B2B Brands Hit 3% AI Citation Rate While Researchers Found a 13-Word Hack
Walker Sands found B2B brands appear in 3% of AI Overviews. Similarweb showed ChatGPT recs drive 2.5x visits. Cornell proved 13 words can poison AI answers.
By SpringVanta
Four things happened between June 23 and June 26 that, taken together, explain why "AI search visibility" stopped being one problem and became four.
A benchmark of 828 enterprise B2B companies found they rank for thousands of keywords but appear in just 3% of AI-generated answers. A separate study showed that when ChatGPT does recommend your brand, visitors stay twice as long and view twice as many pages. Researchers at Cornell Tech proved that a 13-word edit to a Reddit thread can insert fake products into AI answers more than half the time. And Cloudflare gave 135,000 newsletter publishers one-click controls to block AI crawlers entirely.
Each of these maps a different failure mode in the system that decides whether buyers find you before they ever visit your site. None of them has the same fix.
The gap: B2B brands rank, but don't get cited
Walker Sands analyzed 45 million search queries across 828 enterprise B2B companies in 14 industries. The results landed June 24 in Search Engine Land.
The median company ranks organically for about 9,700 keywords. AI Overviews appear in roughly half of those searches. But the median brand gets cited in just 3% of the AI Overviews that appear for queries where it already ranks. The top quartile manages 4.5%. The bottom quartile sits at 1.7%. And 4.6% of enterprise companies — these are $100M+ revenue businesses — appear in zero AI Overviews for any of their relevant keywords.
The funnel is brutal. You start with tens of thousands of ranking keywords. About half trigger an AI Overview. Then citations collapse to single digits.
The study's author, Dan Lauer, Director of SEO and GEO at Walker Sands, puts it plainly: ranking breadth doesn't predict AI citation rates. The assets that won traditional SERP real estate — page volume, broad keyword targeting, domain authority — don't automatically translate into being the source an AI system chooses to cite. Brands that do get cited share deep topical authority, structured explanations that directly answer buyer questions, and consistent coverage across multiple pages.
The industry breakdown matters. Cybersecurity brands earn the highest median citation rate at 4.2%, with AI Overviews appearing in 59.9% of their searches. Martech (56.3% AI Overview incidence) and enterprise software (55.3%) follow. Professional services and distribution/logistics trail at 2.1% citation rates. In categories where AI answers are already pervasive, being invisible costs you immediately. In categories where citation rates are low across the board, whoever figures out the mechanics first shapes how the entire category gets framed.
The payoff: when AI does recommend you, it converts
Here's why that 3% matters more than it sounds. A Similarweb study published the same day tracked what happens after ChatGPT recommends a brand.
Users who saw a ChatGPT recommendation were 2.5 times more likely to visit that brand's website than a competitor's, within seven days. The pattern held across finance, travel, and beauty. After an American Express recommendation, 7.2% of users visited Amex compared to 3.1% who visited Capital One. After a Capital One recommendation, 14.2% visited Capital One versus 3.8% for Amex.
The engagement numbers tell you why. AI-influenced visitors viewed 12 pages and spent 11.8 minutes on site, compared to 6.5 pages and 5.6 minutes for other visitors. They arrived having already narrowed their options during the AI conversation, so they came in further along the buying process.
There's a measurement trap here. Most AI-influenced visits don't show up as AI referral traffic. 55.9% of them came through search instead — meaning ChatGPT influenced the brand choice, but the later visit appears in your analytics as organic search. If your dashboard only tracks AI referral traffic, you're undercounting the impact by roughly half.
So the 3% citation rate isn't a vanity metric. Being in that 3% can mean the difference between a buyer who arrives ready to evaluate your product and one who arrives vaguely browsing — assuming they arrive at all.
The vulnerability: 13 words can poison what AI says about you
Cornell Tech researchers published findings on June 24 (originally posted to arXiv May 22) showing that deep-research AI agents can be manipulated with remarkably little effort.
They called the attack WARP — Web Agent Retrieval Poisoning. The mechanism is simple: an attacker appends a short snippet of text to a public user-generated page that an AI agent already tends to retrieve. Reddit threads, Wikipedia pages, forum posts. When the agent later searches related topics, it pulls in that page, cites it, and repeats whatever the attacker wrote.
