Fraud has evolved from opportunistic crime into a fully industrialized business -- and the arrival of agentic AI is accelerating the threat faster than most organizations are prepared to handle. Frank Teruel, Chief Operating Officer of Arkose Labs, joins Sean Martin at RSAC Conference 2026 to break down the economics of modern fraud and what security and business leaders need to do right now.
Arkose Labs sits at the intersection of bot management, fraud prevention, and identity protection -- working with the world's largest consumer-facing brands to make fraud unprofitable. Frank Teruel walks through how the threat landscape shifted from nation-state actors and organized crime to fully democratized crime-as-a-service platforms, where MFA bypass kits are sold online and multi-billion dollar fraud operations run with the efficiency of a product company.
The conversation covers three of the biggest attack categories hitting organizations today: SMS toll fraud, bonus abuse, and fake account registrations. Each one exploits legitimate business flows -- onboarding, loyalty programs, referral bonuses -- and often goes entirely undetected by security teams because the attackers never trigger a traditional alert. In one example, a rideshare company's cell bill climbed by millions before anyone connected it to a fraud campaign.
With agentic AI now in the mix, the attribution problem has become exponentially harder. Is that agent booking a hotel room a legitimate user action or the opening move of an account takeover? Arkose Labs places its defenses at the very top of the funnel -- registration and login flows -- combining risk scoring, challenge technology, a 24/7 SOC, and a dark web intelligence program called ACTOR. When a novel attack technique surfaces in gaming, Arkose Labs writes a global mitigation; when that same technique hits banking two days later, the defense is already deployed.
Frank Teruel closes with a direct message to CISOs: 75% of organizations surveyed cannot perform attribution, and 97% expect a major AI-driven incident within the next 12 months. The signal to watch for is not always in the security stack -- it shows up in rising SMS bills, unusual account-linking activity, and transaction abandonment rates that do not match marketing spend. The answer is internal fusion: security, fraud, finance, and operations sharing data before the incident, not after.
This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight
GUEST
Frank Teruel, Chief Operating Officer, Arkose Labs
https://www.linkedin.com/in/frankteruel/
RESOURCES
Arkose Labs: https://www.arkoselabs.com
RSAC Conference 2026: https://www.rsaconference.com
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Frank Teruel, Arkose Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, fraud prevention, bot management, account security, SMS toll fraud, agentic AI, fraud deterrence, identity protection, crime as a service, RSAC Conference 2026, CISO, account takeover, fake account registration, bonus abuse, loyalty fraud, federated threat intelligence
When Fraud Becomes a Business: Stopping Bots, Agents, and the New Economics of Attack | A Brand Spotlight at RSAC Conference 2026 with Frank Teruel, Chief Operating Officer of Arkose Labs
[00:00:10] Sean Martin: Frank,
[00:00:11] Frank Teruel: pleasure.
[00:00:11] Sean Martin: Are we gonna talk Italy?
[00:00:12] Frank Teruel: Let's talk Italy.
[00:00:13] Sean Martin: Yeah.
[00:00:13] Frank Teruel: Think Italy's
[00:00:14] Sean Martin: the way to go. Come back from Florence to, uh, Sicily.
[00:00:16] Frank Teruel: Yeah. From, uh,
[00:00:17] Sean Martin: Palermo driving cars in Palermo.
[00:00:18] Frank Teruel: From, from the boot all the way back to, uh, right. All the way back here.
[00:00:22] Sean Martin: Exactly. Yeah. Talk, uh, gelato and wine and, uh, all the fun stuff. But, uh, and then reality strikes
[00:00:29] Frank Teruel: back to work,
[00:00:30] Sean Martin: back to work. We're gonna talk about Arkose Labs.
[00:00:33] Frank Teruel: Yeah.
[00:00:34] Sean Martin: Good to, uh, good, good to see you. And we know Kevin from many, many years ago.
[00:00:38] Frank Teruel: Yeah. Yeah. I
[00:00:39] Sean Martin: think that the, the name fun capture,
[00:00:41] Frank Teruel: that's it. That's, that's,
[00:00:43] Sean Martin: that's way
[00:00:43] Frank Teruel: back in our history.
