Identity platform startup Stytch Inc. today unveiled advanced capabilities for its Device Fingerprinting technology that allows developers to integrate fraud prevention into their applications.

Stytch Device Fingerprinting now includes supervised machine learning to detect and classify new devices to provide protection against zero-day threats, those too new to have been patched yet. The addition combines the precision of a deterministic approach to security with real-time insights from artificial intelligence, according to the company.

The rise of AI used by fraudsters and bot makers has made them a lot savvier on the attack, allowing them to overcome even sophisticated bot detection systems, Stytch Chief Executive and co-founder Reed McGinley-Stempel told SiliconANGLE in an interview.

“You know whether whatever you’re using, one of the things that we’ve seen is that, particularly over the last year, year and a half, as AI capabilities have gotten better, the amount in sophistication of attacks has risen really dramatically,” McGinley-Stempel said.

Varying from traditional methods such as reCAPTCHA and web application firewalls, Stytch creates a unique, persistent fingerprint and threat verdict for every visitor. Unlike CAPTCHAs, the solution is completely invisible to users and detects bots and fraud with 99.99% accuracy, eliminating the need for security tools that add friction to the user experience, the company claims.

Stytch Device Fingerprinting also differs from existing solutions with built-in protection against reverse-engineering and network spoofing techniques or tools such as CAPTCHA-solving application programming interface services, AI-based vision models such as GPT-4o, and click-farms.

CAPTCHAs are a favorite bot detection system that’s seen all over the web. Readers are probably extremely familiar with it already. When visiting a website one CAPTCHA type displays a grid of images that asks users to “Select all of the cars,” or “Pick out the stoplights,” in order to gain access. The objective of these detectors is to make sure that a human is visiting the website and not a bot.

However, click-farms and AI can overcome CAPTCHAs by throwing them at numerous human or machine learning workers that just solve them via an application programming interface for a few dollars for every thousand solved. There are more sophisticated versions of CAPTCHA on the market, but even they struggle against the rising tide of human and AI labor.

“If you look at something like Ticketmaster, which uses CAPTCHA,” McGinley-Stempel said. “Why was Ticketmaster down, and why were all the, say, Taylor Swift tickets or Libya Rodriguez Rodrigo tickets bought up? You know, instantly. It’s because a lot of these bots have found it trivial to reverse engineer, bypass CAPTCHA and things like that.”

The new capabilities include intelligent rate limiting, which uses predictive analysis of device, user and traffic sub-signals to detect unusual traffic volumes and apply precise rate limits. By leveraging precision fingerprinting, it ensures legitimate users are not restricted and adapts to new attacker profiles in real time.

Another new feature, ML-Powered Device Detection, uses a supervised machine learning model trained on a global device dataset to assess the risk of new device types. For example, if a new browser claims to be Chrome, it can evaluate the browser against all historical Chrome versions to verify its authenticity and risk potential, with Stytch’s fingerprinting model continuously updated based on those findings.

The third new feature, Security Rules Engine, allows for programmatic or user interface-based configuration of Stytch’s automated Allow, Challenge or Block verdicts. The system simplifies the handling of unique exceptions, allowing easy customization of preset rules either through API or with a single click in the dashboard, helping ensure a balance between strong security measures and the need for adaptability to varying circumstances.

McGinley-Stempel, along with Julianna Lamb, Stytch’s co-founder and chief technology officer, spoke with SiliconANGLE in December on what the company’s goals are and the challenges developers face in implementing and addressing security issues.

With reporting from Kyt Dotson

Image: Stytch