It's a sequence:

Discover → Resolve → Read schema → Authenticate → Execute → Verify

Most companies stop after the first step. They publish metadata, agents find it, and nothing happens next — because there's no clean path from "I found you" to "I can act on your behalf." That's the equivalent of ranking on Google but having no checkout page.

Where our own funnel actually breaks

This is the part that surprised me most.

Our top discovery endpoint is /agent/v1/lookup — the domain-to-widget resolution step every integration has to hit first. Over 60 days it saw 161 requests. That tells us agents are finding the front door.

But in the last 24 hours, the report showed 20 AI discovery requests — and no agent API activity.

That gap matters.

Discovery traffic means agents are exploring. Agent API activity means they're actually doing something.

When you line up lookup volume against schema requests and submissions, you get a much more honest picture than raw traffic numbers:

  • Lookup high, schema low → agents are finding you but not being handed off cleanly.
  • Schema high, submit low → agents understand the API but can't confidently act.
  • Submit present → real execution is happening.

The gap between stages tells you more than the stage itself.

A thousand lookups and zero submissions isn't an agentic commerce win. It's a funnel with a wall in it.

Why this matters now, not later

Search Console told you how humans found your site. Your agent traffic logs tell you how AI systems are trying to transact with your business — and unlike human funnels, this one has almost no tooling built for it yet. Most teams aren't looking at this data at all, let alone segmenting it into a funnel.

That's the opportunity. The companies that instrument this now — treating agent discovery logs as a product analytics surface, not just a security log line — will have a real head start figuring out where their agentic pipeline breaks before their competitors even know they have one.

My prediction: within the next year or two, "AI Discovery Dashboard" becomes as standard a product surface as Google Analytics is today. The teams that build it early get to fix their funnel gaps quietly, before it's a competitive requirement everyone's scrambling to catch up on.

If you're building agent-facing infrastructure and want to compare notes on discovery funnel design, MCP servers, or Agent API patterns — I'd genuinely like to hear what you're seeing in your own logs.

Ready to qualify leads automatically?

TailyX AI handles inbound qualification while you focus on clients.

Request Access →
MT
Michael Thomas
Co-founder & CEO, TailyX AI