The authentication system with definitive accuracy


Decision platform that recognizes the context, behavior, and past reputation of a request using machine learning

Unrecognized requests


Challenge–response mechanism that classifies if an unrecognized request is Inauthentic

Attackers make fraudulent requests to web and mobile apps just like legitimate sources

Attackers disguise themselves by simulating authentic users with hijacked devices and stolen identities. Their cunning methods fool endpoints across the enterprise attack surface and subvert how requests are classified at scale.

The true nature of a request can only be determined when decision points are independently verified, and not controlled by attackers.

Arkose Labs prove if a request is authentic or inauthentic


Authentic requests are made by a legitimate source with benign intent


Inauthentic requests are made by a fraudulent source with a financial incentive or malicious intent

How it works
Telemetry and Enforcement

Telemetry invisibly recognizes the context, behavior, and past reputation of every request to classify it as authentic or inauthentic. Requests that cannot be recognized are intercepted by Enforcement, a challenge–response mechanism that determines the authenticity of the request with evidenced certainty.


a decision platform that recognizes the authenticity of a request using machine learning


a challenge-response mechanism that classifies if an unrecognized request is inauthentic

Authentic requests are passed to the enterprise, while inauthentic requests remain in a gridlock with the intermediate attack surface provided by Enforcement. Intercepting unrecognized requests strengthens the adaptive risk assessment in real-time, and incrementally minimizes the number of false positives by modeling Telemetry with continuous machine learning.

Telemetry channels unrecognized requests through Arkose Labs

Attackers rely on being able to control decision points when making requests. They intentionally obfuscate their device and IP address with dynamic fingerprints, headless browsers, and executable JavaScript. When Telemetry intercepts an unrecognized request, Enforcement cloaks the enterprise as an intermediate attack surface that cannot be bypassed with client-side data or adversarial AI

Enforcement removes the economic incentive to commercialize inauthentic requests

Attackers are motivated by financial gain and can only sustain their operations when the cost of executing abuse is less than the revenue that can be extracted. Enforcement only passes authentic requests to the enterprise. This eliminates the need for an enterprise-specified action on inauthentic requests such as blocking, redirecting, or flagging.

Instead, inauthentic requests are thwarted by attritional defenses that generate scaling costs which ultimately compel attackers to surrender.

The Economics of Abuse

Revenue Per Action of Abuse (RPAA)

– Cost Per Action of Abuse (CPAA)

= Profit Per Action of Abuse (PPAA)

Together, Telemetry and Enforcement constitute a single source of truth on the authenticity of requests made around the world

Demand more from your partner in fraud prevention


Customers are provided a commercial assurance that they are protected from inauthentic requests at-scale


No reverse proxies, third-party infrastructure, daily rule-setting or single point of failure


Threat intelligence has a network effect as its shared instantly to disarm attackers across our entire network


Integrations have been statistically proven to achieve the same throughput as using no defense


9 out of 10 inauthentic requests can’t be detected with artificial intelligence

Learn how Arkose Labs use continuous machine learning with a challenge–response mechanism to stop attacks