cside unveils toolkit to spot AI agents in browsers

cside has launched a toolkit designed to detect AI agents operating inside consumer browsers and devices-a traffic source that many legacy bot defences struggle to identify.

The AI Agent Detection toolkit recognises agentic traffic and behaviour from both cloud-based automation and software running on end-user devices. It covers traditional headless browsers as well as AI-powered browsers and extensions, including Comet, ChatGPT Atlas, and Manus.

Security teams have spent years tuning controls for cloud-hosted bot activity, where traffic often comes from data centre infrastructure and carries clear automation signatures. Now, AI agents are running inside normal browsing environments on laptops and smartphones. This shift can make automated actions look more like standard user behaviour, reducing the effectiveness of controls built to block cloud-originated bots.

The launch reflects growing attention on "agentic" web traffic. Consumer-facing companies are seeing automated sessions that attempt normal actions such as browsing product catalogues, completing checkouts, or making bookings. Some of that activity may be desirable, but other sessions may be linked to scalping, scraping, account abuse, or fraud.

Detection and policy

cside positioned the toolkit as both a detection layer and a way to set policies for how agents interact with a site. It can identify agent types, track patterns of agentic activity, and trigger different web experiences depending on what it detects.

Controls include dynamic changes to page elements. Organisations can remove or modify parts of a page that an automated agent can click or read, and add verification steps for higher-risk actions, such as transactions with a greater likelihood of chargebacks.

The toolkit also integrates with cside's VPN detection, linking agent identification with signals about traffic obfuscation and origin. It also sits alongside the firm's geographic traffic analysis, which classifies traffic based on location patterns.

"The kneejerk response of trying to stop AI agents has created a cat-and-mouse game where agents simply migrate to consumer browsers," said Simon Wijckmans, CEO and founder of cside.

"But businesses' philosophy ought to be that agents aren't inherently bad, bad actions are bad. Identifying agents is important for detecting and managing those actions, and our toolkit detects the full spectrum of agentic traffic and empowers businesses to decide how to respond," Wijckmans said.

Website changes

Organisations can use the toolkit to govern which agents are allowed to interact with a website and what actions are permitted. It also provides a mechanism for human validation when a workflow crosses a defined risk threshold.

In practice, this can mean routing different agent types to different content experiences, or withholding specific functions from automated sessions while keeping the normal site flow for human visitors. In regulated sectors, it can also support enforcement of terms of service or internal policies around automated access.

The product is offered via a software development kit. Developers can use it to adjust content based on detected agents and drill down into specific agent types, enabling dynamic content changes without redesigning an entire site stack.

Commerce risks

Alongside security use cases, cside is also pitching the toolkit for online commerce. AI agents are designed to complete tasks quickly and may accept default selections in a checkout flow more readily than human shoppers. That shift affects how retailers and travel firms approach optimisation, pricing, and transaction controls.

Organisations could use agent detection for cross-selling through pre-selected options, as well as additional verification requirements or dynamic pricing for transactions with greater fraud exposure.

Retail is one sector where agent traffic can collide with inventory controls and pricing strategy. Automated activity has long been associated with price scraping and stock monitoring. Agentic browsing on consumer devices adds a new challenge because it can more closely resemble legitimate shopping behaviour than cloud automation.

"In an industry like retail, for example, the AI Agent Detection toolkit provides critical control over inventory management and pricing integrity," said Mike Kutlu, head of GTM at cside.

"The instant agentic traffic is detected, retailers can serve modified website versions. Perhaps that means removing limited-inventory items from agent view, or preventing price monitoring bots from getting to real-time pricing. The level of agent customization thus allows retailers to protect high-demand products from automated purchases while still maintaining normal operations for human visitors. Our toolkit can clearly delineate different agent types so that retailers can allow helpful shopping assistants while blocking inventory scalpers and other unwanted agentic traffic," Kutlu said.

The product sits within cside's broader focus on browser-side threat detection and visibility into scripts running on websites, with a roadmap that ties agent detection signals to VPN and geographic intelligence for unified web traffic policies.