Akamai has announced a unified “agentic” security framework for its Bot & Agent Control solutions, aimed at verifying and governing AI-driven interactions as automated agents increasingly act on behalf of users in online commerce and other transactions.
The company said the framework is designed to connect identity, observability, trust and edge security into a real-time decision layer. It also brings together partners including Visa, Skyfire and Experian to develop standards for AI agent identity, authentication, trust and transaction security.
Akamai outlined six “pillars” for the framework: verified identity and human attribution; user-centric authentication; adaptive trust analysis; edge-based enforcement; content monetisation and value exchange; and operational visibility and traffic analysis.
In the identity and attribution component, Akamai said it is working with Visa and integrating with Visa’s Trusted Agent Protocol to support how agents are authenticated, authorised and trusted in payment environments. Akamai also said it is collaborating with Skyfire and Experian through a “Know Your Agent” (KYA) framework to provide a standardised way for agents to declare identity, origin and intent, and link them to platforms and the users they represent.
“Without trusted identity and explicit permissioning, AI agents cannot participate in commerce at scale,” said Rubail Birwadker, SVP, Head of Growth Products and Partnerships, Visa.
“AI agents are quickly becoming part of digital commerce, but trust will determine how far and how fast adoption grows,” said Kathleen Peters, Chief Innovation Officer at Experian.
“AI agents can’t participate in the economy without trusted identity and the ability to transact,” said Amir Sarhangi, Co-Founder and CEO of Skyfire.
For authentication, Akamai said it integrates with identity providers including Auth0 and Ping Identity so organisations can apply existing security controls such as behavioural analysis and multi-factor authentication to AI agents used by customers. Ping Identity’s Loren Russon said the approach addresses a “new trust challenge” where “session-based trust alone is no longer sufficient.”
Akamai described its adaptive trust analysis as moving beyond binary decisions to assess the trustworthiness and intent of interactions across browsers, bots and agents. The edge-based enforcement component uses Akamai’s distributed network to evaluate risk and intent “instantly,” the company said, with decisions processed at the edge to reduce the performance impact of security controls.
In content monetisation, Akamai said it is partnering with TollBit and Skyfire to support tokenised “pay-per-request” models intended to give publishers and content owners a way to negotiate access as AI models and agents consume more web content. “AI agents are the new visitors and shoppers of the internet, and websites need a way to transact with them,” said Toshit Panigrahi, Co-Founder and CEO of TollBit.
For operational visibility, Akamai said it will use TrafficPeak and its web security analytics to help organisations distinguish between human users, beneficial AI agents and malicious bots, with log analysis intended to inform security controls and commercial decisions over time.
“AI agents are replacing clicks, acting and handling commerce for us. For that to work, businesses need to recognise not just the agent, but who is behind it and what it’s trying to do,” said Patrick Sullivan, VP, CTO of Security Strategy, Akamai.
The announcement highlights a growing security challenge for online services: separating legitimate automated traffic from abuse, while creating frameworks that let authorised AI agents transact with accountability. As AI agents begin to initiate payments, access content and complete user tasks, organisations face increased pressure to validate identity and permissions in real time, and to adjust fraud and bot mitigation controls for machine-to-machine interactions.
