1. https://appdevelopermagazine.com/artificial-intelligence
  2. https://appdevelopermagazine.com/agentic-commerce-grows-cequence-unveils-ai-era-bot-defense/
7/15/2026 9:36:11 AM
Agentic Commerce Grows Cequence Unveils AI-Era Bot Defense
Agentic Commerce,Bot Defense,AI Agents,MCP,Intent Graph,Biometric Check,Behavioural Detection,API Security,Application Security,Fraud Prevention,Account Takeover Prevention,Web Security,Mobile Security,Agentic AI,Human In The Loop,Cryptographic Attestation,Secure Enclave Verification,Carding Mitigation,Credential Stuffing Protection,Bot Management Platform,Cequence Security
/Agentic-Commerce-Grows-Cequence-Unveils-AI-Era-Bot-Defense_jetra5u2.jpg
App Developer Magazine

Artificial Intelligence

Agentic Commerce Grows Cequence Unveils AI-Era Bot Defense


Wednesday, July 15, 2026

Ben Conway Ben Conway

Enterprises adopt agent led workflows with confidence as Intent Graph and Biometric Check deliver behavioural detection and human verification across every channel as Agentic Commerce Grows and Cequence Unveils AI Era Bot Defense.

Cequence Security has announced Intent Graph and Biometric Check, two new capabilities designed to help enterprises protect applications as AI agents, bots, APIs, and agent-driven commerce create a more complicated traffic landscape.

The timing matters.

Enterprise traffic is no longer limited to people clicking through websites or mobile apps. Customers, bots, scripts, APIs, and AI agents may all interact with the same business systems, often through very different paths. Some of that automation is useful. Some of it is abusive. The hard part is knowing the difference without slowing down real customers or approved agents.

That is the problem Cequence is trying to solve.

Intent Graph focuses on understanding behavior across web, mobile, API, and agentic AI channels. Biometric Check gives teams a way to confirm human approval when a session or action carries higher risk. Together, the two capabilities are aimed at a security problem that is becoming harder to ignore: traditional client-side bot defenses were built for a browser-first world, but AI-driven traffic does not always arrive through a browser at all.

Why bot defense has to change

For years, bot protection leaned heavily on client-side signals. CAPTCHAs, JavaScript puzzles, device fingerprints, browser characteristics, and TLS details all helped security teams decide whether traffic looked human or automated.

That approach is getting weaker.

Attackers can now use real browsers, residential proxies, clean device fingerprints, and automation frameworks that make bad traffic look much more like real customer activity. At the same time, AI agents and MCP-based workflows may operate outside a normal browser session, which means some of the signals older defenses expect simply are not there.

That creates a practical problem for enterprises.

A security tool cannot depend only on browser clues if important traffic is moving through APIs, agent workflows, mobile apps, and third-party systems. Teams need a way to understand what a session is doing, not just what device or browser it appears to come from.

Intent Graph brings behavior into focus

Intent Graph is built around that idea.

Instead of relying only on static fingerprints, Intent Graph models how real users, bots, and agents move through an application. It looks at behavior across the flow and compares that activity with patterns associated with automation, abuse, or malicious agents.

That gives security teams a more useful question to answer: what is this session trying to do?

That matters because attacks often change quickly. Credential stuffing, scraping, carding, account takeover, business logic abuse, and data harvesting can all shift tactics as defenders respond. Attackers may rotate infrastructure, change tools, or use headless and virtual browsers to avoid detection.

Cequence says Intent Graph lets security operators adjust which behavioral signals drive detection and mitigation without code changes, SDK rollouts, or JavaScript instrumentation. That is important for fast-moving teams that cannot wait for every policy change to become an engineering project.

The goal is simple: make bot and agent detection more adaptive while reducing the maintenance burden on application teams.

Agentic Commerce Grows Cequence Unveils AI-Era Bot Defense


Biometric Check adds a human confirmation layer

Biometric Check handles the other side of the problem: what happens when the system needs to know a real person approved a high-risk action?

Instead of pushing users through CAPTCHAs, SMS codes, email links, or puzzles, Biometric Check uses familiar device-level prompts such as Touch ID, Face ID, or Windows Hello. The device returns cryptographic proof that a real person on a registered device completed the check.

The biometric data itself does not leave the device.

That distinction matters. The value is not that the enterprise receives a fingerprint or face scan. The value is that the device can provide hardware-backed proof of user presence. For users, the experience is familiar and fast. For security teams, it gives a stronger signal than a puzzle that bots may be able to solve at scale.

It also helps with false positives.

