"Token theft" is becoming a new risk in AI commercialization

Over the past year, AI agents have gradually moved from technical demonstrations into real business scenarios. With the surge of various "AI agents," more and more AI products are beginning to possess the ability to autonomously complete tasks: they can search for information, call tools, connect to services, and even execute complex workflows on behalf of users. As Emily Glassberg Sands, Global Head of Data and AI at Stripe, observed, AI is evolving from a tool into a new type of economic participant on the internet—agents are no longer just generating content but are beginning to take on roles as buyers and even dominate transactions. However, this new model also breeds new problems—token theft. Emily emphasized that this might be one of the most underestimated issues in the AI industry today.

A New Type of Theft in the AI Era: What's Targeted Isn't Money, But Tokens

In the traditional internet era, the ultimate goal of cybercriminals was often to steal users' credit card information for illegal cashing out. But for many AI companies today, attackers' targets have shifted: what they covet is no longer the account balance, but the underlying expensive inference resources, model capabilities, and token quotas. There are usually two types of related fraud: first, abusing free trial quotas, i.e., repeatedly claiming new user benefits; second, account abuse, i.e., mass-registering fake accounts to amplify gains. According to Stripe's official data, on AI services running on Stripe, instances of free trial abuse more than doubled within six months, and 1 in every 6 registration attempts comes from malicious actors.

Emily Glassberg Sands, Head of Data and AI at Stripe, shares data on malicious registration attempt ratios

Unlike traditional SaaS companies, as agents begin to participate in transactions and execute tasks, the destructive power of stolen tokens is amplified. The core reason is that agents consume computing resources much faster than real users—a single malicious script can burn through the token costs that would normally be generated over several weeks in just a few hours. If attackers can use automated tools to continuously create new accounts, ruthlessly drain free token quotas, and "disappear" before real bills are generated, AI companies will lose not just idle server resources, but real cash flow and profit margins. Stripe has observed that among the growth trends in free trial abuse, AI companies account for the largest share: compared to SaaS companies, AI startups that offer self-service registration and open APIs face ten times higher levels of abuse.

AI startups offering self-service registration and open APIs encounter significantly more free trial abuse than enterprise-grade AI solutions

This risk is equally critical for Chinese AI companies actively expanding globally. In the past few years, AI entrepreneurs and overseas teams taking a global-first approach have been most concerned about model capabilities and global user base growth. However, as more companies adopt free trials, usage-based billing, and agent service models, how to prevent malicious behaviors like token abuse and resource theft has become a problem that must be faced during commercialization. In the global market environment, attacks often manifest as automated networks spanning regions, identities, and payment methods, with a complexity far exceeding traditional credit card fraud. If preventive measures aren't taken early in product design, companies' globalization steps can easily fall into the trap of "growth equals bleeding."

When the Fraud Target Shifts from Funds to Resources, Risk Control Needs an Upgrade

To address these evolving fraud methods, Stripe's anti-fraud product, Radar, has undergone its largest upgrade in history. This upgrade isn't simply about adding a few more rules but building a new risk control system from the ground up, truly suited for the agent economy. The data feedback is very intuitive: in just one month, Stripe Radar successfully intercepted over 3.3 million high-risk registration attempts for eight high-growth AI companies.

In terms of product design, Radar first advances the defense line, starting to identify multi-account abuse from the account creation stage. The system analyzes historical risk signals accumulated in Stripe's global network—such as device fingerprints, IP addresses, and email domains—in real time to assess each new registration. Before the free quota is consumed, the potential abuse risk is already blocked. ElevenLabs, a well-known voice AI company, leverages this preemptive capability to accurately intercept about 2,000 fake accounts attempting to abuse free plans daily, greatly protecting the company's core computing resources.

Secondly, targeting the "usage-based billing" model commonly adopted in the AI industry, Radar has added predictive capabilities for malicious non-payment risk. In the past, companies could only discover fraudulent "freeloaders" when monthly bills became overdue; now, the system can predict the risk of non-payment while resources are being continuously consumed. Once an anomaly is detected, companies can automatically trigger prepayment requirements, dynamically lower concurrent request limits, or directly suspend service interfaces, thereby minimizing losses.

Furthermore, with the accelerated penetration of agentic commerce, Stripe has also begun to establish more granular risk metrics to distinguish between authorized agents and malicious "exploitative" bots. Radar generates risk scores for machine-driven transaction behaviors, helping companies identify malicious actions that attempt to use automation to snatch resources, abuse promotional policies, or bypass transaction rules.

Looking at the evolution of AI, the biggest change brought by agents might not be how many complex tasks they can perform for humans, but rather that machines themselves have begun to autonomously consume resources, create commercial value, and even directly participate in and drive transactions. When agents start to participate in or even construct transactions, risks inevitably migrate with them.

From stealing funds to stealing resources, from traditional payment fraud to covert token theft, the AI era is reshaping the underlying rules of business. For AI companies in the eye of the globalization storm, knowing how to leverage next-generation risk control infrastructure to defend these rules has become as important as exploring the frontiers of AI technology itself. Stripe, with its massive global operational scale and continuous observation and investment in the AI field, can support global companies' long-term growth in the AI era.

About Stripe

Stripe provides programmable financial services for over a million businesses worldwide. Tens of millions of companies rely on Stripe to build online and offline payment channels, embed financial services within their own platforms, create innovative and flexible revenue models, and develop more profitable businesses.

Headquartered in San Francisco and Dublin, Stripe processes over $1.9 trillion in total payment volume annually, equivalent to approximately 1.6% of global GDP. Stripe's users include nearly all leading AI companies, 90% of the Dow Jones Industrial Average, and 86% of the companies on the Forbes AI 50 list.

Leveraging its vast global operational scale and sustained R&D investment, particularly in the fields of AI and blockchain, Stripe is accelerating the deployment of cutting-edge technologies in the global economy.