[00:00:44] Sean Martin: Way back in the history.
[00:00:45] Frank Teruel: Yeah.
[00:00:45] Sean Martin: And, uh, there was a need then even more so now, I think the idea of bots, we had to explain what bots were back in the day. And they're good. And bots and bad bots and some of em wanted to do, it's the same kind of world, just. 10 times, maybe a hundred times. Uh, more complex,
[00:01:04] Frank Teruel: right? Accelerated, more sophisticated. Think about if you and I had met 10 years ago, I would've said, Hey, all that ever matters online is, is Frank, really Frank? Frank, and is frank behaving normally in the context of this transaction today? Is Frank, really frank? Is this an authorized agent of Frank? And are these two entities behaving in a way that's normal or anomalous?
[00:01:22] Sean Martin: Right.
[00:01:22] Frank Teruel: And so the, the problem of identity as it relates to the bot world and agentic in particular, is incredibly more complicated.
[00:01:28] Sean Martin: Yeah.
[00:01:28] Frank Teruel: Right?
[00:01:29] Sean Martin: Yeah. It's not just a binary human or not.
[00:01:31] Frank Teruel: That's right. Yeah.
[00:01:32] Sean Martin: And, or good or not. Yeah. There's a lot of nuance in there too. So, um, let's start with a quick word about who you are and what you're up to. Uh, at Arkose Labs.
[00:01:41] Frank Teruel: So I'm the Chief Operating Officer. Um, Arkose Labs is really focused on the idea of fraud deterrence in this new world of a fusion between volumetric bot driven attacks, agentic agents, human fraud farms, slow and low human attacks, and how do we create a platform that allows us to identify challenge and inform. Mitigate and ultimately break the model, the business model of the adversary. The reality is, uh, if you make fraud unprofitable, it goes away. Right? If you don't, you make it inevitable. And so it's, it's the, uh, issue of our, our heritage and bot migrating to a much broader security perspective as it relates to the important flows, new account registrations, logins, those really critical flows for our customers. We represent today the world's largest consumer facing brands. So think across every industry, the big banks, the social companies, the two-way marketplaces, uh, you know, the big ride share companies. Mm-hmm. Technology, all those people are big customers. So that gives us a purview of identity that's very unique because we get to see these identities across the entirety of the industry. Right. And that really helps us inform that mission of making fraud unprofitable.
[00:02:45] Sean Martin: It's funny, we uh, we ran into Frank, uh, on the, on the way out last night, and. We got that elevator pitch that he's like, you guys have come a long way. And that's really cool. That's
[00:02:54] Frank Teruel: right. Yeah.
[00:02:54] Sean Martin: I'm being protected by you right now.
[00:02:56] Frank Teruel: Yeah. In this moment. You, well, you are. I mean, yeah, you look, I think it's, uh, as you said, you, you, you go back to Kevin and all the way back in the heritage of the company where we are today, we are representing and protecting the world's largest consumer facing brands so that, you know, you can transact digitally with confidence while we're dealing with this crazy stuff we're seeing. Right?
[00:03:12] Sean Martin: Yeah. So where was, where was the lack of confidence that drove. The need for this. I gave some examples of fraud, right?
