Enforcement generates scaling costs that compel attackers to surrender

Scroll to learn more

Enforcement cloaks the enterprise as an intermediate attack surface

Enforcement is a challenge–response mechanism that protects the enterprise from automated fraud and abuse. When unrecognized requests are intercepted, Enforcement substitutes the enterprise attack surface with one that Arkose Labs can control.

Authentic requests are passed to the enterprise, while inauthentic requests are remediated with dynamic defenses that generate continuous losses. By controlling the attack surface, Arkose Labs can reactively adapt Enforcement to neutralize attackers and their ability to retool.

Attackers use computer vision to scale inauthentic requests

Attackers automate other challenge–response mechanisms by exploiting image processing tools that have established commercial applications, such as image classification and optical character recognition. These tools have a distinct vested interest in being able to perform the same computer vision tasks needed by attackers to make inauthentic requests at scale.

Presenting a task that commercial computer vision can already perform irreversibly fixes the Cost Per Action of Abuse (CPAA) below attackers’ return on investment.

Challenge–response mechanism: a platform that presents requests with a question (‘challenge’) to determine their authenticity based on the accuracy of the provided answer (‘response’)

For security, this live example of Enforcement has been sandboxed to present one challenge type with canned visual data. In production, the mechanism presents varied tasks with never-before-seen visual data and comprehensive accessibility support

For security, this live example of Enforcement has been sandboxed to present one challenge type with canned visual data. In production, the mechanism presents varied tasks with never-before-seen visual data and comprehensive accessibility support

Click on the screen to see the functionality

Enforcement presents challenges that computer vision cannot solve

Attackers rely on low operational costs afforded to them by professional image processing tools. These tools inadvertently provide a computer vision capability to correctly categorize third-party visual data, which other challenge–response mechanisms interpret as valid responses.

In contrast, responses to Enforcement are generated from proprietary visual data that has no residual benefit to computer vision for training machine learning models. These secure responses divide decision points into compartmentalized functions that augment in real-time to prevent attackers from anticipating how Enforcement will behave.

By removing the prospect of accurately classifying future responses, Enforcement prevents automation at-scale and greatly increases the operational costs incurred by attackers.

Enforcement validates Telemetry data in real-time to exponentially reduce false positives

Enforcement responses are trained by Telemetry to accurately model inauthentic requests with continuous machine learning. This validates how the system makes decisions and incrementally restricts the presentation of Enforcement to inauthentic requests only

Enforcement never blocks humans and does not impact authentic throughput

Requests that cannot be recognized by Telemetry are challenged with Enforcement and not blocked. Secondary screening ensures that unrecognized requests of human-origin are always afforded the right to prove their authenticity.

Independent enterprise studies have also shown that Enforcement achieves the same throughput as using no defense.

Learn how Roblox deployed Enforcement to 90M users without impacting conversion

Enforcement knows if inauthentic requests are machine-assisted or human-assisted

Attackers make inauthentic requests with automation tools and digital sweatshops. While automation may technically be possible with sufficient resources, Enforcement counters such attacks by conducting an acid test that programmatically introduces uncharacteristic visual data into secure responses—causing automated processes to spontaneously fail and providing an explicit signal as to whether the request was machine-assisted or human-assisted. This feedback optimizes Enforcement for the signaled attack vector and prevents attackers from anticipating how it will behave in future

Enforcement remediates threats faster than any other fraud prevention technology

Dynamic Defenses

Enforcement reactively adjusts the challenge to protect it against computer vision, brute force, and Single Request Attacks

Throughput Efficacy

Enforcement has been statistically proven to achieve the same throughput as when an enterprise uses no defense

Definitive Classifications

Enforcement determines whether a request is authentic or inauthentic with evidenced certainty


Enforcement meets Section 508 Standards and authenticates people of varied abilities in 28 different languages

Shrinking Friction

Enforcement validates the decisiveness of Telemetry to incrementally minimize false positives

SLA Guarantee

Enforcement is commercially guaranteed to prevent inauthentic requests from achieving viable scale


More than $100,000,000 of fraud has been prevented by Arkose Labs

Talk to an Arkose Labs expert to see how you can remediate automated threats faster by putting risk on consignment