How travellers discover and book holidays today
Most independent hotels already operate across a familiar distribution stack:
- Direct: your website (and Google/Maps) drives brand discovery and direct bookings.
- Online Travel Agents (OTAs): Booking.com, Expedia and others aggregate demand and handle much of the shopping experience (for a commission).
- Metasearch: Google Hotels, Trivago and Tripadvisor compare rates across OTAs and direct.
- Global Distribution Services (GDS) and traditional agency channels: still relevant for certain segments (corporate travel, packages), often via a channel manager rather than direct connections.
That stack still matters. But a new “front door” is forming above it.
GenAI adoption has been fast, and it is changing discovery
GenAI tools have been adopted far faster than most technology shifts, and that is starting to change how people plan travel. The old pattern was search, click, browse, compare, repeat. The new pattern is closer to ask, narrow, validate, decide.
You can see that across ChatGPT, Google AI Mode and AI-native tools like SearchSpot. They do not simply return links. They interpret the brief, suggest areas, filter options, explain trade-offs, and often carry the planning process forward into hotels, walks, restaurants, budget and booking questions. In the uploaded examples, SearchSpot quickly narrows the family brief into three mountain areas and then curates stays, dining and walks; ChatGPT explains its reasoning and is more explicit about what it can and cannot verify; Google AI Mode moves smoothly from area selection into property types, family fit, budget and booking paths. More of the shopping now happens before a traveller ever reaches your website.
SearchSpot narrows the map quickly
Given one long, detailed family prompt, SearchSpot does a useful first job: it reduces the search space. It proposes three distinct areas, explains why each fits, then moves into a curated shortlist of 'casas rurales', family-friendly restaurants and easy walks. It even eliminates options that are “too large/corporate” and flags practical issues like restaurant reservations and regulated parking on holiday weekends. That is not ten blue links. That is early-stage trip design.
ChatGPT is strong on reasoning and transparency
ChatGPT handles the same brief in a slightly different way. It ranks the best-fit areas, explains the trade-offs between Cercedilla, Navacerrada/Becerril, Miraflores and La Pedriza, and then, when asked about a specific hotel, is explicit about what it cannot confirm. In the Las Rozuelas example, it says it cannot truthfully verify live availability, explains why, provides direct contact details, and even drafts the outreach message in English and Spanish. That mix of judgement and honesty matters.
Google AI Mode pulls planning toward transaction
Google AI Mode feels closer to a commercial concierge. It starts with area suggestions, then moves into specific accommodation picks, family suitability, walks, restaurants, budget ranges, room types, estimated pricing and booking instructions. In the Cercedilla/Navacerrada example, it does not stop at inspiration. It starts to bridge into conversion: which property, what kind of room, how much, and how to contact the hotel. That is a good preview of how AI discovery can compress the path from planning to booking.
If OTAs are threatened by direct booking, what are they doing?
They’re adapting in two obvious ways:
- Adding GenAI features inside OTA apps (trip planning, smarter filtering, property Q&A, review summarisation). Booking.com has publicly described expanding these AI features to support travellers through trip planning and booking decisions.
- Making themselves available inside new agent interfaces (so the traveller can plan in an assistant but still transact through existing distribution rails). Expedia has explicitly described integrations with “OpenAI Operator and Microsoft Copilot Actions” to meet travellers “where travel planning increasingly begins.”
There’s also a reality check here: even when assistants help with research, completing purchases inside the assistant is not yet consistent at scale, and some platforms are steering towards third-party integrations rather than owning checkout end-to-end.
What a hotel (or theme park, museum, ferry company) should do first
Think in two tracks:
- Make sure AI systems describe you accurately (source of truth).
- Prepare for AI systems to act (availability, booking, security).
Step 1: Make “source of truth” content unambiguous
Before any new files or protocols, tighten the pages that travellers and machines rely on:
- Rooms and what’s included (and not included)
- Check-in/out, late arrivals, parking, accessibility, pets
- Fees and taxes (what’s extra, what’s included)
- Cancellation / modification rules in plain language
- Location specifics (what’s walkable, what needs a car)
- High-quality images with consistent captions
- Put “Last updated” on policy pages that actually change
This is not copywriting, it’s operational clarity.
Step 2: Add structured data and use consistent identifiers
This is still the easiest way to help machines read your essentials reliably.
- Schema.org markup: For hotels, start with the Schema.org Hotel type and its key properties (address, geo, checkinTime/checkoutTime, amenityFeature, etc.).
- If your web team wants concrete patterns for rooms + offers, Schema.org also maintains guidance on Markup for Hotels and how to represent rooms and offers cleanly.
- Property identity (to reduce “which hotel is which?” confusion): A growing problem in travel distribution (and in AI summaries) is inconsistent or duplicated property data across systems. PhocusWire covered the launch of Hospitality ID, an initiative to provide hospitality organisations with a unique identifier to make systems interoperability and matching easier.