[00:03:22] Frank Teruel: Yeah, I mean, so
[00:03:23] Sean Martin: let's not go to the two letter word yet. Yeah. Let's just talk about normal people are people, they use machines to do it. Not, not the accelerated stuff yet, but what are, what are some examples of
[00:03:34] Frank Teruel: Here's an interesting history lesson. So, um, if you, if we had talked again a decade ago, we'd focus on advanced persistent threats, and we would say those threats were nation state actors that are antagonistic to our interests, or we would say those threats were organized crime syndicates with the occasional DIY fraudster, uh, the evolution went from there to crime as a service platforms. And that's really where we began to see people having a need for what we do. So crime as a service platform says, uh, you know, you're, I dunno, pick a bank. You're a bank and someone says, Hey, this bank is using MFA as the silver bullet for identity. And all of a sudden there's phish kits that are MFA compromise things that are being sold online as a service, right? For X amount of money you buy it. And so the advanced persistent threat became the platform. The crime as a service platforms now democratize fraud for everybody. Nation state actors, organized crime, and everybody else. So I think the urgency around that became, it became much easier at scale for bots to do their thing because now they were being enabled through these crime as a service platforms. The other thing it did was the minute it became a business, those platforms now have an imperative for continued product market fit. I have to sell you something that works. Right. So they became a business, multi-billion dollar businesses. Mm-hmm. The innovation started to flow. The last piece that was missing is how do they communicate well? Discord, Telegram, the social channels. Right now, you had everything you needed to do fraud at scale. I think that's been the big evolution is, you know, if you, if you look at the last maybe five years, just the acceleration of fraud at scale using these platforms. Obviously now the two letter word comes in next. Right. Which is just simply taking the thing to a whole different level. Right.
[00:05:11] Sean Martin: So I, and I told Kevin this yesterday, when I saw him, I said, it's sad, but you, you have the best stories. I mean, it's hard. It's interesting to talk about a piece of malware that attacks an endpoint and compromises files. And maybe you get some ransomware when you're talking about account takeovers and, and preventing buying up a lot of high end shoes so other people can't buy them. Or closing off seats for other on your competitors' planes so they can't sell any seats. All kinds of crazy stuff.
[00:05:45] Frank Teruel: Yeah.
[00:05:45] Sean Martin: Happens. Through bots and machines. Yeah. And now agents, I'm sure we're gonna get to, um, what are some, what are some examples to kind of put this into reality for folks? Because you know the business, you know what's going on here and, and how things work. But at the end of the day, consumers are impacted, businesses are impacted, both together. Feel this pain.
[00:06:08] Frank Teruel: Let me give you the three biggest, uh, okay. Kind of attacks we've seen in the last year. Um, SMS toll fraud. So. You go to register for an account.
[00:06:16] Sean Martin: I got one yesterday,
[00:06:17] Frank Teruel: right? So, hey, enter your number. We'll send you a code. Use that code to complete your onboarding. Um, that is a very interesting fraud because what happens is the bots get the numbers through aggregators, right? It's also called international revenue sharing fraud because the carriers in some cases collude with the bad actors with the revenue. So here's an example where you get into a flow and you start setting up fake accounts en masse. Let's say it's your favorite rideshare company and you just start pounding this thing. It takes all the numbers and puts them in. The minute it hits submit, that toll has run. That money goes back through the provider all the way back to the carrier, and ultimately to the person that provisioned the numbers. That is billions of dollars a year. So there's an example of a fraud that probably, you know, a few years ago wasn't that prominent -- today it's a multi-billion dollar fraud. It's all around account registration. Here's what's interesting about that one. It never gets to the security people because they never come back. They don't try to take over the account. They simply just cash out and go. So there's an example of how frauds have been enabled at scale. They use numbers in places like Vietnam or far away numbers where you're talking 40, 50 cents a toll. Imagine doing that at scale -- and realize you can do it with a human being typing in 50 or 60 of these an hour and still make a lot of money in a low labor location. So that's an example of one that we've seen that's big. Other things that are interesting. Bonus abuse. All of us are in the business of, you know, consumer facing companies of aggregating customers. I gotta get customers. So just imagine you're a credit card company and you're saying, hey, sign up for my credit card, and on the spot I give you a hundred dollars gift card. Right? Fraudster goes online for 20 bucks, gets a KYC on identity. Mm-hmm. And makes $80 on every transaction. So we do a lot of bonus abuse protection where you go, wait a minute, you know, there's something here where this isn't right. How do we do it? We share data with the affected entity and we go, hey, this is a high risk transaction. As soon as they see that the bonus gets taken down to nothing. Now there's no incentive to do it. So it's an example of bonus abuse. SMS toll fraud is interesting. Fake account registrations is really big right now. Um, you know, you can sit there and watch these things register for accounts that can sit dormant for everything from pig butchering scams. I register with a dating site, I sit on the account. Mm-hmm. I slowly develop a reputation. Then ultimately I use that to defraud some poor person who thinks they're in a relationship. Um, all the way to linking loyalty programs. I sign up with your favorite hotel's account, right. And then someone's got a United Airlines number or American Airlines number or whatever with tons of points. Those points on their balance sheet are billions of dollars they're trying to get rid of. They link these accounts, the originating entity goes, I assume the person that has the linking account did the checking. And then these people use it to kind of scrape and pull down that digital currency or those loyalty programs. So there's an example of loyalty abuse, bonus abuse in general, SMS toll fraud, all at scale and billions of dollars right now in our economy.
