Notifications
Clear all
Topic starter
22/06/2026 10:22 am
TL;DR: Agentic traffic now shows up as both legitimate customer automation and malicious fraud operations, and the same login flows must distinguish population and intent in real time, according to Arkose Labs. The old bot-or-human model is collapsing under shared tooling, behavioural similarity, and the growth of AI-driven sessions, so classification is becoming the control plane, not just detection.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- Traffic from AI sources to US retail sites grew 393% year over year in the first quarter of 2026.
- Salesforce put the number at roughly $262 billion of online spend influenced by AI and agents over the 2025 holiday season.
Questions worth separating out
Q: How should security teams classify agentic traffic at login without blocking legitimate users?
A: Treat classification as a trust decision based on population, intent, and workflow sensitivity.
Q: Why do agentic sessions create more risk than ordinary automation?
A: Agentic sessions can represent either a real customer acting through software or a fraud operation using the same browser and cloud stack.
Q: What signals help identify malicious agents when fingerprints look clean?
A: Behavioural patterns are the most reliable signals in the hardest cases.
Practitioner guidance
- Map agentic exposure by workflow first Inventory login, signup, checkout, and account-recovery flows to determine where agentic sessions are already present and where they would cause the most harm.
- Separate self-disclosing from non-disclosing agents Create different policy paths for agents that identify themselves and agents that do not, because declared identity is not the same as trustworthy identity.
- Add behavioural signals to your trust decision Use interaction timing, sequence patterns, and machine-paced loops alongside fingerprints and device checks, especially for local OS-level agents.
What's in the full announcement
Arkose Labs' full analysis covers the operational detail this post intentionally leaves for the source:
- The session-classification model used to separate human, self-disclosing agents, non-disclosing agents, and malicious automation.
- The behavioural signals behind the vision-reasoning-action loop and how they appear in live traffic.
- The enforcement options available per endpoint, including challenge, throttle, block, and re-rating when behaviour drifts.
- The production exam abuse example with timing patterns, anomaly rates, and agent mix by session.
👉 Read Arkose Labs' analysis of agentic traffic, intent classification, and login trust →
Agentic traffic at the login page: what IAM teams need to know?
Explore further
22/06/2026 11:14 am
Classification is replacing detection as the primary control plane for agentic traffic. The article shows that bot-or-human scoring is too coarse for sessions that may be legitimate, malicious, or both at once. Once the same infrastructure can support consumer assistants and fraud automation, identity teams need population and intent as first-class decision inputs. The implication is that session control must move from a binary gate to a contextual trust decision.
A few things that frame the scale:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- Systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems, showing that scope control materially changes outcome.
A question worth separating out:
Q: Who should own policy decisions for agentic access to login and recovery flows?
A: Identity and fraud teams should share ownership, but the policy belongs inside identity operations because it is fundamentally an access decision. The question is not just whether to block traffic, but what type of actor may use a protected workflow and under what conditions. That makes governance, not only detection, the core issue.
👉 Read our full editorial: Agent trust classification is becoming the new login control
