My analysis
1.
Your problem is explained by 3 hypotheses.
I outline them in point 2 below.
Next, in point 3, I outline the recommended actions.
2. Hypotheses
2.1. Hypothesis №1.
You (or your employee) intentionally purchased artificial traffic for your website from a provider instead of using organic traffic to fulfill your obligations to the marketing agency you mentioned.
2.2. Hypothesis №2.
Since February 2025, the internet has changed significantly: all the leading AI providers (OpenAI, Google, Anthropic, X.AI) have released an «internet» mode for their chatbots.
Fewer and fewer real people are visiting websites to be assaulted by banners there: instead, websites are now read by bots.
The widespread availability of AI has completely disrupted all markets, and 99% of large companies are unprepared for this: they are too large and unwieldy to react to such drastic changes in the rules of the game.
It is very likely that DoubleVerify incorrectly identifies many AI bots as SIVT instead of GIVT.
Note that the big 4 AI players mentioned above are just the tip of the iceberg.
AI is currently experiencing another dot-com boom, and beneath this tip are tens of thousands of AI startups, fueled by venture capital and parsing the entire Internet multiple times a day.
Clearly, DoubleVerify cannot correctly identify this entire swarm of bots as GIVT.
2.3. Hypothesis №3.
Banner advertising is, obviously, a long-outdated format that has been dying for many years.
Until 2025, this format died slowly and steadily.
The advent of internet-enabled AI finished this format off abruptly.
I have been shuddering lately when I have to open a website on an unfamiliar device without AdBlock: I have become so unaccustomed to this horror.
SIVT is an ideal cover for a marketing agency.
Faced with poor results (e.g., high traffic but almost zero conversions), the agency finds itself with a choice: to admit the failure of its strategy or to find an external cause.
3. What must be done now
3.1.
Request the complete, non-aggregated DoubleVerify report from the agency.
It should not just be a dashboard with summary percentages, but rather a detailed report including a breakdown of SIVT types, traffic sources, affected domains, and, if possible, raw logs.
3.2.
Сonduct a separate, independent analysis of the traffic for the same period.
Pay special attention not only to technical fraud metrics, but also to behavioral metrics that are difficult to fake, such as average session duration, pages per session, bounce rate, and most importantly, the conversion rate across various traffic segments.
3.3.
Conduct a full audit of traffic sources.
If you or your employee purchased traffic, identify the providers and verify them.
3.4. If Hypothesis №1 is confirmed
3.4.1.
The Cloudflare Pro Plan and its «Super Bot Fight Mode» are ineffective in your situation.
Traffic providers specializing in SIVT are perfectly aware of the capabilities and limitations of popular platforms.
They could have purposefully targeted your website knowing that the Pro plan does not provide sufficient protection.
To combat SIVT, Cloudflare offers a separate product: Bot Management for Enterprise.
The difference in capabilities is significant.
3.4.2.
AI Labyrinth is not useful in this case because this tool is not designed to combat bots that imitate clicks and ad impressions.
Bots used for ad fraud have different objectives and behave differently.
They do not scan websites deeply.
3.4.3.
Datadome will be effective.
Unlike proxy-based solutions such as Cloudflare, solutions like Datadome (with a server-side module installation), precisely by virtue of having a server-side module, possess far greater technical capabilities for identifying SIVT.