Arkose Labs Named a Strong Performer in The Forrester Wave™: Bot and Agent Trust Management Software, Q2 2026
Pop quiz: what percentage of your traffic is from agentic AI?
I first asked that question in November 2025. Most teams could not answer it, and still struggle. That visibility gap, and understanding what the agent is trying to do is what the Arkose Labs platform has been built to address. The work predates the category name. When Forrester first recognized bot and agent trust management as a distinct software landscape category in their Q4 2025 report, I wrote, in my opinion, it validated our position in a market being reshaped by AI agents. Today, Arkose Labs has been named a Strong Performer in The Forrester Wave: Bot and Agent Trust Management Software, Q2 2026, and, for us, it confirms the platform we have built is the right response to the threat environment that is already here.
This is not a category we are entering. It is one we have been defining.
The Threat Environment Changed. Defenses Had to Change With It.
I have written about this before, in the agentic AI fraud series earlier this year, but it bears repeating because the gap between what most teams have deployed and what is actually hitting their consumer identity flows has widened significantly in the past twelve months.
The bot management category was built to answer a simple question : is this a bot or a human? That was sufficient when the adversary was a scripted bot using a known automation library from a cloud IP. It is not sufficient for the attack environment operating today.
A new class of adversary tooling, what we call Generation 3, runs locally on a laptop using free, frontier open-weight models like DeepSeek, Qwen, Llama, Mixtral, with no cloud infrastructure, no payment rails, and no server operator who can be shut down. It runs on legitimate hardware, uses real residential IP addresses, and requires nothing more than a model download and intent to operate indefinitely at no ongoing cost. The behavioral signals it produces are indistinguishable from legitimate traffic to any detection tool calibrated against the previous generation of threats.
The organizations experiencing agentic attacks in 2025, 85% of which already had bot detection deployed, did not have inadequate security teams. They had detection tools built for the last generation of threats. At Arkose, we have spent two years building for this one.
The industry has largely caught up to the reality that agentic AI attacks are happening now. What has not caught up is the response. That is the gap we are closing.
Three Populations. One Platform.
Here is the insight that shapes everything we have built: the agents arriving at your consumer-facing surfaces today are multifaceted. They are three distinct groups, each requiring different detection signals and different enforcement responses.
Population 1: Self-Disclosing Good Agents Anthropic's crawlers, OpenAI's web agents, Google's indexing bots. They publish their IP ranges, sign HTTP headers via Web Bot Auth, and cooperate with disclosure standards. The verification is cryptographic. Allow rules are the appropriate response, and the infrastructure to verify them exists.
Population 2: Non-Disclosing Good Agents Claude computer use, ChatGPT agent mode, local AI assistants running on real user devices. These agents are acting on behalf of real, authorized users but they will not self-identify. Agentic browsers like Fellou and Genspark fall here too. Detection requires behavioral signal: mouse teleportation patterns, significantly lower movement density than human sessions, and distinctive path behavior versus genuine human navigation.
Population 3: Malicious Adversaries Account takeover campaigns, fake account creation at machine scale, payment fraud, coordinated cashout operations. Almost always impersonating Mac Chrome via residential proxies. The signal combination is distinctive: spoofed browser values, faked operating system environments, fingerprint mismatches across WebGL, timezone, and language, and superhuman click precision.
Catching all three requires the three signal types that produce those signatures: device intelligence, behavioral biometrics, and adaptive challenge telemetry. Most vendors have one. Arkose Titan combines all three in a single platform, which is what makes intent classification possible rather than aspirational.
What Forrester Recognized and Why It Matters
The Wave evaluation recognized Arkose Labs across strategy and capabilities in ways that reflect where the platform has been heading since we began this work.
On strategy, Forrester wrote that Arkose Labs "excels in innovation, investing heavily in a structured program built around the three horizons model." “The roadmap aligns with the vision, with focus on expanding detections and analysis along with trust and intent features" — which is precisely where the threat is moving. No per-product licensing. No separately purchased services. One API call. One contract. That simplicity is intentional, security teams should not be managing a procurement puzzle on top of a threat landscape.
This matters because the shift from "Is this a bot?" to "What is this traffic trying to do?" only works if security teams can understand and act on the answer. Transparency is not a feature. It is the foundation of trust in the detection itself.
Trust classification that persists across sessions and integrates with existing identity infrastructure is how enterprises protect the full account lifecycle without rebuilding what they already have.
Taken together, we believe what Forrester evaluated and recognized reflects a platform built for the threat environment that is already here — not one being adapted to it after the fact.
So, back to the pop quiz. What percentage of your login, signup, and checkout volume is an AI agent? If the answer is still unknown, your fraud models are calibrated against a traffic composition they cannot see, and your abandonment metrics are reflecting agent noise as though it were user friction. That is the visibility gap.
More of you should be able to answer that question today than six months ago. If you cannot, the problem is not the team — it is that the detection layer you have was not built to see what is hitting your flows now. Generation 3 adversary tooling does not announce itself. It arrives looking like legitimate traffic, on legitimate hardware, from legitimate IP addresses, and it operates until something built for it stops it.
That is what Arkose Labs is built to do.
© 2026 Arkose Labs. The Forrester Wave: Bot and Agent Trust Management Software, Q2 2026 is a publication of Forrester Research, Inc. Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. This report is part of a broader collection of Forrester resources, including interactive models, frameworks, tools, data, and access to analyst guidance. For more information, read about Forrester’s objectivity here .
