A new book by Kevin Gosschalk

After Bots

From Bot Detection to Agent Trust

by Kevin Gosschalk, Founder and CEO of Arkose Labs

A decade of signals. One definitive guide.

The agent era

Why this book exists now

Most of what's in After Bots only became relevant six months ago. The agent era arrived in December, and security teams haven't caught up yet. The bot era had one question: is this traffic automated? The agent era has three. Who is the agent? What is it trying to do? Is your platform willing to authorize that action?

The bot era had one question: is this traffic automated? The agent era has three.

After Bots is the definitive playbook for what comes next in trusting and controlling AI agents. It provides actionable guidance on how to welcome authorized agents and the revenue they represent while keeping the malicious ones at bay.

What's inside

Three populations. One clear framework.

After Bots gives you a precise mental model for the three populations of agents already hitting your endpoints, and what to do about each.

The cooperative ones

that identify themselves

The quiet ones

working on behalf of real users

The bad actors

deliberately using agents to deceive

After Bots is the first book centered around consumer use of agents and what that means for you. It explores how to extend genuine support for agentic use cases that your platform's original architecture never anticipated. This isn't a theoretical primer. It's a practitioner's playbook drawn from years on the front lines of bot detection, fraud prevention, and trust infrastructure.

Built for practitioners

Who this book is for

Security, fraud, and identity leaders responsible for consumer-facing platforms. CISOs, heads of fraud prevention, identity architects, and the engineering leaders who own login, checkout, and account integrity.

Meet Kevin

About the author

Kevin Gosschalk is the founder and CEO of Arkose Labs, where he has spent over ten years on the defender side of online abuse. Arkose Labs protects some of the largest consumer-facing platforms on the internet from the bot and agent traffic targeting their login flows, checkout pages, and customer accounts. Kevin has watched the same attack patterns evolve from scripted bots into agentic systems that reason, plan, and adapt. After Bots is his first book.

Follow Kevin on LinkedIn
Table of contents

What's in the book

View the full chapter listView the full table of contents — coming soon

20 chapters covering bot history, the three populations of agents, and how to enforce trust at machine speed.

Free copy

Get your copy

We have a limited number of complimentary copies available. Fill out the form below and we'll ship one to you.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The print run is limited. We're prioritizing fulfillment to security, fraud, and identity leaders at consumer-facing platforms.

×
After Bots

Table of Contents

Introduction

The old question, "is this a bot?", is dead. It has been replaced by three new ones.

Chapter 1 — A Brief History of Automation

A compressed history of bot warfare from cURL and credential dumps through Selenium and Puppeteer to the agent threshold.

Chapter 2 — The New Internet

The three populations of automated traffic, explicitly named. Why detection alone cannot tell which population a session belongs to.

Chapter 3 — Cloud Agents

The technical profile of cloud agents (signed and unsigned, legitimate and malicious), and why they all look the same in the telemetry.

Chapter 4 — Local Agents

The technical profile of local agents on a user's own device, and the new fingerprinting problem they create.

Chapter 5 — Why Everything Looks the Same

Why Populations Two and Three produce identical fingerprints, and what that means for any detection-only defense.

Chapter 6 — Infinite Willpower

The economic model that makes scaled fraud possible, and why human-effort defenses no longer hold.

Chapter 7 — The Assembly Problem

How attackers assemble convincing identities at scale from leaked, synthesized, and rented components.

Chapter 8 — Generated Identities at Scale

Where the next generation of fraudulent identities comes from, and why scale outpaces verification.

Chapter 9 — Credential Theft and MFA Bypass

What still breaks MFA in 2026, and the attack patterns that work even against modern step-up flows.

Guest Chapter — Paul Rockwell

A practitioner's view from the front lines, contributed by Paul Rockwell.

Chapter 10 — The Fraud Economics Model

Why economic deterrence is the only defense that scales, and how to engineer cost into an attack path.

Chapter 11 — The Question Has Changed

From "is this a bot?" to "who is this agent, what's it doing, and is your platform willing to authorize that action?"

Chapter 12 — Classification at Scale

The shift from detection to classification, and the architecture that makes classification cheap enough to run on every session.

Chapter 13 — Persistent Device Identity

Why device identity is the load-bearing primitive of the agent era, and how to build one that survives a determined attacker.

Chapter 14 — Enforcement vs. Detection

The difference between knowing something and being willing to act on it. Why most security teams stop one step short.

Chapter 15 — Breaking the Fraud Business Model

How to make the attacker's unit economics negative, and what changes when you start optimizing for that.

Chapter 16 — Managing the Gray Area and the Disclosure Problem

What to do with the population that won't self-identify but is acting in good faith. The disclosure problem and how to resolve it.

Chapter 17 — What Agentic AI Does to Your Existing Stack

Which parts of your current security stack still work, which parts are now liabilities, and what to refactor first.

Chapter 18 — Building for What Comes Next

The operating model your security, fraud, and identity teams need before the next attack lands.

Conclusion

The agent era is already here. What the next twelve months ask of security leaders.