Digital Transactions Authoritative, insightful and timely information for payments professionals
Darwinium, a provider of cybersecurity software, has rolled out two new modules aimed at enhancing its digital-security and fraud-prevention platform. The modules detect criminals’ use of malicious AI agents to bypass a business’s fraud prevention defenses.
The two new modules, called Beagle and Copilot, simulate malicious AI-based attacks to distinguish AI agents acting on behalf of good users from malicious agents. AI agents are a form of artificial intelligence that understand and respond to customer inquiries without human intervention.
Beagle fights AI-based fraud by simulating malicious behaviors using “autonomous AI agents” to test detection and mitigation strategies in production-like environments. Copilot helps businesses understand behaviors, gaps, and risks within a current fraud strategy, and suggests enhancements to features, rules, and models to harden defenses.
“AI agents are being used to trick systems into thinking they are legitimate human/trusted traffic,” Darwinium chief executive Alisdair Faulkner says by email. “They are manipulating processes designed to separate humans and bots by doing things like randomizing mouse movements and keystrokes, mirroring human delays and timings between clicks, and slowing down the rate of form fills to appear human. Likewise, they are used to make bot behaviors more effective.”
AI agents can also be used to create synthetic identities, which criminals can use to create fraudulent new accounts and tailor attack methods based on responses, Faulkner adds. AI agents can even be used to probe for vulnerabilities in pricing structures, coupon and discount codes, or exposed payment endpoints.
“And of course, agents can be used to convincingly create content and identity details that can be used to dupe unsuspecting customers into divulging sensitive data or even making fraudulent payments,” Faulkner says.
A key feature of Beagle is its ability to emulate synthetic identities by generating realistic user profiles, including spoofed devices, geolocation variance, and behaviorally valid interaction patterns. Beagle can also identify weak links in multilayered fraud defenses, including device fingerprinting, behavioral biometrics, velocity checks, and bot-scoring systems.
“Beagle is essentially designed to simulate adversarial AI agents by probing Web sites for vulnerabilities,” Faulkner says. “We’ve looked for and uncovered weaknesses in businesses’ signup systems and bot defenses. For example, using AI agents that can create and then use synthetic identities to sign up for new accounts.”
Once vulnerabilities are identified using Beagle, the Darwinium platform can then detect malicious AI agents, bots, and signups, and separate them from a trusted user or agent, Faulkner adds.
Key features of Copilot include the ability to automate feature and rule recommendations based on behavioral anomalies or patterns, interpret trends, anomalies, or deviations in key-performance-indicator deviations, and select specific events or users for analysis to detect anomalies, correlate patterns, and identify similar events or actions that would take a human days or weeks to identify, according to Darwinium.
“Copilot is the closed-circuit feedback loop that essentially helps a business or fraud analyst at payment organizations close the loop of remediation,” Faulkner says. “It helps a business understand behaviors, gaps, and risks within a current fraud strategy, and suggests enhancements to features, rules, and models to harden defenses.”
