Defending Against Online Fraud in the Age of Agentic AI
Artificial intelligence (AI) agents are fundamentally changing how we interact with digital platforms, quickly bringing hyper-personalization, productivity, and speed to everyday online tasks and commerce.
They have also opened the door to unprecedented fraud and abuse vectors, creating new challenges for cybersecurity teams. At this point, it’s becoming increasingly difficult and complicated for companies to tell legitimate AI agents from autonomous attacks.
Our recent research reveals a critical finding: All AI agents, whether legitimate AI assistants or malicious attackers, exhibit identical technical characteristics. Consumer AI tools, undocumented vendor tools, internal AI systems, and partner integrations are all examples of “hidden helpers.” They don’t self-identify, and nor does malicious traffic, making it hard to tell good agents from bad.
It’s no longer a matter of them simply identifying automation, and “fake” activity, and then pulling out last year’s “block them” playbook. Follow that model, and you run the risk of blocking legitimate users. Ignore the new reality, and you open the door to massive fraud losses.
So, how do organizations balance?
A Quickly Growing Threat
Agentic AI is helping bad actors quickly evolve their tactics by deepening the complexity of their attacks and widening their reach with unprecedented scale. AI agents can adapt their strategies in real time based on the defenses they encounter, constantly learning and refining their tactics.
Case in point: last year Google’s Threat Intelligence Group publicly confirmed that it had observed for the first time malware families using large language models (LLMs) during live execution. This observable activity included dynamically generating malicious scripts, obfuscating their own code to evade detection, and leveraging AI models to create malicious functions on demand rather than hard-coding them.
Simply put, old school defenses don’t frustrate AI agents like they do humans. Their patience is infinite and their solve capacity is unconstrained, rendering traditional high-friction defenses useless. And standard large language models can hit 80 percent or higher solve rates on CAPTCHAs, the old guard of bot defense.
Adversaries have no adoption constraints; their targets do.
Let that sink in. AI agents can solve CAPTCHAs at least 80 percent of the time! As agentic AI rapidly matures as an effective tool, the number of fake account creations will significantly increase and be harder to detect and halt. In fact, Gartner predicts that agentic AI will cut account exploitation time in half by 2027 by automating the attack process with never-before-seen speed and execution.
In response, security teams have adopted AI security measures, such as AI-powered bot detection and mitigation, but implementation is lagging. Adversaries have no adoption constraints; their targets do. So, it’s no surprise that while companies’ financial investment and commitment are there, their timing is not.
Organizations’ security teams have on average six months or less to prepare for agentic AI attacks. Unfortunately, implementation cycles usually take a year or more to complete. The threats simply evolve faster than security teams can mount an effective defense.
Rethinking Fraud-Prevention Strategies
The speed at which fraudsters use agentic AI will only continue to increase. It is not hyperbolic to state that a tectonic shift is underway in AI enabled fraud. If this were an earthquake, AI would be a 3 on the Richter scale and agentic AI would be an 8. Agentic AI enables rapid discovery of vulnerabilities much faster than global enterprises can patch them, giving fraudsters a significant advantage over traditional defenses.
If your organization is just starting its security transformation, you may be playing catch up with the bad actors who have scaled up their own automated attacks. This is not a scenario where security teams can afford to let perfect be the enemy of good. Get started now by deploying solutions that return immediate ROI in the big areas. Think strengthening all the authentication workflows (account registration and login). It’s better to speed up your process to bolster those important flows now rather than reacting after your defenses are breached and you’re dealing with significant losses.
Building Resilience with Multi-Layered Defenses
Building “Know Your Agent” (KYA) capabilities is an essential step to defend against these threats. It is now an urgent imperative to develop the infrastructure for authorization verification, impersonation detection, and behavioral analysis that distinguishes helpful legitimate consumer agents from nefarious credential stuffers and fake accounts agents. The gap between enablement and verification is an organization’s biggest emerging vulnerability. A classic example of this is when organizations make a business decision to accept customer agents before finalizing their security approach to distinguish legitimate from malicious ones.
Fraudsters using agentic AI leave behind subtle but detectable traces. Organizations should implement a multi-signal detection strategy that combines technical infrastructure indicators (e.g., virtual machine signatures and proxy network usage), behavioral pattern recognition (e.g., unusual timing patterns and simultaneous identical actions), and economic behavior analysis (e.g., cost-insensitive patterns or high-volume, low-success rate attempts). This layered approach strengthens your ability to identify even the most sophisticated AI agents and to provide the appropriate mitigation.
Legitimacy verification processes are equally important. Robust agent authentication and registration processes should be established to ensure only legitimate agents access organizational systems. Linking agents to verified user accounts and credentials, while continuously monitoring for anomalies, can help detect account takeovers and hijacked agent scenarios.
That said, keep in mind that the “bad” agents will likely follow normal web-based consumer flows, so relying solely on self-identifying agents following established protocols, will leave a massive vulnerability gap. Bad agents will attempt to exploit protocols like Web Model Context Protocol (WebMCP) and existing customer flows.
WebMCP is designed to let websites expose structured tools directly to AI agents within a web browser. However, it also introduces major security risks by enabling read-write capabilities that let AI agents submit forms, make purchases or log in as if it was the user. Fraudsters could exploit this to their advantage.
Leverage Technology and Industry Insights
Adaptive defense platforms and cross-industry threat intelligence offer another layer of important protection. Vendors can often deliver a platform faster than an internal security team can build one, but not all vendors are the same.
Organizations should prioritize vendors with comprehensive platforms that evolve with adversary techniques. Look for those offering cross-industry risk signals that identify emerging attack patterns before they hit your industry. They should also provide real-time threat intelligence on AI-powered bots, human fraud farms, and agentic AI. Finally, seek out vendors with successful deployments at similar companies that can demonstrate proven capability at your organization’s scale.
Deploying proof-of-work systems and network analysis can also deter fraudsters. Computational challenges that require significant resources can make mass automation economically prohibitive. Additionally, network analysis can identify traffic patterns distinct from human usage, providing another layer of defense.
Looking Ahead: Measuring Success and Closing Gaps
Finally, organizations must analyze whether their current security stack is effective in the face of the latest threats or falling behind. If the solutions in place are not providing measurable improvements in detection accuracy, response times, or false positive reductions, there is a deployment-to-protection gap. Trusted partners can help track metrics that prove capabilities work, not just exist.
Fraud and cyberattacks are certainly nothing new but the current pace of change is remarkable and accelerating. The threat landscape has evolved into a hybrid marketplace seamlessly using the full range of tools from bots to human fraud farms to agentic AI.
Organizations and their cybersecurity teams must prepare now for the next wave of attacks because they’re already here, they’re evolving, and they’re incredibly effective. These imminent attacks demand an immediate rethinking of fraud detection and prevention strategies.
Frank Teruel is chief operating officer of Arkose Labs, the leading proactive fraud deterrence provider. He has been in the cybersecurity and identity industry for more than 20 years and has held GM, SVP, COO, and CFO positions. Frank has spent most of his career in leadership positions at Silicon Valley technology companies in the digital identity and cybersecurity space and is universally recognized for building high-performing teams and delivering material business outcomes.
© Arkose Labs
