For decades, the internet was celebrated as the great democratizer — an open frontier where information flowed freely, where anyone could publish, and where discovery was limited only by curiosity. That era is ending. A growing body of evidence suggests the open web is becoming hostile territory, overrun by bots, scrapers, AI-generated content, and surveillance infrastructure so pervasive that users and organizations alike are retreating into private, invitation-only spaces. Security researchers and technologists have begun calling this phenomenon the “Dark Forest” internet, borrowing a metaphor from Chinese science fiction author Liu Cixin’s novel The Three-Body Problem.
The concept is straightforward and chilling: in Liu Cixin’s fictional universe, the cosmos is teeming with civilizations, but none dare reveal themselves because any signal broadcast into the void could attract a hostile, technologically superior predator. The safest strategy is silence. According to a detailed analysis published by the OpenNHP Project, the same logic now applies to the internet. Exposing a server, a website, or even a personal identity on the open web invites attack — from automated vulnerability scanners, credential-stuffing botnets, AI content scrapers, and state-sponsored surveillance programs. The rational response, increasingly, is to hide.
The Bot Invasion and the Collapse of Trust
The scale of non-human traffic on the internet has reached staggering proportions. According to data cited by the OpenNHP Project, automated bot traffic now accounts for nearly half of all internet activity, and in some sectors the figure is considerably higher. Search engines, once the primary gateway to human-created content, are being gamed by AI-generated spam at industrial scale. Google’s search results have become noticeably degraded, filled with SEO-optimized but substantively hollow content produced by large language models. The company has acknowledged the problem and rolled out algorithm updates, but the arms race between AI-generated spam and AI-powered detection shows no sign of reaching equilibrium.
The consequences extend far beyond search quality. Websites that once thrived on organic traffic are seeing their content scraped, repurposed, and republished by AI systems without attribution or compensation. Major publishers, including The New York Times, have filed lawsuits against AI companies over unauthorized use of copyrighted material. Smaller publishers and independent creators have fewer legal resources and are often left with no recourse. The OpenNHP analysis describes this as a fundamental breakdown of the social contract that sustained the open web: creators published freely because they trusted that the system would reward them with visibility and engagement. That trust has evaporated.
Retreating Behind Walls: The Rise of Private Spaces
The response to this hostile environment is a mass migration toward closed platforms and encrypted communication channels. Discord servers, private Telegram groups, Substack newsletters, and invite-only communities are absorbing conversations and content that once lived on public forums and open blogs. This trend was first identified by writer Yancey Strickler in a 2019 essay that coined the term “Dark Forest Theory of the Internet.” Strickler argued that the public internet had become so toxic and surveilled that thoughtful people were retreating to “dark forests” — spaces where they could communicate without being indexed, scraped, or harassed.
Five years later, the retreat has accelerated dramatically. Reddit, one of the last major bastions of open, searchable community discussion, has locked down its API and begun charging for access — a move driven in large part by AI companies using Reddit’s vast corpus of human conversation as training data. Twitter, now rebranded as X under Elon Musk’s ownership, has similarly restricted API access and placed much of its content behind login walls. The effect is a fragmentation of the information commons. Knowledge that was once freely accessible is being siloed behind paywalls, logins, and membership gates.
The Security Dimension: Why Servers Are Going Dark
The Dark Forest phenomenon is not merely a cultural or economic shift — it has profound implications for cybersecurity. The OpenNHP Project, which develops open-source network infrastructure protection tools based on a “Never Trust, Always Verify” philosophy, frames the problem in stark technical terms. Every server connected to the open internet is continuously probed by automated scanners searching for vulnerabilities. The average time between a new vulnerability being disclosed and active exploitation attempts beginning has shrunk from weeks to hours, and in some cases, minutes. Organizations running internet-facing services are engaged in a permanent defensive war against adversaries who enjoy overwhelming numerical superiority.
