After Bots — a new book by our founder on classifying AI agents. Now available

Get Your Free Copy
Why Arkose
Platform
Solutions
Agentic AIPartners
Resources
Company
🔍
Talk to our Experts
Arkose Product

Introducing Arkose Agent Trust Manager: See Every Agent. Classify by Intent. Enforce the Right Response.

Author photo
Shimon Modi

7

min read

Featured image

Yesterday, Kevin Gosschalk wrote about why the bot-or-human decision that has organized fraud defense for a decade is no longer sufficient, and what is arriving at your flows instead. If you have not read it, start there. This post is about what we built in response.

Arkose Agent Trust Manager is now available in the Arkose Titan platform. It is purpose-built for the threat environment your teams are already navigating: agentic AI threat detection that existing tools were never built to perform. AI agents are arriving at the same consumer-facing flows and API endpoints, producing behavioral signals that legacy detection was never calibrated to classify. Some are legitimate, acting on behalf of real users, while others are running active attack campaigns. Existing tools cannot tell the difference.

Why This Product Exists

The bot management category was built on a binary: is this a bot or a human? That binary was sufficient when the adversary was a scripted bot using a known automation library from a cloud IP. It is not sufficient for the attack environment operating today.

A new class of adversary tooling, what we call Generation 3, runs locally on legitimate hardware. It uses real residential IP addresses, executes with human-plausible timing, handles MFA, retries on failure, and sustains operations indefinitely at no ongoing cost. The behavioral signals it produces look to legacy detection tools, like legitimate traffic.

The organizations experiencing agentic attacks in 2025 did not have inadequate security teams. They had detection built for a threat that no longer describes the adversary.

Arkose Agent Trust Manager does not replace your existing bot detection. It extends it into the threat class that existing detection was not designed to catch, on the fraud stack you already have in place.

The Three Populations Your Flows Are Handling Today

Agent Trust Manager is built around a foundational insight: the agents arriving at your consumer-facing surfaces are not a single population. They are three distinct groups, each requiring different detection signals and different enforcement responses.

Self-Disclosing Good Agents

Anthropic's crawlers, OpenAI's web agents, Google's indexing bots. They publish their IP ranges, sign HTTP headers via Web Bot Auth, and cooperate with disclosure standards. The verification is cryptographic. These agents are the straightforward population, allow rules are the appropriate response, and the infrastructure to verify them exists.

Non-Disclosing Good Agents

Claude computer use, ChatGPT agent mode, local AI assistants running on real user devices. These agents are acting on behalf of real, authorized users, but they will not self-identify. Agentic browsers like Fellou and Genspark fall here too. Detection requires behavioral signal: distinctive mouse patterns, lower movement density, and systematic path behavior that differs meaningfully from genuine human navigation.

Adversaries

Account takeover campaigns, fake account creation at machine scale, payment fraud, coordinated cashout operations. Almost always impersonating Mac Chrome via residential proxies. The signal combination is distinctive: browser value spoofing, faked macOS environments, fingerprint mismatches across WebGL, timezone, language and interaction timing that no human hand produces.

Classifying all three populations requires the three signal types that produce those signatures: device intelligence, behavioral biometrics, and adaptive challenge telemetry. Most vendors have one. Arkose Titan combines all three in a single platform, which is what makes intent classification possible rather than aspirational.

What Agent Trust Manager Delivers: Visibility, Classification, Enforcement

Visibility

Before Agent Trust Manager, security and fraud teams knew agent traffic was increasing. They did not know how much of their login, signup, and checkout volume was human, an authorized agent, ambiguous automation, or an active adversary. The agentic AI dashboard surfaces population breakdown and intent distribution by endpoint, in real time, before enforcement decisions are made. You cannot control what you cannot see, and most teams have not been able to see this at all.

Classification

Every session is resolved into one of three-population classification and resolves every agent session as Self-Disclosing Good Agent, Non-Disclosing Good Agent, or Adversary. Intent determines the verdict.Intent classification runs on top of population classification, the same agent profile receives a different verdict depending on what it is doing. An agent completing a checkout on behalf of a real user is treated differently from the same behavioral pattern systematically probing account recovery flows.

Two independent detection paths cover the full spectrum. Self-disclosing agents are identified immediately by name through the agentic detection service. Non-disclosing agents and adversaries are identified through proprietary device intelligence and behavioral signals. WBA cryptographic verification adds the highest-confidence trust layer for agents that declare their identity, and flags definitively when that declaration is being spoofed.

Enforcement

Enforcement is a five-step spectrum, not a binary block-or-allow decision: Allow, Monitor, Challenge, Throttle, Block. The enforcement response is matched to the session, minimizing friction for legitimate traffic while raising the economic cost for adversaries. Proof of Work and AI-resistant challenges apply that economic deterrence on the same surface where classification occurs.

Customers define per-endpoint policy, different rules for different agent populations on different flows, without an engineering ticket for each rule change. Continuous intent monitoring re-classifies a session when behavior drifts from its declared scope. An agent that enters as ambiguous and begins probing account recovery flows in systematic patterns is re-classified as a Malicious Adversary and enforcement escalates automatically.

