#55: Know Your Agent (KYA), ChatGPT Atlas Memory Problems, 10 Billion Scam Messages Blocked a Month
This week, we’re looking at the new identity infrastructure needed to support agentic commerce, how memory-based attacks on AI browsers could silently hijack workflows, and why traditional phishing defenses may not be enough as scams scale through group chats and dark web phone farms.
Let’s get into it.
NATE'S TAKE - NOVEMBER 4, 2025
Top Three This Week
- What Happens When the Customer Is a Bot?
- ChatGPT Atlas Has a Memory Problem And That’s a Security Nightmare
- Google Blocks 10 Billion Scam Messages a Month
1. What Happens When the Customer Is a Bot?
If you’ve been following the rise of AI agents, you already know autonomous bots making decisions, completing tasks, and initiating transactions on behalf of users is here.
To prepare, financial institutions and tech platforms alike need to overhaul the way they handle onboarding, authentication, and authorization, starting with a new identity framework known as Know Your Agent (KYA). The old identity stack doesn’t work when the user is an autonomous agent running from a datacenter in middle America. Device signals, behavioral biometrics, and CAPTCHAs will break, liveness checks will be skipped, and bad bots will blend in.
What replaces it are reusable credentials, smart wallets, policy enforcement layers, and deep linking between human and agent identities. Without these, the next chargeback might be blamed on a “hallucinating” bot, and the bank or merchant could be left holding the bill.
Fraud fighters: if your platform is still trying to block all bots, you’ll soon be blocking legitimate customers too. It’s time to stop asking “is it a bot?” and start asking, “is this my bot, doing what it was authorized to do?”
2. ChatGPT Atlas Has a Memory Problem And That’s a Security Nightmare
A new exploit uncovered in OpenAI’s ChatGPT Atlas browser shows how persistent memory can become a new attack surface for fraudsters. LayerX researchers demonstrated a cross-site request forgery (CSRF) flaw that lets attackers inject instructions into ChatGPT’s memory that survive across sessions, browsers, and even devices.
Once tainted, even innocuous prompts could trigger actions like privilege escalation or data exfiltration, all without tipping off the user. Because Atlas lacks strong anti-phishing and sandbox protections, it failed nearly 95% of in-the-wild test attacks.
As AI interfaces grow more integrated into how users browse, code, and interact online, they also become centralized threat surfaces. These attacks aren’t about stealing credentials, they’re about hijacking the workflows of agents themselves.
And for fraud teams, this isn’t hypothetical. As AI agents are increasingly embedded in dev tools, payment flows, and commerce journeys, poisoning one agent’s memory could become the next vector for BEC, malware delivery, or insider-style manipulation.
3. Google Blocks 10 Billion Scam Messages a Month
If you’ve ever wondered just how bad the scam epidemic has become, here’s your answer: Google is now blocking more than 10 billion scam calls and messages on Android every single month.
Their analysis shows a few standout trends:
- Employment scams top the charts, targeting job seekers with fake offers to harvest personal info.
- Financial urgency scams are surging, from unpaid bills to bogus investment schemes.
- And group chat smishing is on the rise, where multiple scammers pose as “other victims” to build trust and make fraud feel like a shared experience.
Fraudsters are also timing their attacks to coincide with when people are busiest and least alert—early weekday mornings—and leveraging bulk messaging infrastructure to spray attacks across global markets.
Google’s defenses now rely heavily on on-device AI, real-time link analysis, and patterns of behavioral trickery. But no matter how good the defenses get, scammers adapt fast.
For fraud professionals, this underlines the importance of layered, dynamic defenses, especially for SMS and phone-based workflows that remain entry points for ATOs, social engineering, and payment fraud.
===
That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.
Ready to get started with Spec?
Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.
Frequently Asked Questions
“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”
Payments Manager