The traditional security model — expose services to the internet and then try to defend them with firewalls, intrusion detection systems, and regular patching — is increasingly untenable. The OpenNHP Project advocates for a fundamentally different approach borrowed from the U.S. Department of Defense’s Software Defined Perimeter (SDP) specification, originally developed by the Cloud Security Alliance. The core principle is “default deny”: services should be invisible to the internet by default, revealing themselves only to authenticated, authorized users through cryptographic verification. In Dark Forest terms, the server hides. It does not broadcast its presence. It does not respond to probes. It exists, but only for those who can prove they belong.
Zero Trust Architecture and the Network-Level Cloaking Device
This approach aligns with the broader industry movement toward Zero Trust Architecture (ZTA), a security framework that assumes no user or device should be trusted by default, regardless of whether they are inside or outside the network perimeter. The U.S. federal government has mandated Zero Trust adoption across agencies under Executive Order 14028, signed by President Biden in 2021, and the National Institute of Standards and Technology (NIST) has published detailed implementation guidelines under Special Publication 800-207.
What distinguishes the OpenNHP approach from conventional Zero Trust implementations is its focus on network-level invisibility. Most Zero Trust solutions concentrate on identity verification and micro-segmentation after a connection is established. OpenNHP’s protocol, described as a “Network-level Hiding Protocol,” aims to prevent unauthorized parties from even discovering that a service exists. The server’s ports remain closed to all traffic until a valid, cryptographically signed authentication packet is received. Only then does the server open a temporary, session-specific connection to the verified user. The analogy to the Dark Forest is explicit and intentional: in a hostile environment, the safest strategy is to be invisible until you choose to reveal yourself to a trusted party.
What Is Lost When the Open Web Disappears
The retreat into dark forests carries significant costs. The open web, for all its flaws, served as a shared public square — a space where ideas could be discovered, debated, and disseminated without gatekeepers. Academic researchers relied on open web content for studies of public opinion, language, and culture. Journalists used publicly accessible forums and social media posts as primary source material. Small businesses depended on search engine visibility to reach customers. As content migrates behind walls and servers go dark, these functions are degraded or lost entirely.
There is also a democratic dimension. Authoritarian governments have long sought to fragment and control the internet within their borders. China’s Great Firewall, Russia’s Sovereign Internet law, and Iran’s National Information Network all represent state-level implementations of the Dark Forest strategy — hiding domestic networks from the global internet while surveilling everything within. The irony is that democratic societies are now voluntarily adopting similar patterns of fragmentation and concealment, driven not by government mandate but by the rational self-interest of individuals and organizations seeking to protect themselves from bots, scrapers, and attackers.
The AI Accelerant: How Generative Models Are Speeding the Collapse
The rapid proliferation of generative AI has dramatically accelerated these trends. Large language models require vast quantities of training data, and the open web has been the primary source. Companies including OpenAI, Google, Meta, and Anthropic have scraped billions of web pages to train their models, often without explicit permission from content creators. The backlash has been swift: thousands of websites have updated their robots.txt files to block AI crawlers, and new legal and technical frameworks for controlling AI access to web content are being developed.
But the damage may already be done. As AI-generated content floods the web, the signal-to-noise ratio deteriorates further, making the open internet less useful for humans and more useful primarily as raw material for machines. Some researchers have warned of a “model collapse” scenario in which AI systems trained on AI-generated content produce progressively degraded outputs, creating a feedback loop that further pollutes the information environment. The open web, in this scenario, becomes a wasteland of synthetic content — a forest not merely dark but dead.
The Path Forward: Balancing Visibility and Security
The challenge for technologists, policymakers, and society at large is to find a sustainable middle ground between the failed openness of the old internet and the total concealment of the Dark Forest model. Protocols like OpenNHP offer a technical foundation for selective visibility — allowing services and individuals to remain hidden from hostile actors while remaining accessible to legitimate users. But technology alone cannot solve what is fundamentally a governance problem.
New legal frameworks for AI training data, stronger enforcement of anti-scraping laws, international cooperation on cybercrime, and investment in open-source security infrastructure are all necessary components of a response. The alternative — a fully fragmented internet where every meaningful interaction happens behind closed doors — would represent a profound loss for human communication and knowledge sharing. The Dark Forest metaphor is powerful, but it need not be destiny. The question is whether the institutions and incentives that once sustained the open web can be rebuilt before the last lights go out.