The recent $1.8 billion, seven-year edge-compute deal between Anthropic and Akamai is a watershed moment for our industry. It signals that AI inference is officially moving out from behind centralized cloud walls and pushing directly to the edge. The goal is obvious: drastically reduce latency and scale processing power to meet unprecedented demand.
But as a sales leader and business builder who looks at enterprise infrastructure daily, when I see a massive, distributed deployment like that, I don’t just see faster response times. I see an incredibly massive, highly exposed financial vulnerability.
We are rapidly moving into the era of Agentic AI, where the compute costs are incurred the exact millisecond an API fires. If we don’t fundamentally change how we authenticate these autonomous agents, the margins on multi-billion dollar infrastructure deals are going to be eaten alive by automated fraud and compute theft.
Here is why the future of AI economics relies entirely on cryptographic attestation.
The Multiplier Effect and the New "Denial of Wallet" (DoW)
To understand the scope of the threat, we have to understand the economics of an agentic prompt.
In the traditional SaaS world, one API call roughly equaled one database query. It was linear, predictable, and cheap. In the Agentic AI world, one single user prompt can trigger an autonomous agent to spin up 50 or more sequential background tasks—reasoning steps, memory lookups, code executions, and external API calls.
The Reality: This multiplier effect is what makes agents so powerful, it also makes them a massive financial liability.
We are already seeing a surge in "Agent Fraud." Bad actors are spoofing agent instances or hijacking credentials to burn through enterprise AI tokens at near-zero marginal cost to themselves. Furthermore, poorly coded or malicious agents can easily get stuck in runaway execution loops. Because compute costs are incurred instantly, traditional fraud detection—which often takes hours to analyze behavioral patterns after the fact—is completely useless. By the time the system flags the anomaly, the attacker has already burned thousands of dollars in GPU time. It is a pure Denial of Wallet (DoW) attack.
The "Identity Gap": Why Firewalls and API Keys are Failing Us
The core of the problem lies in what I call the Identity Gap. Our current security stack was built to protect static infrastructure, not dynamic, autonomous agents.
- API Keys are just secrets. They are easily intercepted, leaked in repository commits, or reverse-engineered from client-side environments. Once an API key is stolen, the gateway treats the malicious bot exactly like a legitimate customer.
- WAFs and Firewalls look at traffic patterns and IP reputations. But when a malicious agent originates from a clean, residential proxy network or a legitimate cloud provider, it looks indistinguishable from standard enterprise user traffic.
Traditional gateways verify what secrets are presented, but they fail to verify who or what is actually delivering them. If you cannot guarantee the absolute integrity of the software calling your LLM gateway, you are writing an open check to script kiddies and scrapers.
The Solution: Shift-Left on Identity with Cryptography Attestation
To safeguard AI margins, enterprise leaders must stop relying on post-incident behavioral analytics and move toward Zero Trust at runtime. This means implementing strict, cryptographic apps and agent attestation before a single token is processed.
Cryptographic attestation ensures that:
- The Software is Authentic: Verifies that the agent or app requesting access hasn't been tampered with, reverse-engineered, or modified.
- The Environment is Secure: Confirms the execution environment is safe and free from runtime manipulation frameworks.
- The Request is Authorized: Delivers API keys and secrets just-in-time, ensuring they are never stored statically where they can be harvested.
Securing the Bottom Line
At Approov, we’ve spent years perfecting this exact methodology for mobile apps and their APIs in highly regulated sectors like banking and automotive. As AI agents become the new front-ends of enterprise business, the same principles apply.
If you are deploying multi-million dollar AI models without verifying the integrity of the agents calling them, you aren't just taking a security risk—you are taking a massive line-item hit to your gross margins. In the agentic era, cryptographic attestation isn't just a technical requirement; it's a foundational pillar of your AI business strategy.
Pearce Erensel
Global VP of Sales, Approov
Pearce’s cybersecurity experience stems from 7 years of securing mobile apps in highly regulated industries like banking, automotive, and medical device manufacturing. His client-focused approach has helped companies successfully tackle significant challenges in mobile app and API security. Pearce loves Approov's innovative, seamless, and adaptable approach, recognizing its potential to revolutionize mobile app security.