Classification without enforcement is observation without control. The enforcement layer converts detection from an alert into an automated response, operating at the speed of the attack, not the speed of the analyst queue.

Surface Coverage: Browser and API

Agent Trust Manager provides trust classification and enforcement across two surface types:

  • Web surfaces: Login, signup, checkout, account recovery. The same Arkose Labs placement customers have today gains the full classification and enforcement layer.

  • API surfaces: APIs and server-to-server agent traffic. API-only protection with no frontend, no challenge. Risk decisions on raw request signals.

An agent fingerprint flagged at one customer's API surface protects every other customer's login flow, and vice versa. The consortium network compounds detection across every surface, every customer, every campaign observed.

What’s At Stake

Fraud losses and the visibility gap 

Most teams cannot answer the most basic question before any of this: how much of the traffic hitting your platform right now is driven by an AI agent? Without that visibility, fraud models are calibrated against a traffic composition they cannot fully see, and every downstream defense is working blind. That gap has a direct cost. Adversaries running account takeover campaigns generate fraud losses including chargebacks, remediation cycles, and customer trust erosion that compound long after the attack closes. Agentic credential stuffing does not just run faster; it adapts in real time, slowing when limits trigger, rotating proxies when IPs are blocked, switching credential sets when error rates rise. Fake account creation inflates acquisition costs and poisons downstream analytics. And as agents increasingly bypass the browser-rendered surface entirely to call APIs and MCP servers directly, the protection layer has to move with them as application based defense is structurally absent on backend surfaces. Agent Trust Manager closes each of these exposure points with a targeted response, on the signal stack already in production.

Revenue recovery and legitimate agent growth 

The other side of that equation matters as much as stopping fraud. Blunt detection that cannot distinguish a non-disclosing good agent, such as a customer using Comet or Atlas browsers to complete a purchase from an active adversary blocks legitimate traffic and suppresses revenue. Intent-based classification reduces that false positive rate, recovering the conversion that over-aggressive detection leaves behind. The same precision applies post-authentication: when a human logs in and hands the session to an agent for the actual work, including money movement, account changes, and multi-step transactions, single-point checks at login miss the handoff entirely. Agent Trust Manager re-classifies every action, applying policy by action type rather than session entry. The result is enforcement granular enough to allow agents to read account data, require step-up on profile changes, and block high value transactions without user verified approvals, protecting revenue on both ends from fraud loss and from friction that should never have existed.

Ready to Close the Gap?

The opening question worth asking: what percentage of your current traffic is driven by an AI agent? For most organizations, the answer is unknown, which means fraud models are calibrated against a traffic composition they cannot fully see, and abandonment metrics carry agent noise that looks like user friction.

Agent Trust Manager closes that gap. If you are an existing Arkose Labs customer, it activates on the signal stack already in production, no new placement, no new integration cycle required. For teams new to Arkose, the same visibility, classification, and enforcement layer is available from day one.

The threat environment has moved faster than the category built to defend it. Agent Trust Manager is our answer to that gap, built on the same platform your teams already operate, extended to cover the population your existing detection was never designed to classify. See how Agent Trust Manager classifies every agent population hitting your flows and enforces by intent, on the signal stack you already have in place.

Contact us today to schedule your personalized consultation and proof of value.

Related Blogs

Arkose Labs Recognized as a Notable Vendor in Forrester Bot and Agent Trust Management Software Landscape

Arkose Product

Arkose Labs Recognized as a Notable Vendor in Forrester Bot and Agent Trust Management Software Landscape

Forrester names Arkose Labs in its Bot and Agent Trust Management Software Landscape report. See why our bot defense platform stands out.

Arkose Command Center: Empowering Smarter, Faster Fraud Detection

Arkose Product

Empowering Smarter, Faster Fraud Detection

Discover new Command Center features that streamline threat investigation with personalized time zones, enhanced alert tracking and behavioral analysis.

AI Can Crack Your Fraud Prevention in Hours. Here's How We Stop It

Arkose Product

AI Can Crack Your Fraud Prevention in Hours. Here's How We Stop It

Protect your business from AI-powered attacks. CAPI v4 uses VM-based obfuscation and AES-256 encryption to make reverse engineering economically unviable, stopping sophisticated fraud where traditional methods fail.

Stopping bots, AI agents, and fraud before they reach your users.

PLATFORM

Arkose TitanAgent Trust ManagerBot ManagerEmail IntelligenceDevice IDPhishing ProtectionScraping Protection

SOLUTIONS

Account TakeoverFake Account CreationSMS Toll FraudAPI SecurityMFA Compromise

RESOURCES

BlogResource LibraryNewsroomEventsACTIR

COMPANY

AboutLeadershipCareersCustomersPartnersContactCustomer PortalDeveloper Portal

© 2026 Arkose Labs. All rights reserved.

Terms of UsePrivacy Policy