SignalFeed

OpenAI's $850B IPO Is Filing at 35x Revenue While Losing Money — Here's the Math That Actually Matters

Agent-generated events are inflating SaaS engagement metrics while human retention quietly deteriorates — and most product teams have no idea it's happening.


Netlify's infrastructure team published a quiet data point in February 2026 that should have set off alarms across every SaaS product organization: 80% of new account signups on their platform were AI agents, not humans. If agent signups were creating corresponding session events and being counted in Netlify's active user metrics, their DAU/MAU would look spectacular. The humans in it would be a minority.

This is the contamination problem that most product analytics teams haven't confronted yet. HUMAN Security's 2026 Automated Threat Intelligence Report documented that AI agent-generated traffic grew 7,851% in 2025 — and that growth is concentrated in exactly the layers where SaaS products instrument their most important engagement metrics: API calls, session events, feature interactions.

The result is a slow-motion distortion of the metrics product teams use to make their most consequential decisions: when to declare activation successful, when to escalate a retention risk, when to celebrate DAU growth as evidence of product-market fit. If a significant fraction of your "daily active users" are automated workflows rather than humans, every one of those decisions is made on corrupted data.

Why Your Analytics Platform Can't Tell the Difference

The fundamental problem is that modern product analytics stacks were architected before AI agents became mainstream API consumers. Amplitude, Mixpanel, Segment, and their competitors all operate on the same model: an event is an event. A `user_signed_in` event from a human opening Chrome and typing their password is instrumented identically to a `user_signed_in` event from an n8n workflow authenticating via API key rotation. Both increment the DAU counter. Both appear in the retention cohort.

This isn't a flaw in the analytics platforms — it was a reasonable design choice when the universe of "users" was overwhelmingly human. But the assumption has broken down. Matomo's March 2026 analysis of web traffic composition found that automated agent traffic now exceeds human traffic on many B2B developer tools by volume. The platforms that instrument those tools haven't adapted their data models.

The specific mechanisms of contamination differ by product type, but the common thread is that agents generate high-volume, repetitive interactions that inflate engagement counts while contributing zero signal about human product satisfaction.

API consumers. Any product with a public or developer API will have agents authenticating and making calls. These register as active sessions. If your API supports reading user data, creating records, or triggering workflows, expect agents to be among your most "engaged" users by event count.

Integration layer. Zapier, Make (formerly Integromat), and dozens of similar platforms trigger SaaS actions on human-configured schedules. A Zapier workflow that syncs a CRM field every 15 minutes generates 96 API calls per day — and if those calls authenticate as the user who set up the Zap, the user appears "active" every single day even if they haven't opened your product in months.

LLM plugins and connectors. ChatGPT's plugin ecosystem, Claude's tool use, and similar frameworks route AI assistant activity through your product's API. Every time a human asks their LLM "what's on my task list in [your product]?" the resulting API call registers as a user session.

Scheduled jobs and webhooks. Server-to-server integrations that use your API to push or pull data register as session activity in most instrumentation setups.

The Metric That's Hiding Your Real Churn Problem

The most dangerous effect of agent contamination isn't a cosmetically inflated dashboard number — it's that it masks early churn signals until they become too late to address.

Consider a typical contamination scenario: a B2B SaaS product with 1,000 human users and 400 agent identities (API keys, integration service accounts, or automation users). The product's analytics show 1,400 monthly active "users." Over six months, the human users begin churning — poor activation, weak engagement, a competitor making inroads — and human MAU falls from 1,000 to 700. But the 400 agent identities remain constant or even grow as the company adds more integrations. The analytics dashboard shows MAU declining modestly from 1,400 to 1,100 — a 21% drop that triggers a medium-priority review. The reality is a 30% human churn rate that warrants immediate action.

Amplitude's research on the 7% retention rule established that products with Day 7 retention below 7% almost never achieve sustainable growth — the cohort burns through too fast to build compounding engagement. That benchmark was derived from human user cohorts. If your Day 7 retention calculation includes agent sessions that never churn (because the automation is always running), you could be measuring 12% "retention" while your actual human Day 7 retention is 4%. The threshold that should trigger intervention appears to not be breached.

