GCP – Enabling a safe agentic web with reCAPTCHA

The emergence of the agentic web — an internet where autonomous AI agents can independently execute complex, multi-step tasks and transactions that previously required human interaction — promises a fundamental shift for how customers and businesses interact. While agents can help deliver a frictionless customer experience, they can also enable new abuse and fraud vectors. 

In the agentic web, automation raises key questions for enterprise fraud and risks teams to address, including:

• How do you identify an AI agent and the user behind it to ensure the agent hasn’t been taken over?

• How do you determine the legitimate intent of the agent’s tasks and that the agent has not gone rogue?

• How do you mitigate risks when malicious AI has the ability to solve the very challenges designed to stop them?

• How do you enable safe agentic commerce when new communication surfaces such as agent-to-agent and agent-to-services are prevalent?

At Google Cloud, we believe preventing fraud and abuse in the agentic web should fundamentally result in a simpler customer experience. To deliver this safe agentic web, we must evolve from pure prevention to active enablement. As such, we are building a proactive, trust-based model founded on a framework for agentic trust.

A framework for agentic trust

The stakes for every enterprise are high. Consider a high-demand product launch: 10,000 individual customers task their personal AI agents to each buy one item the moment it drops. This is a high-value, desirable use case. Now consider one malicious scalper deploying 10,000 agents to buy the entire inventory for resale. To a traditional security system, both scenarios look like an identical “attack.” 

If your system can’t tell the difference, you either block your best customers or fail your entire launch. It’s no longer just about detecting automation; it’s about differentiating intent, and challenging that intent when risks are detected.

In this agentic web, the most fundamental question is, how do you protect your businesses from fraud and abuse and at the same time deliver an autonomous and frictionless agentic ecommerce experience?

Agent and user identity (knowing who it is) 
Like human users, AI agents should have their own trusted identities and be accountable for all the activities they perform. In the agentic world, there are agents that act on behalf of the user, and they can leverage the user’s existing session and context. There are also agents that operate remotely as a cloud service, such as Gemini, while performing tasks for the users. 

It’s critical that businesses have visibility and control on both the agent and user identities, as well as their relationships, to prevent attacks such as agent takeovers. At Google, we are actively identifying and labeling agentic activities, integrating with different agent identity protocols (including SPIFFE and Web Bot Auth), and building flexible controls to challenge and block agents based on identities and behaviors. 

By using Google’s fraud intelligence protecting billions of accounts, over 7 million sites, and 50% of the Fortune 100, Google Cloud can deliver unparalleled visibility into agent and user identities to prevent takeovers.

Agent behavior (analyzing what it’s doing) 
To effectively stop fraud in the agentic world, you need to look beyond identity and continuously analyze an agent’s actions and intent in real time. That’s because a trusted identity isn’t enough to stop potential attacks from compromised or rogue agents performing fraudulent activities. 

We are building dedicated risk models that segment traffic into “agentic” and “non-agentic,” combine an agent’s identity with its live actions, and allow our systems to perform comprehensive risk and trust analysis on both good and bad activities. The adaptive analysis can allow us to understand intent by scrutinizing the sequence of actions of users, weigh the reputation of a signed-in account, and analyze behavior over time. 

By using Google’s unique and global insights, we are protecting customers at the web layer, and also new communication surfaces such as agent-to-agent and Model Context Protocol (MCP) layers.

Mitigation (responding effectively) 
When high risk is detected, the response must be effective against an AI — not just simple bots. That’s why we are investing in a new class of AI-resistant challenges, which are explicitly designed to be economically unviable for AI to solve at scale, since software can’t affordably fake a unique human interacting with a unique piece of hardware. 

A prime example is our new mobile-device based challenge, which requires a user to scan a QR code with their physical mobile device in order to provide a high-assurance attestation that a unique human is present. This new approach provides stronger, AI-resistant security, and also effectively breaks the business model for large-scale attackers. It can simplify the challenge process, too, providing a better experience for end-users.

Enablement (accelerating business)
In the new agentic web, trusted agents will act on behalf of shoppers, finding the best value, and making purchases.  Google recently announced the Agent Payments Protocol (AP2), an open protocol developed with leading payments and technology companies to securely enable this use case. However, additional security guardrails must be put in place to mitigate the risk of attacks with the new agentic commerce protocols. 

Today, customers can already use reCAPTCHA’s transaction risk API to detect and prevent scaled carding attacks and increased chargebacks. In addition, we are actively working to deepen the integration of reCAPTCHA transaction fraud detection models directly into Google Cloud’s AI services to ensure a seamless customer integration and end user commerce experience. 

An invitation to build the future

Ultimately, this framework provides the visibility and control needed to shift from prevention to enablement. We’re enabling a safe agentic web by empowering you to create nuanced security strategies that blocks threats and confidently accelerates trusted interactions. This agility means you can always deploy the right response for the right situation, fostering an environment for your legitimate users and their agents.

For organizations building on Google Cloud, we are natively integrating reCAPTCHA‘s agent-aware security with Google Cloud’s powerful AI services including Vertex AI, Agent Engine, and Gemini Enterprise, and providing a platform for you to build innovative agentic services and deploy them with the confidence that they are secure from the ground up.

The agentic web will redefine digital interaction. Fraud and risk business and security leaders can use this pivotal moment to help their organizations stay on top of the agentic future. By evolving into enablers of this new agentic web, they can help drive the next phase of business growth and build a foundation of digital trust. 

To learn how reCAPTCHA‘s solutions can protect your business from fraud today and help you build safe, frictionless agentic experiences for tomorrow, we invite you to have a conversation with our team to explore this framework and prepare for the next generation of digital business.