- Practically: keep your name/address/phone consistent everywhere, and keep an eye on emerging ID schemes your channel manager may adopt.
Step 3: Publish an llms.txt at the root of your site
llms.txt is an emerging convention: a small structured file placed at yourdomain.com/llms.txt to point language models to the pages you consider canonical, and to give a concise, curated overview. The proposal exists because context windows are finite and most websites are messy to ingest.
For a small hotel, llms.txt should be boring (that’s a compliment):
- one short summary of what you are and who you suit
- links to the canonical pages (rooms, policies, location, FAQs)
- a “don’t guess” note for anything date-dependent (“rates and availability change; use the booking engine”)
A web team can implement this in under an hour.
Step 4: Make real-time availability accessible (this is where MCP fits)
llms.txt is static. But availability and pricing are live.
This is where the Model Context Protocol (MCP) matters: MCP is an open protocol for connecting LLM applications to external data sources and tools.
For a hotel, the best first move is not “build MCP from scratch.” It’s:
-
Ask your booking engine / channel manager what APIs exist for:
- availability search
- rate quotes (refundable / non-refundable)
- creating a hold
- confirming a booking
- Then, if you want to be “agent-ready,” your consultant can wrap those capabilities as a small set of controlled tools exposed via MCP.
Step 5: Understand “agent as operator” and add guardrails
A chatbot answers questions. An agent can take actions.
Example:
“Find me a quiet country hotel near X for 2 nights, parking, late check-in. Book it if it’s under €220/night and cancellable.”
An agent-as-operator may:
- shortlist options
- check live availability
- place a hold or book
That’s powerful — and it creates new abuse patterns: bots/agents can also hoard inventory, place fake holds, or churn bookings and cancellations. Rate limiting and resource controls are standard mitigations in modern web security guidance (OWASP has a specific category on resource quota abuse / missing rate limiting).
Minimum guardrails to discuss with your web team:
- limit holds per user/session
- step-up checks for repeated cancels
- deposits or payment verification on high-risk dates
- bot management on availability/booking endpoints
Step 6: Security is now part of distribution
As more of your booking workflow becomes machine-addressable, the attack surface grows.
A realistic case: Microsoft Threat Intelligence reported a campaign impersonating Booking.com targeting hospitality organisations, aimed at credential theft and fraud.
Baseline protections worth doing even for a small property:
- MFA on email, OTA extranets, PMS, channel manager
- strict controls for payout/bank-detail changes
- staff training on “urgent” OTA/payment emails
- basic web protections (WAF, bot filtering, rate limits)
Step 7: Agent payments are coming, but don’t bet your 2026 season on them yet
Agent-led payments are being actively developed and piloted, but they are not yet “uniformly available” to small merchants everywhere.
Signals to watch:
- Visa has said it is on track to deliver AI-enabled commerce to consumers by early 2026 and describes controlled, real-world agent-initiated transactions already occurring.
- Mastercard announced Agent Pay as an agentic payments program and has been running pilots with partners.
- Santander and Mastercard announced a live end-to-end payment executed by an AI agent in a controlled environment (explicitly not a commercial rollout yet).
The practical stance: prepare your stack (tokenization, strong authentication, fraud controls), but assume mainstream “agent checkout” will be uneven through 2026.
How to make decision-critical information available — and trusted
A traveller (or their assistant) typically needs:
- what it costs (and what extra fees exist)
- whether it’s available (for their dates)
- confidence in policies (especially cancellations)
- confidence in quality (reviews, photos, recent updates)
- confidence they won’t be scammed
To help LLMs trust what they read:
- keep one canonical policy page per topic, with “last updated”
- use structured data (Hotel + offers/rooms patterns)
- publish llms.txt linking to those canonical pages
- keep your property identity consistent across platforms (and adopt standard IDs as they mature)
- don’t expose “action endpoints” without rate limits and bot protection
How Trusted Agents helps
We help leaders turn this shift into a business case quickly. We map what changes first over the next 12 to 18 months. Where revenue and distribution get reshaped. Where fraud and servicing pressure shows up. Where data and controls become the bottleneck. Then we turn that into clear bets and a sequence of pilots, so teams stop reacting to demos and start steering.
And we do not leave you with a deck. We help you ship. We bring in delivery partners to build working prototypes that survive the real world: payments, refunds, legacy integration, policy, identity, controls, and data quality designed in from day one.
The bigger point is simple.
When the customer arrives as an agent, businesses will need to decide whether to block, ignore, tolerate, recognise, or trust that new channel. The winners will be the organisations that made those decisions early, and built the trust layer underneath them before scale arrived.
Want the next Trusted Agents note?
