Agent trust management software: what it means for IAM teams

TL;DR: Forrester’s Bot and Agent Trust Management Software Landscape reflects a market shift away from binary human-versus-bot detection toward intent, customer journey continuity, and risk-based challenge decisions as AI agents increasingly act on behalf of legitimate users. The underlying issue is that conventional bot controls were built for automation detection, not trust decisions across delegated access paths.

NHIMG editorial — based on content published by Arkose Labs: Arkose Product Arkose Labs Recognized as a Notable Vendor in Forrester Bot and Agent Trust Management Software Landscape

Questions worth separating out

Q: How should security teams govern AI agents that act on behalf of customers?

A: Security teams should govern customer-facing AI agents as delegated non-human actors with explicit trust boundaries, action limits, and continuous monitoring.

Q: What breaks when bot detection only looks for human versus automated traffic?

A: Bot detection breaks when legitimate AI agents and malicious automation share similar traffic patterns.

Q: Why do AI agents complicate customer identity and fraud controls?

A: AI agents complicate customer identity because they can carry out actions that look legitimate while obscuring the actual decision-maker.

Practitioner guidance

• Map delegated customer access paths Inventory where AI agents or other non-human actors can act for customers, then document which transactions they can complete, which identity signals you can still observe, and where human attribution becomes ambiguous.
• Shift from source-based detection to intent-based response Review bot controls so response is driven by transaction intent, session behaviour, and risk level instead of only origin IP, device reputation, or automation indicators.
• Align fraud, IAM, and customer security policies Create shared thresholds for step-up, allow, and block decisions so the same delegated session is not treated differently by fraud tooling and identity governance teams.

What's in the full analysis

Arkose Labs' full post covers the operational detail this post intentionally leaves for the source:

• How the platform connects various agents back to human customers across direct and delegated journeys
• The analytics and reporting detail behind intent visibility and risk-based challenge decisions
• Telemetry-driven detection methods built from billions of sessions and custom customer models
• Use cases such as account takeover prevention and SMS toll fraud detection

👉 Read Arkose Labs' analysis of bot and agent trust management in Forrester's landscape →

Agent trust management software: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →