Identity platform startup Stytch Inc. today unveiled advanced capabilities for its Device Fingerprinting technology that allows developers to integrate fraud prevention into their applications.
Stytch Device Fingerprinting now includes supervised machine learning to detect and classify new devices to provide protection against zero-day threats, those too new to have been patched yet. The addition combines the precision of a deterministic approach to security with real-time insights from artificial intelligence, according to the company.
Varying from traditional methods such as reCAPTCHA and web application firewalls, Stytch creates a unique, persistent fingerprint and threat verdict for every visitor. Unlike CAPTCHAs, the solution is completely invisible to users and detects bots and fraud with 99.99% accuracy, eliminating the need for security tools that add friction to the user experience, the company claims.
Stytch Device Fingerprinting also differs from existing solutions with built-in protection against reverse-engineering and network spoofing techniques or tools such as CAPTCHA-solving application programming interface services, AI-based vision models such as GPT-4o, and click-farms.
The new capabilities include intelligent rate limiting, which uses predictive analysis of device, user and traffic sub-signals to detect unusual traffic volumes and apply precise rate limits. By leveraging precision fingerprinting, it ensures legitimate users are not restricted and adapts to new attacker profiles in real time.
Another new feature, ML-Powered Device Detection, uses a supervised machine learning model trained on a global device dataset to assess the risk of new device types. For example, if a new browser claims to be Chrome, it can evaluate the browser against all historical Chrome versions to verify its authenticity and risk potential, with Stytch’s fingerprinting model continuously updated based on those findings.
The third new feature, Security Rules Engine, allows for programmatic or user interface-based configuration of Stytch’s automated Allow, Challenge or Block verdicts. The system simplifies the handling of unique exceptions, allowing easy customization of preset rules either through API or with a single click in the dashboard, helping ensure a balance between strong security measures and the need for adaptability to varying circumstances.
“As we define and shape the next generation of authentication and identity management, our Device Fingerprinting solution exemplifies what this should be about,” said co-founder and Chief Executive Reed McGinley-Stempel. “It’s about establishing a more holistic understanding of user identity and providing developers with core infrastructure to make authentication feel like it’s a native part of the application.”
McGinley-Stempel, along with Julianna Lamb, Stytch’s co-founder and chief technology officer, spoke with SiliconANGLE in December on what the company’s goals are and the challenges developers face in implementing and addressing security issues.