[00:09:01] Sean Martin: And so the, the real cases. I mean, because it, the idea is that a lot of this stuff is supposed to work a certain way.
[00:09:11] Frank Teruel: Yeah.
[00:09:12] Sean Martin: And then there's the, the fraudulent, illegitimate activity.
[00:09:15] Frank Teruel: Yeah. Yeah.
[00:09:16] Sean Martin: How does, how does an organization make that difference. How do they calculate?
[00:09:20] Frank Teruel: Well, I think, I think you're, now we're gonna, I'm gonna sneak into the two letter, you know, world. I mean, this, this really becomes the issue is how do you categorize what's legitimate and what isn't, right? And attribution becomes a real thing, like what's happening on the front end of that transaction. And it's legitimate because think about it, if I stop all that, that potential customer just goes somewhere else, and I'm seeding market share. If I don't stop it, the bot gets in and causes all kinds of brain damage, or the fraudster gets in and causes brain damage. So there becomes this pendulum of what tools, what signal sets are you looking at? To distinguish between is this really an authorized individual or entity doing business with me or is it not? So attribution's a real thing. And you know what's caught in the crosshairs is the consumer,
[00:09:59] Sean Martin: right?
[00:09:59] Frank Teruel: Right. And so what you see, especially within in the AI world is a lot of companies saying, I don't know what to do with agents. Because what if they're legitimate? What if this really is Frank's agent trying to book a hotel room somewhere, right, for the RSAC Conference versus, you know, somebody trying to link an account and, uh, and drain the, uh, loyalty program. So it's an issue and it's, I think you have to think about where we live as a company. We live right at the very top of the funnel, the very most important registration flow and login flows. And then the signal we use -- a detect technology, a challenge technology, information, federated threat information. We have a SOC that looks at transactions and we have a group called ACTOR, which really trolls the dark web. We bring all that stuff together to say, let's put a risk on this thing, see what it is, and risky transactions we challenge, and those we let through. But it, that's the constant tension in the world today.
[00:10:49] Sean Martin: So you said some scenarios, security's not even aware.
[00:10:53] Frank Teruel: Sure,
[00:10:53] Sean Martin: yeah. And um. I know there's, there, over the years there's been talk of connecting security and fraud and obviously risk management's part of the equation. So how, how does what you deliver fit into an organization's structure? Operations -- who's buying what? Monitoring what? Communicating, collaborating. What does that world look like for you?
[00:11:18] Frank Teruel: It's so interesting. So more often than not, like most people at this conference, they're solving a pain point. So somebody with a pain point comes and says, I have this problem, help me. Right? What we tend to see is that most of the budgets we work with are out of the CISO. Right. That's the true organization. Although some of the stuff that happens reports other places. I'll give you an example. So rideshare company, SMS toll fraud was a big thing and they were trying to onboard riders. Nobody knew it was an SMS toll fraud problem until somebody in finance five or six months later said, our cell bill's gone up by X percent -- high numbers -- but rides haven't increased. What's up? And so it, to your point, it requires fusion of these organizations to say, we gotta talk to each other.
[00:11:57] Sean Martin: Right.