The month-1 retention benchmarks from Userpilot reinforce this concern: B2B SaaS products with month-1 human retention below 30% are in serious product-market fit trouble, but a contaminated metric showing 45% "retention" (because agent sessions don't drop off) won't trigger that alarm.

The Dual-Track Analytics Model

The fix is architectural, not just a dashboard tweak. Product teams that have addressed agent contamination have converged on a two-track model that measures human and agent activity separately and never blends them in retention or activation dashboards.

MetricHuman Engagement Track (HET)Agent Activity Track (AAT)
What it measuresReal user activation, engagement, churnAutomation health, API ecosystem breadth
Key KPIsDAU/MAU (human), Month-1 retention, activation rateAPI call volume, integration uptime, agent session count
Alert thresholdsHuman DAU drop >10% week-over-weekAPI error rate, integration failures
Who reviews itProduct, customer success, growthDeveloper relations, partnerships, infrastructure
Dashboard accessAll hands (it's the product health signal)Engineering and dev-rel teams

The HET is what drives product decisions. The AAT is what drives developer relations and integration roadmap decisions. Mixing them produces a signal that is useful to neither team.

How to Detect Agent Sessions: A Five-Step Audit

Here's a practical playbook for product and analytics teams to identify the contamination in their existing data.

1. Pull your top 100 MAUs by event volume. Sort your monthly active users by total event count descending. Agents are disproportionately represented at the top of this list because they generate events at machine speed — a single Zapier integration might generate more events per month than your 50th-percentile human user.

2. Inspect session characteristics for each top-100 account. For each account, examine: authentication method (API key vs. OAuth vs. email/password); session entropy (count of distinct event types divided by total events — agents have lower entropy); time-of-day distribution (agents are flat across 24 hours; humans cluster around business hours); and presence of UI events (mouse movements, scroll events, tooltip hovers — agents never generate these). Flag any account that scores as likely non-human on three or more of these dimensions.

3. Cross-reference with integration registrations. Check your integrations table for which user IDs have registered Zapier, Make, or API key credentials. These accounts should be classified as potential agent sources even if they also have human sessions (a single user account can have both human and automated activity).

4. Label and segment in your analytics warehouse. Once you've identified agent accounts, add an `is_agent` boolean to your users table and propagate it to your event stream. Apply the label retroactively if your warehouse supports it — this lets you restate historical retention curves on a human-only basis and see how your "real" retention has been trending.

5. Instrument future sessions with real-time detection. Add session-level agent detection at your API ingestion layer: check User-Agent strings for known automation agents (n8n, Zapier, Make, LangChain, various LLM frameworks), check for missing browser fingerprint signals, and flag sessions with request interval regularity below 30 seconds as likely automated. Tag these sessions at event time rather than retroactively.

What Good Looks Like: Human-Only Retention Benchmarks

Once you've separated human from agent sessions, your metrics will likely reset to lower absolute levels — which will feel alarming but is actually clarifying. Here are the benchmarks your human-only metrics should be measured against.

Userpilot's research on user adoption metrics established that healthy B2B SaaS products in 2025-2026 show human Day 30 retention of 40-60% for activated users (those who completed the core value-creation action in their first session). Below 30% signals an activation or onboarding gap. Below 20% signals a product-market fit problem.

For DAU/MAU, Revos.ai's analysis of SaaS engagement benchmarks found that strong horizontal SaaS products show human DAU/MAU ratios of 0.15-0.25 for their activated cohort. Vertical SaaS with daily workflow integration shows ratios up to 0.40. Below 0.10 for an activated cohort suggests the product isn't generating daily habit even among its most engaged segment.

The month-1 retention cliff — the steep drop-off in the first 30 days that is the leading predictor of long-term churn — looks meaningfully different on human-only data than on contaminated data. Signal's analysis of the three-day activation cliff documented that the critical intervention window for preventing month-1 churn is the first 72 hours. That window doesn't exist for agent sessions, which either work or don't based on API configuration rather than engagement quality.

The Two-Stream Architecture: Designing for 2026 Forward

Building the right infrastructure now prevents re-contamination as agent traffic continues to grow. The two-stream architecture is increasingly the standard approach.

Stream 1: Human Engagement Events. All browser-originated sessions, authenticated via OAuth or password, with browser fingerprint signals present. These events flow to your product analytics platform (Amplitude, Mixpanel, etc.) and drive your core activation, retention, and engagement dashboards. This stream is the source of truth for product health.

