Notifications
Clear all
Topic starter
09/06/2026 11:52 pm
TL;DR: Agentic AI is collapsing the old bot-versus-human model because legitimate agents can book, negotiate, and file tickets while adapting in real time, according to Arkose Labs’ interview with Paul Rockwell. Access review processes assume access persists long enough to be reviewed; autonomous traffic can create, combine, and discard permissions within a single session.
NHIMG editorial — based on content published by Arkose Labs: AI “It’s Not a Replay Attack. It’s a Reasoning Attack.” by Cassie Stevenson
Questions worth separating out
Q: How should security teams govern AI agents that act on behalf of users?
A: Security teams should govern AI agents as identities with explicit owners, scopes, and audit trails rather than as generic automation.
Q: Why do agentic AI systems weaken traditional bot detection?
A: Agentic AI weakens traditional bot detection because the harmful behaviour may be unique, adaptive, and spread across multiple steps instead of repeating a fixed script.
Q: What breaks when fraud controls assume attacks are repetitive?
A: When fraud controls assume attacks are repetitive, they miss reasoning attacks that alter tactics mid-session and compose actions across platforms.
Practitioner guidance
- Define an agent identity registry Record every authorised AI agent, its business owner, approved tools, scope boundaries, and revocation path so machine action is attributable end to end.
- Replace human-versus-bot checks with authorisation checks Evaluate whether each automated interaction is permitted, not merely whether it looks automated, and attach policy to the action scope rather than the traffic source.
- Correlate cross-session behaviour Join identity, session, and platform telemetry so adaptive multi-step abuse can be detected across account creation, data access, and downstream use.
What's in the full article
Arkose Labs' full interview covers the operational detail this post intentionally leaves for the source:
- How Paul Rockwell frames the shift from bot detection to identity-based authorisation for agent traffic
- The specific abuse patterns he expects to emerge in agent-to-agent interaction scenarios
- Why multi-step, cross-platform reasoning attacks challenge current fraud and trust-and-safety tooling
- What leaders should prioritise in the next 12 months when building an agent identity framework
👉 Read Arkose Labs' interview on agent identity and reasoning attacks →
Agentic AI identity: what changes for trust and safety teams?
Explore further
10/06/2026 2:24 am
Agentic AI does not just expand the NHI estate, it changes what identity means. When a machine can act on behalf of a person, the key governance question stops being whether traffic is automated and becomes whether the action is authorised, bounded, and attributable. That is a different control model from consumer bot detection, and it belongs in the same governance conversation as service accounts and workload identity. Practitioners should treat agent identity as a first-class identity domain, not a logging afterthought.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between consumer bot detection and agent identity governance?
A: Consumer bot detection asks whether traffic is automated. Agent identity governance asks who authorised the agent, what it is allowed to do, and how its actions are recorded. The first is a traffic classification problem. The second is an identity and access problem that determines accountability, scope, and liability.
👉 Read our full editorial: Agent identity is replacing bot detection in agentic AI security
