"Token Theft" is Becoming a New Risk for AI Commercialization

Over the past year, AI agents have gradually moved from technical demonstrations into real commercial scenarios. With the explosion of various "Lobsters," a growing number of AI products are developing the ability to autonomously complete tasks: they can search for information, call tools, connect to services, and even represent users in completing complex workflows. As Emily Glassberg Sands, Global Head of Data and AI at Stripe, observed, AI is evolving from a tool into a new type of economic participant on the internet—agents are no longer just generating content but are beginning to take on roles as buyers and even dominate transactions. However, this new model also breeds new problems—token theft. Emily emphasized that this may be one of the most underestimated issues in the AI industry today.

New Types of Theft in the AI Era: Targets Shift from Money to Tokens

In the traditional internet era, the ultimate goal of cybercriminals was often to steal users' credit card information for illegal cashing out. But for many AI companies today, the attackers' target has shifted: what they covet is no longer the account balance, but the expensive underlying inference resources, model capabilities, and token allowances. There are typically two types of fraud associated with this: first, abusing free trial quotas by repeatedly claiming new user benefits; second, account abuse through mass registration of fake accounts to amplify gains. Official data from Stripe shows that among AI services running on Stripe, abuse of free trials more than doubled within six months, with 1 in every 6 registration attempts originating from malicious actors.

Stripe Global Head of Data and AI Emily Glassberg Sands shares data on malicious behavior in registration attempts

Unlike traditional SaaS companies, as agents begin to participate in transactions and execute tasks, the destructive power of stolen tokens is amplified. The core reason is that agents consume computing resources far faster than real users—a malicious script might burn through token costs equivalent to several weeks in just a few hours. If attackers can use automated tools to constantly create new accounts, frantically drain free token quotas, and "disappear" before real bills are generated, AI companies lose not just idle server resources but tangible cash flow and profit. Stripe observed that AI companies account for the largest share of the growth trend in free trial abuse: compared to SaaS companies, AI startups that offer self-service registration and open APIs face abuse rates a full 10 times higher.

AI startups offering self-service registration and open APIs experience significantly higher free trial abuse rates compared to enterprise-grade AI solutions

This risk is equally critical for Chinese AI companies actively expanding globally: in the past few years, AI entrepreneurs and overseas teams taking a global approach were most concerned about model capabilities and global user base growth. However, as more companies adopt free trials, pay-as-you-go billing, and agent service models, how to prevent malicious behaviors like token abuse and resource theft has become a key issue they must face in their commercialization process. In the global market environment, attacks often manifest as automated networks crossing regions, identities, and payment methods, with a complexity far exceeding traditional credit card fraud. Without proactive prevention at the product design stage, companies' globalization steps can easily fall into a trap where "growth equals bleeding."

As Fraud Targets Shift from Funds to Resources, Risk Control Urgently Needs Upgrading

To combat these evolving fraud methods, Stripe's anti-fraud product Radar has undergone its largest upgrade ever. This upgrade is not simply about adding a few more rules but building a new risk control framework truly suited for the agent economy from the ground up. The data feedback is intuitive: in just one month, Stripe Radar successfully intercepted over 3.3 million high-risk registration attempts for eight high-growth AI companies.

In terms of product design, Radar first shifts the defense line forward, identifying multi-account abuse from the account creation stage. The system integrates historical risk signals from Stripe's global network—such as device fingerprints, IP addresses, and email domains—in real-time to assess each new registration. Before free quotas are consumed, potential abuse risks are already blocked. The well-known voice AI company ElevenLabs uses this proactive capability to precisely intercept approximately 2,000 fake accounts attempting to abuse free plans daily, significantly protecting the company's core computing resources.

Secondly, targeting the "pay-as-you-go" billing model commonly adopted by the AI industry, Radar has added predictive capabilities for malicious non-payment risks. Previously, companies could only discover fraudulent "free-riders" when bills became overdue at the end of the month. Now, as resources are continuously consumed, the system can predict whether a user poses a non-payment risk. Upon detecting anomalies, the company can automatically trigger prepayment requirements, dynamically lower concurrent request limits, or directly suspend service interfaces, thereby minimizing losses.

Furthermore, with the accelerated penetration of agentic commerce, Stripe has begun to establish more granular risk benchmarks to distinguish between user-authorized agents and malicious "free-riding" bots. Radar generates risk scores for machine transaction behavior, helping companies identify malicious actions attempting to use automation to grab resources, abuse promotional policies, or bypass transaction rules.

Looking at the evolution of AI, the biggest change brought by agents may not be how many complex tasks they can complete for humans, but that machines themselves have begun to autonomously consume resources, create commercial value, and even directly participate in and dominate transactions. When agents begin to participate in or even construct a transaction, risks inevitably migrate along with them.

From stealing funds to stealing resources, from traditional payment fraud to covert token theft, the AI era is restructuring underlying business rules. For AI companies at the center of the global competition storm, knowing how to use a new generation of risk control infrastructure to defend these rules has become as important as exploring the boundaries of AI technology. Stripe, leveraging its massive global operational scale and continuous observation and investment in the AI field, can护航 global companies' long-term growth in the AI era.

About Stripe

Stripe provides programmable financial services to over one million businesses worldwide. Tens of millions of companies rely on Stripe to build online and offline payment channels, embed financial services within their platforms, create innovative and flexible revenue models, and develop more profitable businesses.

Headquartered in San Francisco and Dublin, Stripe processes over $1.9 trillion in total payment volume annually, equivalent to 1.6% of global GDP. Stripe's users include almost all leading AI companies, 90% of companies in the Dow Jones Industrial Average, and 86% of companies on Forbes' AI 50 list.

Leveraging its vast global operational scale and sustained investment in R&D, particularly in AI and blockchain, Stripe is accelerating the application of cutting-edge technology in the global economy.