Intent-based Protection
Overview
AI agents can be legitimate and strongly authenticated while still being used to carry out malicious activities. Knowing who an agent is does not tell you what it is trying to do. DataDome's intent-based protection addresses this by analyzing every agentic request to determine its purpose and block fraudulent activity, regardless of the agent's identity or Trust Score.
Dual-Layer Protection
DataDome's protection operates across two complementary layers:
- Identity-level protection: verifying that the agent is genuinely who it claims to be, and blocking attackers who attempt to spoof the identity of a trusted agent to bypass security controls.
- Intent-level protection: detecting and blocking malicious behavior in real time, even from well-known agents with a verified identity.
This dual-layer approach ensures that DataDome's protection is not circumvented by the legitimacy of an agent's identity, a critical safeguard as fraud tactics evolve alongside the capabilities of AI agents.
How Intent Detection Works
Intent detection begins with comprehensive signal collection. DataDome captures both server-side signals (such as request headers, IP reputation, and traffic patterns) and client-side signals (such as browser and device telemetry), providing a multi-dimensional view of each interaction.
Detection is structured across three complementary processing layers:
Layer 1: Synchronous Real-Time Detection
At the moment a request is made, DataDome evaluates it instantly against detection models and configured policies. Requests identified as malicious are blocked before they reach the protected application, with zero impact on legitimate traffic.
Layer 2: Asynchronous Behavioral Analysis
In parallel with request processing, DataDome continuously analyzes the broader behavioral context of ongoing agentic sessions, both at the session level and at the user level. This layer catches fraud patterns that only emerge over a sequence of interactions, such as coordinated probing, step-by-step account takeover attempts, or gradual data exfiltration, enabling rapid and dynamic response.
Layer 3: ML Model Training Loop
Signals and behavioral data collected across all sessions are fed back into DataDome's machine learning pipeline. This loop enables models to continuously adapt to emerging fraud tactics, ensuring detection capabilities evolve in lockstep with the threat landscape.
Across all three layers, multiple detection models run in parallel, each specializing in a different dimension of behavior. By combining these models, DataDome avoids the blind spots that any single model would create, delivering defense-in-depth against both known and novel fraud techniques.
Detected Threat Categories
DataDome's intent detection covers the following threat types:
| Threat | Description |
|---|---|
| Vulnerability Scanning | Probing endpoints for security weaknesses or exposed sensitive paths |
| Credential Stuffing | Automated login attacks using lists of stolen username/password pairs |
| Fake Account Creation | Mass registration of fraudulent user accounts |
| Payment Fraud | Illegitimate purchase or payment attempts, including carding |
| Spamming | Automated submission of unsolicited content, messages, or form data |
| Scalping | Automated purchasing of limited-availability items at scale |
| Scraping | Unauthorized bulk extraction of content, pricing, or proprietary data |
Intent-Based Policy
Intent-based protection is also available as a policy option in Access Control. When the Intent-Based policy is applied to an agent, DataDome inspects every request and blocks only those flagged as malicious, while allowing all other requests through.
This policy is the recommended default for trusted agents: it provides strong protection without unnecessarily restricting legitimate usage.
Additionally, for any agent configured with an Allow, Rate Limit, Time-Box, or Monetize policy, intent-based protection can be independently enabled or disabled at the agent level or at the custom rule level. It is enabled by default for all AI agents.
Note: intent-based protection operates independently of agent identification. A request from an unknown or weakly identified agent is subject to intent analysis as well as one from a strongly authenticated agent.
Updated 8 days ago