A 15-word sentence was enough to push a fake cryptocurrency called "BananaCoin" into a deep-research report as an "emerging" investment. When the poisoned page was retrieved, the fake entity appeared in 38% to 51% of reports across three open-source systems (STORM, Co-STORM, OmniThink). Targeting multiple pages raised that to 62%.
Reddit was the primary attack surface. It accounted for 54% to 71% of user-generated URLs retrieved by the three systems. Deep-research agents run many related searches per request, and the same user-generated pages surfaced across related queries — meaning one well-placed edit could cascade across multiple searches.
The defenses failed. Text filters couldn't reliably separate injected passages from normal user content because the injected text was written fluently by an AI model, so perplexity-based detection was more likely to flag genuine user comments than the manipulation. Report-level checks missed it because the AI agent folded the fake recommendation into an otherwise credible answer.
This matters for brand visibility in a specific way. If a competitor (or a bad actor) plants positive mentions of their product in Reddit threads your buyers' AI tools are likely to retrieve, those mentions can become cited recommendations. The study focused on fake entities, but the attack vector works the same for promoting a real product over yours.
The opt-out: publishers get control over who crawls them
While B2B brands are fighting to be more visible, Cloudflare and beehiiv announced on June 23 that 135,000 newsletter publishers now have granular AI crawler controls built into their dashboard.
Publishers get two choices: opt in to maximum discovery, allowing AI search engines and agents to crawl freely, or block AI scraping to protect their archives. The dashboard shows which crawlers are visiting, which are blocked, and how much referral traffic each one sends back. Cloudflare maintains the crawler catalog, so new bots get added automatically.
The contrast is worth pausing on. Substack offers a robots.txt toggle that asks crawlers not to scrape, but doesn't actually block them. Ghost publishers have to manually configure robots.txt files. The beehiiv integration is the first time a newsletter platform has built real enforcement — Cloudflare's infrastructure handles roughly 20% of all web traffic and can identify and block crawlers that ignore robots.txt directives.
Nieman Lab's Joshua Benton framed it as indie journalists getting access to the same anti-scraping tools that major publishers have had. But the deeper story is the divergence it reveals. Some content creators want maximum AI discoverability. Others want to block AI entirely and preserve their work for licensing deals. The market is splitting between those who see AI search as the next discovery channel and those who see it as extraction.
Cloudflare also launched a Pay Per Crawl marketplace last year, taking an estimated 30% cut of publisher earnings, where publishers can charge AI crawlers a small fee per access. That marketplace isn't available through the beehiiv integration yet, but it signals where this is heading: a world where being crawled by AI isn't free, and publishers get to set the price.
What this means
The Walker Sands data answers the first question most operators ask: can AI find you in the first place? Probably not, at least not in the answer itself. A 3% citation rate means 97% of the AI Overviews that appear for your keywords don't mention you. The fix is topical depth, structured content, and answering real buyer questions directly — not more keyword volume.
The Similarweb data answers the follow-up: does it matter when AI does mention you? Yes, enormously. 2.5x more visits, 2x deeper engagement. But you won't see it in your analytics unless you model for AI-influenced search traffic, not just AI referral traffic.
The WARP research answers the security question: can someone steal or fake your AI visibility? Yes, with 13 words. The same UGC platforms that feed AI recommendations (Reddit especially) are the attack surface. Monitoring what those platforms say about your category is now part of brand defense.
And the Cloudflare/beehiiv controls answer the infrastructure question: should you even let AI crawl you? For most B2B operators, the answer is obviously yes. But the controls matter because they give you data — which crawlers are hitting you, how often, and whether they send traffic back. That crawl-to-referral ratio (Cloudflare's own data showed ClaudeBot at 38,065:1 last year) tells you whether specific AI platforms are extracting value from your content or returning it.
The old SEO model was one problem with one answer: rank higher. The AI search model is four problems with four different answers. Treating them as one is why most B2B brands are stuck at 3%.
Sources: Walker Sands B2B AI Search Visibility Benchmark via Search Engine Land (June 24); Similarweb Downstream Impact of AI Visibility via Search Engine Land (June 24); Cornell Tech WARP research via Search Engine Land (June 24, original paper arXiv); Cloudflare and beehiiv via Cloudflare press release and Nieman Lab (June 23-25).