TL;DR: AI agent security cannot be handled as a bot-versus-human problem, because intent, not user type, now determines the right response in fraud and account security workflows, according to Arkose Labs. The category shift is forcing teams to rethink detection, challenge design, and escalation logic across automated and human-assisted attack paths.
NHIMG editorial — what this means for AI and NHI governance
Questions worth separating out
Q: How should security teams classify AI agent behaviour in fraud controls?
A: Security teams should classify AI agent behaviour by intent and session context, not by whether traffic appears automated.
Q: Why do AI agents make bot detection less reliable?
A: AI agents make bot detection less reliable because they can use real tools, change execution paths, and blend into normal application behaviour.
Q: What do security teams get wrong about challenge-response controls?
A: Teams often treat challenge-response as the full defence, when it should be only one input to a broader enforcement model.
Practitioner guidance
- Define actor classes for enforcement Create separate handling paths for human users, ordinary automation, and agentic behaviour so that every event is not forced through the same bot decision.
- Move challenge systems later in the decision chain Treat challenge-response as one signal, not the control itself.
- Measure attacker economics alongside detection quality Track whether your controls increase attacker cost, slow abuse loops, and reduce repeat attempts without imposing broad friction on legitimate sessions.
What's in the full announcement
Arkose Labs' full blog post covers the operational detail this post intentionally leaves for the source:
- The article's product framing for Agent Trust Manager and how the vendor positions classification by intent in practice.
- The specific examples the vendor uses to distinguish ordinary automation from agentic threat populations.
- The product-news context around Arkose's broader bot mitigation and account security portfolio.
- The original wording of the vendor's argument about why detection stacks need to change.
👉 Read Arkose Labs' analysis of AI agent trust management and intent-based detection →
AI agent trust management: what it changes for security teams?
Explore further
Intent classification is becoming the new control boundary for digital abuse. The binary model of bot versus human was designed for environments where behaviour was easier to bucket and enforcement could be coarse. AI agents break that assumption because the same runtime surface can represent benign automation, delegated assistance, or adversarial abuse. The implication is that fraud and IAM teams need to treat intent as an enforceable security signal, not a reporting label.
A question worth separating out:
Q: How can organisations reduce fraud without blocking legitimate automation?
A: Organisations can reduce fraud by defining separate policy paths for humans, ordinary automation, and agentic actors, then applying controls based on context and risk. The goal is to raise attacker cost while preserving legitimate workflows. Good programmes measure both abuse reduction and user friction, because one without the other is not sustainable.
👉 Read our full editorial: AI agent trust management is redefining fraud detection in 2026