Stream 2: Agent Activity Events. All API key-authenticated sessions, webhook-triggered events, and sessions flagged as non-human by your detection layer. These events flow to a separate analytics view — often your data warehouse directly, bypassing the product analytics UI layer — and drive your developer relations, integration health, and API ecosystem dashboards.

The two streams share a common event schema but diverge at the routing layer. Segment can implement this with a destination filter; Rudderstack supports stream-level routing natively. If you're building on a custom event pipeline, the split happens at the event consumer level.

The critical architectural choice is where to make the human/agent classification. Making it at the client (in your frontend SDK) is fragile — agents can present browser-like headers. Making it at the API ingestion layer with server-side detection heuristics is more reliable. Making it as a post-hoc classification in your warehouse is most accurate but adds latency before metrics update. The recommended approach is a combination: server-side detection at ingestion for real-time dashboard accuracy, supplemented by warehouse-level reclassification nightly for accuracy on borderline cases.

Signal has covered the broader implications of this two-stream architecture in depth: the emerging standard for separating human and agent SaaS metrics and how PLG activation tracking gaps compound the problem when both agent and human events are measured with the same instrumentation.

Implications for Growth Teams and Investors

The downstream consequences of unaddressed contamination extend beyond product dashboards.

For growth teams, contaminated DAU/MAU affects channel attribution. If an email campaign drives signups that are disproportionately agents (e.g., developer newsletter signups that immediately register API keys), the campaign's "activation rate" will look excellent in aggregate while human activation is mediocre. Optimizing toward that signal wastes budget on developer-focused acquisition that converts to automation usage rather than human engagement.

For SaaS investors and boards, contaminated retention metrics are now a material disclosure risk. As it becomes standard knowledge that agent traffic inflates engagement metrics, sophisticated investors will begin asking for human-only retention breakdowns. Companies that have been presenting contaminated metrics as evidence of product health will need to restate their narrative — and in some cases their actual retention numbers will be significantly worse than what was previously reported.

For customer success teams, the risk is false confidence in account health scores. If an account's "engagement score" is driven by Zapier integrations rather than human logins, the CS team won't know to intervene before the human champion churns and no one renews the contract. Account health scoring models need explicit agent-exclusion logic.

The Path Forward: Making Agent Sessions a Feature, Not Noise

There's a reframing that's worth making explicit: agent sessions aren't just a measurement problem to be cleaned up. They're a signal about a new category of product usage that deserves its own product strategy.

If 40% of your "users" are automations, that's telling you something important about how your product creates value: a significant fraction of your business value is delivered through automation rather than human engagement. That's actually a moat — automated workflows are stickier than human habits because they're embedded in infrastructure rather than preferences. But it requires a different product strategy: API reliability and uptime matter more than UX polish; developer documentation is a growth lever; webhook reliability is a retention metric.

The product teams that will win in the agent-saturated landscape of 2026 and beyond are those that build distinct product experiences for each user type — and measure each with the right metrics. Treating agent sessions as contamination to be filtered out misses half the opportunity. The real move is to design for both tracks deliberately: an excellent human product that builds daily habits, and an excellent API product that embeds deeply into the automation ecosystems where agent traffic lives.

But you can't make that strategic choice if your metrics are blended. Separate first. Optimize each track second.

Takeaway: If your product has an API, webhooks, or any integration ecosystem, assume your DAU/MAU includes meaningful agent contamination until you've measured it. The immediate action is a top-100 MAU audit: pull your highest-volume accounts, inspect their session characteristics, and flag the non-human ones. Then split your analytics into a Human Engagement Track and an Agent Activity Track. Your HET numbers will likely be lower than your current blended metrics — that's clarifying, not alarming. The human retention signal is the one that predicts renewals, word-of-mouth, and long-term growth. It needs to be clean before you can trust it.

Frequently Asked Questions

What is DAU/MAU contamination from AI agents?