[00:11:57] Frank Teruel: Because there's an example where security wasn't even involved. It wasn't, they were, you know, they were abandoning transactions. Marketing was like, hey, we're spending lots of money. Customers must be joining. The SMS bill going through the roof and finance is going, hey, wait a minute. We're not getting anything out of it. So what we try to do is to create that federation of data across those people, but more often than not, we live at the intersection of security and fraud prevention and the identity folks. That's kind of the world we're in, and I think that's where you have to be. And you know, AI is changing that as well, because suddenly these things are happening autonomously on their own. Who owns it? What's it doing? How do you attribute it? Who's gonna stop it? We just ran a report on the agentic challenge. Only 6% of security budgets today are being focused on the agentic problem. Yet 97% of companies believe they're going to have some major AI driven incident in the next year. Big mismatch.
[00:12:46] Sean Martin: And it, it could be because they're thinking security incident. Maybe not fraud either. I don't know.
[00:12:51] Frank Teruel: Yeah,
[00:12:52] Sean Martin: it could be. Could be.
[00:12:52] Frank Teruel: Well, they're trying to figure out where it lives. I think it's one of the keys is where are you gonna, where does this thing live? And who's responsible for it? Right.
[00:12:57] Sean Martin: Yeah, absolutely. So in terms of, you mentioned something earlier, some of the biggest brands, I dunno how far down
[00:13:06] Frank Teruel: Yeah.
[00:13:07] Sean Martin: The stack you go, but you mentioned there's a lot of knowledge
[00:13:11] Frank Teruel: Yeah.
[00:13:11] Sean Martin: To be gained by working with all these folks.
[00:13:14] Frank Teruel: Yeah.
[00:13:14] Sean Martin: And seeing all the activity. Um. Describe how that feeds into how you develop, how you operate.
[00:13:23] Sean Martin: How you support your customers down the road.
[00:13:25] Frank Teruel: Yeah. Just imagine a situation where I'm a bank and all I see is bank stuff, right. I may identify a bad customer in banking. I don't know anything else about that individual, that entity. What we get to do is, because we have multiple industries, we're kind of across the entire digital journey. Technology companies, shared marketplace companies, gaming companies, travel companies, you name it -- we see a consumer across this entire view of the industry. So now a threat develops somewhere, call it in gaming with one of the big gaming companies. We see an attack.
[00:13:53] Sean Martin: No fraud in there.
[00:13:54] Frank Teruel: Yeah. Alright. That's the Petri dish for that stuff, right? So the threat develops there. You write a mitigation for that threat, and then that same threat manifests itself at a bank in a day or two. Hmm. The way we share data is we go, you know, that mitigation is shared immediately with that bank. No attribution, no customer data, but you're able to stop the attack because you saw that attack migrate across industry. So sharing that data becomes hypercritical, not just sharing that data, but also sharing the risk associated with the transaction. Why did we mark it as risky? What was it about that transaction -- across device, across session, across behavior -- what was it that made us think that transaction was risky? And then allow our customers to take that and consume it in the rules engines. But there's an example. We see a threat. We write a challenge to it. We call them telltales. A global mitigation. That threat now works its way to a bank or to a rideshare company or to a travel company or to a ticketing company. And you go, oh, I've seen that threat in the Petri dish of gaming. I'm gonna apply that same mitigation to that threat in real time. That's really the value of having federated threat intelligence because you get ahead of the attacks.
[00:14:57] Sean Martin: The things that are coming to my mind as you're describing that, is kind of the equivalent of lateral movement.
[00:15:03] Frank Teruel: Yeah. Yeah.
[00:15:04] Sean Martin: And it's the fraud kill chain.
[00:15:06] Frank Teruel: Yeah. Well, think about it. At the end of the day, as I said, if you don't make fraud unprofitable, you make it inevitable. And what's happening today that's so different is that, you know, in the old days, a bot -- someone would have to sit down and write a script, some software person somewhere would have to write a script, take that script and deploy it. It was a little complicated. Today they're self-writing. They do their own scripts, they do it in real time, and then they pivot between machine, device, they emulate devices, human fraud farms. And so you have to have that broad view of transactions across the entire industry, or you're not gonna be able to really be effective in stopping this stuff. Right.
