Apps Safety Company News
Get started

Praeth

Continuous risk intelligence for the age of autonomous attackers. Every session is scored in real time across identity, device, and behavior — and the friction the user encounters scales with what the signal shows.

Get API access

The adversary a platform faces today is not the adversary it faced five years ago. For most of the history of the consumer internet, the distinction that mattered was between a human and a script. A human took time to read a page, made small inconsistent errors, moved a mouse in ways no program bothered to simulate. A script was fast, deterministic, and easily identified. The defenses that emerged — visual challenges, simple behavioral signals, IP reputation lists — were designed for exactly that distinction. They worked because the adversary cooperated with the assumption.

The assumption has broken. A growing fraction of automated traffic now comes from autonomous agents: language models driving real browsers, reasoning about the page in front of them, adapting to unexpected conditions, and passing the defenses that were designed to filter out scripts. They solve visual challenges in milliseconds. They type at human-plausible cadences because the model chose to. They do not loop. They do not fail in the ways that fail-mode detection was tuned to catch. On the other side of the spectrum, the networks behind the most sophisticated attacks are coordinated — residential proxies distributing a single campaign across thousands of individually-legitimate-looking sessions, timed to land within narrow windows, synchronized to a pattern that no single request reveals.

The defenses have to catch up to this. A binary decision at login — accept or reject — was already an awkward model in the previous era. In the current one it is actively harmful. Rejecting a legitimate user by mistake costs a platform a customer. Accepting an agent that has simply learned to look like a user costs the platform much more, and pattern-matching the agent by looking at one request at a time is no longer a viable strategy.

What Praeth does

Praeth is a risk engine that assigns every session a continuous score from zero to one hundred, updates that score in real time as the session develops, and exposes the score to the operator's policy. The operator decides how the score maps to friction: a score in the highest range passes invisibly; a score in the middle triggers a light challenge; a score in the lower range triggers a stronger one; a score at the bottom blocks the action and surfaces the session for review. The same policy governs the login, the checkout, the refund, the password reset, the withdrawal, the sensitive configuration change — each action can demand a different threshold. The decision is not a single gate at the door. It is a continuum along the entire session.

Three layers of reputation

The score is computed from three independent layers of reputation that are resolved against one another in real time.

The first layer is network identity. Praeth maintains a continuously updated view of every address space it observes, incorporating signals from the shared graph across tenants, curated external feeds, and a perimeter of internal sensors that surface malicious activity before it reaches production traffic. An address that appeared in a coordinated attack on one customer today is known to the next customer within seconds.

The second layer is device identity. A durable fingerprint is derived from signals available to any modern browser or mobile runtime without requiring personally identifiable data: rendering characteristics, audio stack configuration, installed font set, timezone and language, behavior of the runtime under specific probes. The fingerprint is engineered to remain stable across sessions for a legitimate user and to become unstable under the operating conditions of automated agents.

The third layer is behavior. A human using a product exhibits a characteristic distribution of input timing, pointer motion, scrolling rhythm, and hesitation patterns. An agent — whether a headless browser, a scripted worker, or a language model driving a real browser — exhibits a different distribution. Praeth models the two and treats the gap between them as signal. The same layer also detects the hybrid case that is becoming common: a real human following the plan of a language model, with timing patterns that reflect the model's latency rather than the human's own.

Detecting computer-using agents

The specific adversary we see defining the next several years is the computer-using agent — a language model with access to a real browser, reasoning about the page, taking actions, and adapting to responses. These agents leave identifiable signatures. They pause for characteristic intervals before each action, reflecting the time the model spends deciding. They do not produce the exploratory cursor motion that precedes a click when a human is deciding where to go. Their typing cadence is regular in a way no user's is. They do not scroll back to re-read. Praeth is trained to recognize these signatures as a distinct class of traffic, and to respond with challenges the agent cannot resolve even with full access to a vision model and a browser.

Challenges that an agent cannot pass

The visual puzzles that defined the previous generation of human verification are no longer effective. Modern vision models solve them trivially, and the user experience was never good to begin with. Praeth includes a set of challenges designed specifically against the capabilities of current and near-future agents. They rely on short-term motor coordination, on brief ephemeral memory, on physical interaction with a device that a headless environment cannot simulate, and on real-time coordination that cannot be deferred to a model that runs on a server. The challenges are short, they are accessible, and they are designed to be easier for a legitimate human than the tools of the previous era ever were — and harder for an agent than the tools of the previous era ever pretended.

Coordinated attacks

A significant class of attacks today is not the aggressive action of a single session; it is the coordinated action of thousands of sessions, each individually legitimate-looking, converging on a target within a narrow window of time. An attack of this kind is invisible to a defense that looks at one session at a time. Praeth runs correlation across the full stream of sessions, across tenants, in real time — identifying the temporal, behavioral, and fingerprint correlations that reveal a distributed attack as a single thing. The value of this detection compounds with the network: every additional tenant makes the signal for every other tenant clearer.

Privacy is an invariant

The engine is designed around the principle that the score must not require the collection of personally identifiable data to be accurate. Every signal the fingerprint draws from is chosen because it carries entropy without carrying identity. Behavior is modeled as shape rather than as content. The shared reputation graph operates on anonymized derivatives of the raw signal, not on the signal itself. This is not a compromise on accuracy. It is a constraint we chose because the regulatory environment — the protections that apply to automated decisions affecting individuals, the rules that govern cross-border transfer, the requirements that apply to sensitive categories of data — is demanding for a reason, and an engine that has to be retrofit to satisfy it later is less defensible than one designed to satisfy it from the start.

What Praeth is not

Praeth is not a bot filter in the sense that phrase carried in the previous era. Filters sort traffic into two buckets. Praeth produces a signal and leaves the disposition of each session to the operator's policy. It is not a replacement for the controls a platform already has at the edge — it is designed to integrate with them, producing a signal that edge controls can consume rather than duplicating their function. And it is not infallible. Every risk engine that has ever operated at scale has made mistakes. The value is not the absence of mistakes. It is the transparency of the decision, the ability to inspect and adjust the rules that govern it, and the rate at which the underlying model improves against adversaries it has already seen.

Current status

Praeth is serving production traffic across the Neuraphic ecosystem and is being extended to external customers on a measured basis. Platforms and products handling sensitive transactions, high-friction flows, or adversarial traffic can request access through the console.

Friction should be proportional to risk — not a gate at the door.

Claeth — Input security Prion — Autonomous defense Core views on AI safety Research