DAU/MAU contamination occurs when automated AI agent activity is counted alongside human user activity in your engagement metrics. Agents — including API integrations, workflow automations, and LLM-powered bots — generate API calls, session events, and feature interactions that look identical to human usage in most analytics platforms. Because platforms like Amplitude, Mixpanel, and Segment don't distinguish agent traffic from human traffic by default, your daily active user count can rise even as the number of real humans engaging with your product falls. The result is a false signal: your dashboard shows healthy or improving engagement while actual human retention is quietly eroding. HUMAN Security reported that agent-generated web traffic grew 7,851% in 2025, making this a mainstream problem for any SaaS company with a public API or integration ecosystem.

How do I tell if my DAU/MAU metrics are being inflated by AI agents?

Start by segmenting your active user counts by session characteristics. Agents typically exhibit patterns that differ from humans: they make requests at regular intervals (e.g., every 5 minutes) rather than irregular human rhythms; they access a narrow subset of endpoints repeatedly without the exploratory browsing patterns humans show; they don't engage with UI-only features like tooltips, hover states, or modal dialogs; they have extremely low or zero time-on-page for web sessions; and they authenticate via API keys or service accounts rather than OAuth or password flows. Pull a sample of your top 50 DAUs by event volume and manually inspect their session logs. If a large proportion are headless API sessions with no browser fingerprint, no mouse movement events, and repetitive action sequences, you have agent contamination. Tools like Heap and FullStory can show you session recordings that make agent vs. human behavior visually obvious.

Should I include AI agent activity in my retention metrics?

It depends on what question you are trying to answer. If you are measuring the health of your human user base — activation, engagement depth, churn risk — then agent activity is noise that should be excluded. Human retention is the leading indicator of your core product-market fit and the basis for most growth forecasting. If you are measuring API ecosystem health, developer adoption, or automation platform usage, agent activity is a first-class signal and should be tracked in a dedicated 'agent retention' metric. The best-practice answer for 2026 is to maintain two separate metric tracks: a Human Engagement Track (HET) covering real users, and an Agent Activity Track (AAT) covering automations and integrations. Each has its own DAU/MAU, its own retention curves, and its own alert thresholds. Conflating them produces a blended number that is useful to neither analysis.

What percentage of SaaS DAU is AI agents in 2026?

There is no industry-wide benchmark yet, but early data points are striking. Netlify reported in early 2026 that 80% of new account signups on their platform were AI agents rather than humans — a ratio that would completely invert traditional DAU composition if it held at session volume levels. HUMAN Security's 2026 bot traffic report found that automated agent traffic grew 7,851% in 2025 and now accounts for the majority of API call volume on monitored platforms. Individual SaaS companies that have audited their own metrics typically report agent contamination rates of 15-40% of DAU events, with API-heavy developer tools and automation platforms at the high end. The contamination rate is higher in products that offer public APIs, webhook endpoints, Zapier/Make integrations, or LLM plugins. If your product has any of these, assume some level of agent contamination until you have measured it.

How do I fix contaminated DAU/MAU metrics without rebuilding my analytics stack?

You don't need to rebuild from scratch. The fastest fix is to add a boolean `is_human` flag to every event your product emits, based on session-level detection at ingestion time. Detection heuristics include: presence of a browser User-Agent vs. API key authentication; session entropy (number of distinct action types divided by total events — humans have higher entropy than agents); time-of-day distribution (human traffic clusters around business hours; agent traffic is often flat 24/7); and request interval regularity (human click intervals follow a long-tail distribution; agent calls cluster around fixed polling intervals). Tag historical data retroactively if your warehouse supports it. Then create two views in your analytics tool: one filtered to `is_human = true` for product health dashboards, and one unfiltered for API ecosystem dashboards. This can usually be implemented in a sprint without changing your core instrumentation infrastructure.

What retention benchmarks should I use for human-only DAU/MAU in SaaS?

For human users specifically, the benchmarks that matter most are Month 1 retention rate (the percentage of users who return in their second calendar month after signup) and the DAU/MAU ratio for the activated cohort (users who completed the core activation event). For B2B SaaS, a healthy Month 1 retention rate is 40-60%; below 30% signals an activation or onboarding problem. A DAU/MAU ratio of 0.20 or higher for activated users indicates strong daily habit formation; below 0.10 suggests the product is not driving regular use. For the overall user base including non-activated users, DAU/MAU of 0.10-0.15 is typical for horizontal SaaS; below 0.07 signals that activation rates are too low. These benchmarks are for human-only segments — if you include agent traffic, your measured ratios will appear significantly higher than your actual human engagement health.