[00:15:43] Sean Martin: So as we wrap here, Frank, um, let's speak to the CISO. Um, maybe they can be a hero here, right? What, what are some signals they, in their counterparts in IT, the CIO folks -- maybe what are some signals or signs that there's bad stuff going on that's not hitting the security alert stack? Sure. And maybe, maybe not necessarily the fraud teams because they're not sure what to be looking for there either. What, what advice would you give to the CISOs? Where can they explore? Who can they talk to? What should they do?
[00:16:19] Frank Teruel: Sure. So, well, two things. I would say number one, start with the fact that today they understand they're unprepared. Um, you know, 75% of the people we just surveyed don't know how to do attribution. They don't know whether it's a bot or human, they don't know what to do, so they're unprepared. So the first and foremost, look at those high value flows that are likely to be affected. Who's registering for accounts? What are they doing in accounts, right? Get that information and then realize across all these multiple use cases, how did we share data to understand what's happening, right? Work with somebody who can identify risk upfront and not just tell you, but help you mitigate that risk. And so what are the signals? Am I having cell bills that go through the roof with no associated increase in new customer base or no associated increase in, you know, ridership if you're in that kind of company? Or do I have suddenly a spike in transaction abandonment where you go, my sales bill's up, transactions are down -- something's going on? Look at the idea of volumes of accounts created. Look at linking or accounts being linked. Who's involved in those decisions? So who am I relying on in that linking operation to trust that the linkage is legitimate. Right? So I think you gotta look at the entire surface and say where are those areas that can be exploited in real time? And then I think you gotta find vendors that are in the fight with this thing. It's not a matter of if, it's a matter of when it's gonna hit you. Right. As I said, 90 some odd percent of respondents believe in the next 12 months they'll get hit with an agent attack. And of that 90%, a small portion feel prepared. So you've got this great imbalance in terms of what's happening. So I think, uh, create fusion. We were talking to a bank recently. It's so interesting. They've created internal fusion teams. They've defined fusion as data sharing organizations, right? So if you're a great example, if you're a CISO and someone says, we're launching this campaign for new registrations, how are you gonna do it? Does it involve SMS? Who's paying the bill? Creating those things and starting to identify those signals in advance and then recognizing that AI agents are here, right? It's learning, it's getting better, et cetera. And you've got a partner. If you're a CISO today, and those important workflows aren't agentic proof, you're already behind the eight ball.
[00:18:18] Sean Martin: Yeah. So the CISO, along with the AppSec team.
[00:18:23] Frank Teruel: AppSec, right? And then fraud. Fraud loss prevention. I mean, we have one customer -- it's interesting -- where loss prevention reports into the office of Chief Counsel. Now the attorneys are involved. They go figure this out. Can you imagine? What that must do to an attorney to go, hey, I, great, you got your Stanford law degree, now you're responsible for stopping this stuff. Right? It just tells you that the complexity of this thing is all over the place. And yeah, I think it's important to do that. So I would say, look, partner with companies that have the data, that have that platform approach, that are willing to step in and help you mitigate -- not just inform you -- and then create those federated data flows from the outside, internal data sharing so that within the organization stuff's not falling through the cracks.
[00:19:05] Sean Martin: Yep. And if you're following and you wanna learn more, connect with Frank and the Arkose Labs team. If you're sitting here thinking, I don't even know what that means yet, I have no idea where to start yet. Call Frank and the Arkose Labs team.
[00:19:21] Frank Teruel: Yeah. DM me, send me a LinkedIn message -- Frank Teruel at Arkose Labs. Come and see us. I mean, this is great, but I think, uh, it's an exciting time to be in this business.
[00:19:31] Sean Martin: It is exciting and, uh, a lot to keep an eye on. Thanks, Frank. Appreciate it.
[00:19:36] Frank Teruel: Awesome. Enjoy it.
[00:19:36] Sean Martin: Thanks everybody.
[00:19:37] Frank Teruel: Thank you.