Every action now has
an agent behind it.
Classify human, trusted agent, or malicious in real time - and act before the request completes.
The new attack surface
Your defenses were built for humans.
Every fraud control you own - MFA, WAF, device checks, CAPTCHAs - assumes a person at the keyboard. Agentic AI breaks that assumption. Now software logs in, fills forms, and moves money on a user's behalf, and the line between a helpful assistant and an attacker is invisible to legacy tools.
Acting on a user's behalf
Browser agents click, log in, and check out using real credentials. To your stack it looks like a legitimate session - because it is one.
Attacks at machine speed
Credential stuffing, scraping, and synthetic onboarding now run thousands of perfectly-formed requests a minute - no fatigue, no mistakes.
High-risk actions automated
Refunds, account recovery, withdrawals, and profile changes are exactly the flows agents are pointed at - and exactly where abuse hurts most.
Prompt injection & shadow AI
Hijacked instructions and unmonitored no-code agents turn trusted automation into an exfiltration path you never provisioned.
~50%
of internet traffic is already automated - and agentic AI is accelerating the share.
0 of them
solve a CAPTCHA the way a human does - yet many now pass them anyway.
<50ms
is all you get to decide allow, step-up, or block - before the action completes.
How it works
Classify the agent behind every action
One continuous loop runs on every session - from first touch to the riskiest transaction.
01
Observe
Capture behavioral biometrics, device, and network signals on every session event - silently, with zero user friction.
02
Classify
Decide human, trusted agent, or malicious in real time - distinguishing helpful automation from an attacker.
03
Score
Maintain a continuous CARTA risk score across the whole session - not a one-time check at the door.
04
Act
Return a verdict in under 50ms so your app can allow, step-up, or block on your own rules.
Capabilities
One signal layer for the agentic era
Behavioral biometrics, device intelligence, and continuous risk scoring - purpose-tuned for software that behaves like a user.
Agent vs. human classification
Tell a real person, a declared trusted agent, and a malicious bot apart - on the same login, same device, same flow.
Behavioral biometrics
Keystroke rhythm, cursor entropy, scroll velocity, and touch dynamics - the human signals agents can’t fake.
Device & network intelligence
Continuous fingerprinting flags headless browsers, emulators, rotating identities, and impossible-velocity sessions.
Continuous (CARTA) risk scoring
Risk is re-evaluated on every event, not just at login - so a session that turns hostile is caught mid-flight.
High-risk action monitoring
Extra scrutiny on refunds, account recovery, withdrawals, and profile changes - the actions agents are pointed at.
Prompt-injection & abuse signals
Surface injected-instruction patterns, shadow-AI access, and automation abuse before they become an exfiltration path.
Live detection
Watch it classify in real time
Every incoming session is scored against thousands of behavioral and device signals. Trusted agents and humans flow through; abuse is flagged before the action lands.
0
Allowed (human + trusted)
0
Auto-blocked
Agent stream · live
/v1/classify
Integration
One SDK. Up in minutes,
not days.
Drop in the SDK, send session events, and read a verdict on every action. No model training, no rules to hand-write on day one.
Edge verdict returned synchronously in under 50ms.
Your rules, your actions - allow, step-up, or block on your terms.
Explainable signals on every decision - no black box.
index.html
<body> <!-- Your existing content --> <!-- Add before closing body tag --> <script src="https://unpkg.com/@cross-classify/xc-sdk@latest/dist/xc-sdk.min.js" ></script> <script> CrossClassify.initXC( YOUR_SITE_ID, YOUR_API_KEY, { developerMode: true, // Enable for testing loginRoute: "/login", // Your login page path signupRoute: "/signup", // Your signup page path } ); </script> </body>
Why CrossClassify
Built for agents, not just bots
Legacy tools answer "is this a bot?" The real question is "which agent is this, and should it do this?"
| Capability | CAPTCHA | Bot management / WAF | CrossClassify |
|---|---|---|---|
| Distinguishes good agents from bad | |||
| Behavioral biometrics | Partial | ||
| Continuous scoring after login | Partial | ||
| No friction for real users | |||
| Detects agent acting for a user | |||
| Explainable, per-decision signals | Partial |
Feedbacks
What Our Clients Say
“CrossClassify has exceeded our expectations with its cutting-edge fraud detection and prevention capabilities. Their tailored use of AI-driven behavioral analysis, device fingerprinting, and risk scoring has streamlined our operations and improved fraud prevention. The quick and easy integration, combined with the team’s professionalism and commitment to excellence, has been key to enhancing trust and satisfaction in the healthcare industry.”
Nick Chang
Chief Operating Officer at Helfie
“They were incredibly easy to work with, implementing a standard API layer and completing integrations with key products in the aged care and home care sectors. Their efforts impressed our platform partners, who have now accelerated their integration roadmaps due to the quality of Whitefox’s approach. Additionally, their professionalism, commercial acumen, and high-quality work were noted by two of our technology specialist board advisors.”
Dr Merran Cooper
CEO Touchstone Life Care
Frequently asked questions
Get ahead of agentic fraud
See how CrossClassify classifies the agent behind every action - on your own traffic, in a live demo.
No credit card required