If a real customer is challenged and passes the check, that becomes useful feedback. Security teams can see where legitimate users are being interrupted and adjust policy over time. That makes verification more measurable instead of just another layer of friction.

Human approval for high-risk agent actions

The rise of AI agents makes this even more important.

Not every agent action needs a human in the loop. Low-risk tasks should be able to move quickly. But some actions need more control. Wire transfers, contract changes, account updates, sensitive record retrieval, and other irreversible steps should not happen without clear approval from the authorized person.

That is where Biometric Check fits into agentic workflows.

Instead of challenging a user at the front door and trusting everything that happens later, enterprises can add confirmation at the moment risk appears. The agent can continue to do useful work, but a high-stakes action can still require human approval.

That is a practical model for financial services, healthcare, B2B commerce, public sector systems, and other regulated environments where automation is helpful but accountability still matters.

human confirmation layer

One view across web, mobile, API, and agent traffic

One of the stronger parts of Cequence's approach is the attempt to keep visibility unified.

Agents and automated attackers do not stay inside neat product boundaries. A single abuse campaign may touch login pages, APIs, mobile endpoints, checkout flows, account systems, and partner integrations. If teams have to stitch together separate tools for each channel, important signals can get lost.

Cequence positions Intent Graph and Biometric Check as part of a common platform for application protection, API security, bot defense, and agentic AI oversight.

For security teams, that matters because speed is part of the job. If an attacker changes tactics, the response needs to change quickly. If a business launches a new flow, security coverage should not require a long client-side instrumentation project before it can work.

A no-code or low-instrumentation approach is especially useful for enterprises with fast release cycles, complex legacy systems, or mixed web, mobile, and API estates.

Built for the agentic commerce shift

Agent-driven commerce is still early, but the direction is clear.

More systems are being designed so AI agents can search, compare, recommend, reserve, purchase, update, and act on behalf of users. That creates opportunity, but it also creates new security questions.

Was the action performed by a trusted agent?

Was the agent acting within an approved scope?

Is the behavior consistent with the user or business process?

Does this step require a real person to confirm it?

Intent Graph and Biometric Check are designed around those questions. One focuses on understanding behavior and intent. The other creates a fast checkpoint when human confirmation is needed.

That combination is important because enterprises do not want to block automation entirely. They want to separate useful automation from abusive automation and keep control over the moments that carry real risk.

agentic commerce shift

Availability as agentic commerce grows

Intent Graph and Biometric Check are available as part of the Cequence platform.

Organizations can evaluate the capabilities against their own traffic mix, including web, mobile, API, MCP-based interactions, and third-party agent ecosystems. Security, product, and engineering teams can work together to define detection sensitivity, decide where verification should appear, and determine which agent actions require a human approval step.

The goal is to protect revenue, data, and trust without making the experience harder for real customers or approved agents.

About Cequence Security

Cequence Security protects the applications, APIs, and data that power modern enterprises. Its platform applies behavioral intelligence across web, mobile, API, and agentic AI channels to help organizations detect automated abuse, govern agent interactions, and verify high-risk actions.

The company positions its approach around fast deployment, reduced reliance on client-side instrumentation, and unified visibility across application protection and API security. Cequence says its platform is used by large private and public sector organizations and protects more than 10 billion daily API interactions and 4 billion user accounts.

Cequence for AI Agents and BOT traffic




Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here



Stay Updated

Sign up for our newsletter for the headlines delivered to you

SuccessFull SignUp

Featured Stories


NearLens: Smart Glasses Privacy Taken Seriously
NearLens: Smart Glasses Privacy Taken Seriously Wednesday, July 15, 2026




Agentic Commerce Grows Cequence Unveils AI-Era Bot Defense
Agentic Commerce Grows Cequence Unveils AI-Era Bot Defense Wednesday, July 15, 2026


Nearly all developers use AI but few secure the code it generates
Nearly all developers use AI but few secure the code it generates Monday, July 13, 2026


Enviromates new browser launches
Enviromates new browser launches Monday, July 6, 2026


AI Executive Order aims to balance security and innovation
AI Executive Order aims to balance security and innovation Monday, June 29, 2026


Top manufacturing trends for 2026
Top manufacturing trends for 2026 Tuesday, June 23, 2026


API scoring tool shows if your API is ready for AI
API scoring tool shows if your API is ready for AI Monday, June 22, 2026


Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP
Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP Friday, June 19, 2026


Influencer Debate AI Anthropic IPO Reveals Industry Concerns
Influencer Debate AI Anthropic IPO Reveals Industry Concerns Wednesday, June 17, 2026


Subscription apps are losing users faster than ever
Subscription apps are losing users faster than ever Tuesday, June 16, 2026


Get More App News