What’s Happening
Arkose Labs launched Arkose Agent Trust Manager at Identiverse, adding a classification and enforcement layer to its Arkose Titan platform. The product’s core premise is straightforward: not all non-human traffic is hostile and treating it as if it were creates friction that costs companies revenue. Agent Trust Manager categorizes inbound traffic into four distinct session classes (human, self-disclosing good agent, non-disclosing good agent, and malicious adversary) and maps each to a proportional enforcement response. The company reports that among its existing customer base, agentic traffic is already doubling quarter-over-quarter. Arkose Labs counts Meta, Adobe, Expedia, Anthropic, and Roblox among its customers.
The Bigger Picture
The Agentic Traffic Problem Is Arriving Faster Than Defenses
The scale of the impersonation problem embedded in this announcement deserves attention on its own terms. Arkose Labs’ own telemetry shows 74% of adversarial sessions spoofing browser values and 69% faking macOS environments. Those are not edge cases. They represent a threat actor community that has already industrialized the use of residential proxies and cloud-hosted agent infrastructure to bypass traditional device fingerprinting. The implication is that defenses built around static signatures or simple bot/human binaries are structurally insufficient.
The timing of this launch reflects a genuine market gap. The wave of agentic AI adoption now underway inside enterprises is sending a parallel wave of agentic traffic outward toward every digital surface those enterprises touch. According to ECI Research’s 2025 AI Builder Summit survey, two-thirds of enterprise AI leaders have already implemented multi-agent collaboration in live or pilot workflows. That number will only grow. Every one of those agents eventually calls an external API, loads a web page, or submits a form. The companies on the receiving end of that traffic have, until recently, had no meaningful way to distinguish a legitimate AI assistant shopping on a customer’s behalf from a credential-stuffing bot operating at the same behavioral profile.
What ITDMs Should Take Away: This Is a Revenue Integrity Question
For IT and business decision-makers, framing this as a “bot defense” problem misses the point. The financial stakes involve two distinct failure modes. The first is familiar: fraudulent transactions, account takeovers, and the chargeback and customer reacquisition costs that follow. The second is newer and arguably more costly to ignore: blocking or excessively challenging legitimate agentic traffic from AI assistants acting on behalf of real customers. As agentic purchasing and task completion become standard consumer behavior, companies that treat all non-human sessions as suspect will systematically degrade the experience for their most technologically engaged customers.
Agent Trust Manager’s five-step enforcement spectrum (Allow, Monitor, Challenge, Throttle, Block) is the product design decision that aims to address this second risk. A binary allow/block policy cannot serve a traffic population with three meaningfully different behavioral and intent profiles. The ability to throttle or challenge selectively, rather than block wholesale, is where the revenue preservation argument lives. The Proof of Work and AI-resistant challenge mechanisms apply economic deterrence specifically against adversarial sessions, raising the cost of attack without touching legitimate flows.
What Developers Should Know: Behavioral Classification at the Enforcement Layer
From a technical standpoint, Agent Trust Manager’s architecture is notable for where in the stack the classification logic sits. Rather than operating as a separate inspection layer, it runs on top of the device intelligence, behavioral biometrics, and adaptive challenge telemetry already embedded in Arkose Titan. This matters because it means classification and enforcement share the same signal surface. Continuous intent integrity monitoring re-classifies sessions in real time when behavioral drift occurs, which handles a specific and difficult problem: an agent authorized for one activity (say, reading product catalog data) that begins probing restricted flows mid-session. That mid-session reclassification and automatic enforcement escalation is architecturally distinct from point solutions that make a trust decision at session initiation and hold it static.
The five detection layers covering the full spectrum of agent traffic, combined with endpoint-level, population-level, and use-case-level policy controls, give platform and security engineering teams the granularity to build policies that match their actual business logic rather than approximating it. That flexibility matters because the “non-disclosing good agent” category (Claude computer use, ChatGPT agent mode, agentic browsers) represents the fastest-growing and most ambiguous segment, and it requires behavioral inference rather than declarative verification.
ECI Research’s 2025 AI Builder Summit data also found that 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. For security architects designing enforcement policies, that uncertainty has a direct operational implication: the enforcement layer needs to be able to escalate automatically, without requiring a human to intervene at each decision point. Arkose’s framing of this as an “enforcement gap” problem maps directly to that confidence deficit.
Looking Ahead
Agent Trust Becomes a Standard Enterprise Requirement
The agentic traffic doubling quarter-over-quarter inside Arkose Labs’ own customer base is a leading indicator, not an outlier. As enterprise AI deployments scale from pilot to production, the volume of outbound agentic traffic hitting consumer and enterprise-facing applications will increase across every industry. The companies that have not yet formalized an agent trust policy will find themselves making that decision reactively, under pressure, following an incident.
The classification problem will also intensify before it simplifies. The non-disclosing good agent category is the least stable: AI assistant vendors can and do change how their agents identify themselves (or don’t), and behavioral signatures will evolve as the agent ecosystem matures. Vendors in this space will need to invest continuously in signal quality and detection coverage to stay ahead of both adversarial adaptation and legitimate agent proliferation.
Governance and Policy Tooling Will Drive Buyer Decisions
For the medium term, the differentiating capability in this market will not be detection accuracy alone. It will be policy expressiveness: the ability for security and platform engineering teams to define, audit, and update agent trust policies without requiring deep vendor involvement at each iteration. Arkose’s customer-defined policy controls by endpoint, population, and use case are pointed in that direction. As enterprises build out AI governance frameworks more broadly, agent traffic policy will become a component of those frameworks rather than a standalone security product decision, which will shift the buyer from the security team toward a cross-functional platform or AI governance committee. Vendors who can integrate cleanly into existing governance workflows will have a structural advantage over those requiring purpose-built policy management.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
