The Announcement
Cequence Security has launched two new capabilities, Intent Graph and Biometric Check, designed to extend bot defense across web, mobile, API, and agentic AI traffic channels. The announcement comes as MCP-based agentic commerce goes live across platforms including ChatGPT, Amazon, Google, Visa, and Stripe, rendering traditional client-side bot detection architectures structurally inadequate. Intent Graph builds application-specific behavioral models that adapt without code changes, while Biometric Check replaces CAPTCHAs and puzzles with hardware-bound cryptographic attestation via device Secure Enclaves. Both capabilities are immediately available to Cequence customers.
The Bigger Picture
The timing of this release is not incidental. Cequence is making a clear architectural bet: the client-side era of bot defense is over, and the market hasn’t fully caught up to that reality yet.
The Agentic Commerce Problem Is Already Here
Traditional bot defense was built on a set of assumptions that are collapsing simultaneously. Browsers are present. JavaScript executes. CAPTCHAs provide friction. Device fingerprints are meaningful signals.
None of those assumptions hold in an agentic environment. MCP-based agents don’t use browsers. Headless environments don’t run puzzle runtimes. And sophisticated proxy networks now operate real browsers at scale, making automated traffic indistinguishable from human sessions even when the client-side signals are present. Cloudflare has reported that automated traffic now accounts for more than half of all web requests globally. That number will only grow as agentic commerce matures across the platforms already live today.
The enterprise security posture that assumes a web browser is present and trustworthy is not a posture built for 2026. Cequence is explicitly targeting that gap.
What Intent Graph and Biometric Check Actually Change
The architectural shift Cequence is describing is meaningful, not cosmetic. Intent Graph moves detection from client signals to behavioral modeling, building an application-specific map of how real users navigate a particular flow rather than relying on a generic fingerprint library. The critical differentiator is adaptability: security teams can adjust behavioral vectors and update detection algorithms in minutes without touching application code or filing an engineering ticket.
The reported enterprise deployment, in which adversaries retooled their attack more than ten times over two days using virtual browsers and rotating proxies and were blocked every iteration without a single CAPTCHA shown to a legitimate user, is exactly the use case that makes this architecture compelling. That outcome is not achievable with client-side tooling.
Biometric Check could address a related but distinct problem: how to insert verifiable human confirmation into high-stakes actions within agent workflows without degrading the user experience to the point of abandonment. Hardware-bound cryptographic attestation via Secure Enclave is categorically harder to defeat than a CAPTCHA, which can be solved programmatically, or a device fingerprint, which can be spoofed. The claim that the biometric itself never leaves the device and completes in under a second matters commercially. Friction that takes seconds versus friction that takes minutes has a measurable conversion impact.
What This Means for ITDMs
For IT and security decision-makers, the core business question is risk exposure in agentic workflows. ECI Research found that 59% of organizations are investing in Agentic AI for IT Operations today, and separately, that 90% of organizations plan to use AI agents by the end of 2025. That adoption curve is accelerating. But the governance and security infrastructure to support it is not keeping pace.
The human-in-the-loop gate that Biometric Check enables for high-stakes, irreversible actions, wire transfers, record retrievals, contract modifications, is the right design pattern for regulated industries. Financial services, healthcare, and B2B commerce all operate under compliance frameworks that will eventually require documented human authorization for consequential agent actions. Cequence is positioning ahead of that regulatory requirement rather than reacting to it.
For ITDMs evaluating the buy versus build question here, the relevant context is Cequence’s stated claim of more than 10 billion daily API interactions across Forbes Global 2000 customers. Behavioral detection models improve with data volume. A company attempting to build equivalent behavioral intelligence from scratch would face both a time deficit and a data deficit. That asymmetry is a real switching cost argument for the Cequence platform.
What This Means for Developers
For development and platform engineering teams, the no-code, no-SDK, no-JavaScript-instrumentation model has a direct impact on delivery velocity. ECI Research’s 2025 Application Development survey found that 83.8% of respondents use code scan tools during CI/CD processes, reflecting a mature shift-left security posture. But bot defense has historically sat outside the CI/CD conversation entirely, requiring SDK integrations, instrumentation overhead, and coordination between security and engineering teams. Intent Graph’s ability to update detection logic without application changes removes that coordination friction.
The false positive measurability claim in Biometric Check also deserves attention from developers and platform engineers. False positives from bot detection have historically been estimated rather than measured, creating a perpetual tension between security teams (who want aggressive detection) and product teams (who see every false positive as a lost customer). A mechanism that generates direct evidence of false positive rate changes the conversation from subjective to data-driven.
What’s Next
Behavioral Defense as the New Baseline
The broader market implication here is that behavioral, server-side detection is on a path to becoming the baseline expectation for enterprise bot defense rather than a premium feature. As agentic traffic channels proliferate and client-side signals continue to degrade in reliability, vendors still anchored to browser fingerprinting and JavaScript challenges face a structural positioning problem. Cequence is building its competitive moat around data volume and behavioral model depth, both of which compound over time.
The MCP protocol and Google’s Agent E-commerce Protocol are early-stage standards today. Within 18 to 24 months, they will be mainstream commerce channels for a meaningful portion of enterprise transaction volume. Security teams that have not adapted their bot defense architecture by then will be managing a significant and largely unmonitored attack surface.
The Governance and Compliance Overhang
The human-in-the-loop model embedded in Biometric Check points toward a larger unresolved problem in enterprise AI adoption. ECI Research found that 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. That confidence gap is a governance problem as much as a technical one. Regulated industries will need auditable, cryptographically verifiable records of human authorization for consequential agent actions. Cequence is providing the technical mechanism; the governance frameworks, policies, and compliance integrations that wrap around it are still being written.
The vendors and platforms that move now to establish interoperable, standards-based human authorization checkpoints in agent workflows will have significant influence over how those governance frameworks ultimately take shape. That’s a positioning opportunity that extends well beyond bot defense.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
