Cequence Security, a pioneer in application security, is introducing Intent Graph and Biometric Check, two new capabilities that extend the behavioral architecture Cequence has built on since inception—giving enterprises bot defense that works across web, mobile, API, and agentic AI traffic.
“Client-side bot protection wasn't architected for AI-driven traffic, and enterprises are already feeling the consequences of this as automated traffic exceeds that from humans,” said Ameya Talwalkar, CEO and co-founder of Cequence.
According to the company, Intent Graph builds a behavioral model specific to each application, not a generic fingerprint, but a living map of how real users navigate that particular flow. Because the model is application-specific and behavior travels with the client, one detection layer covers the full surface:
- Web: credential stuffing, scraping, and account takeover
- Mobile: automated abuse that slips past app-level protections
- API: business logic abuse, carding, and data harvesting
- Agentic AI, including MCP: distinguishing legitimate AI agents from adversarial ones without relying on non-existent client-side instrumentation
What makes Intent Graph different from behavioral fingerprinting is what happens when the model needs to change. Security teams can adjust which behavioral vectors feed into detection and ultimately into mitigation without a code change or a ticket to engineering, the company said.
Biometric Check replaces CAPTCHAs, puzzles, SMS codes, and email verification with hardware-bound cryptographic attestation via a device’s Secure Enclave.
When bot detection flags a session outside a configurable, application-specific confidence threshold, the user completes a familiar biometric interaction—Touch ID, Face ID, Windows Hello—and the device returns signed proof that a real person on a registered device completed the action. The biometric itself never leaves the device and completes verification in less than a second, the company said.
The same checkpoint logic extends to AI agents. For low-risk actions, agents operate freely. For high-stakes, irreversible actions such as wire transfers, record retrievals, or contract modifications, Biometric Check inserts a human-in-the-loop gate at the time of the action rather than at the front door.
"Building effective bot defense for MCP and agentic commerce requires institutional knowledge that most companies simply don't have," said Shreyans Mehta, CTO and co-founder of Cequence.
Intent Graph and Biometric Check are immediately available to Cequence customers as part of the Cequence platform.
For more information about this news, visit www.cequence.ai.