An authentication check fails. The system retries. That retry triggers another authentication attempt, consuming an API credit. It hits a rate limit, triggering a cooldown. Meanwhile, three other operations waiting on that authentication also retry, each attempting to re-authenticate. Within seconds, one failed login becomes fifteen authentication attempts, five rate limit violations, and a blocked IP address.

This multiplication is what retry logic does in web automation. Database queries are different: when a read fails, you retry the same request to the same system. The cost is predictable—another query, another few milliseconds of compute.

Web automation operations trigger entirely new authentication flows. Each retry consumes additional API credits, triggers fresh verification checks, creates new rate limit exposure, and generates bot detection signals that specifically look for retry patterns.

The web is adversarial by design. Sites face bot traffic comprising roughly half of all web traffic, much of it malicious. They can't afford to distinguish between a legitimate retry and a distributed attack probe. Both look like repeated attempts from the same source. Rate limits don't distinguish between original requests and retries—they just count attempts. A slow connection that keeps retrying looks exactly like a bot.

We've seen retry logic designed for traditional infrastructure amplify problems rather than solve them.

The Multiplication Nobody Sees

Consider a workflow where one authentication enables three dependent operations, each configured to retry three times. When authentication fails, one failed attempt with 3 retries triggers 3 operations, each with 3 retries: that's not 12 attempts (3 + 3×3), it's 39 attempts (3 auth retries × 3 operations × 3 operation retries, plus originals). And that's just one workflow.

At Yandex, a system with 500 microservices experienced exactly this. A problematic release was rolled back within 10 minutes, but the backend didn't recover for an entire hour. CPU usage hit 100% across services. The team had to reduce traffic to 1% of users before the system could stabilize. The problem wasn't the initial failure. It was retry logic at every layer hammering struggling services.

Web automation faces specific amplification: when an IP gets rate-limited, retrying from that IP just burns through your retry budget faster. When bot detection flags a session, retrying confirms the suspicion. When authentication fails due to suspicious activity, immediate retries validate the concern.

What This Means for Operations

When retry logic fails at scale, operational costs compound quickly:

• A blocked IP might take hours or days to recover reputation
• Operations teams face thousands of failed jobs with unclear root causes. Was it the site, the network, or our own retry logic?
• For enterprises promising SLAs, retry storms can transform a 10-minute incident into multi-hour outages

The solution requires infrastructure that understands web-specific failure modes. Not all failures are worth retrying. A rate limit violation needs a cooldown period. A bot detection block needs a fresh session. An authentication failure might need human intervention, not automated attempts risking account suspension.

Retry budgets become essential—operational limits preventing retry logic from overwhelming systems. A common approach: limit retries to 10% of total requests. If more than 10% of operations fail, stop retrying and let the system breathe.

For web automation at scale, this means building observability into why operations fail, not just that they failed. It means understanding the difference between transient failures worth retrying (temporary network blip) and structural failures that won't resolve with persistence (account blocked, site structure changed, rate limit exceeded).

What signal tells you to stop? A rate limit response is clear. A CAPTCHA challenge is unambiguous. But what about the tenth authentication attempt that times out? The operational challenge is knowing when to stop trying—and building systems that can tell the difference.