‘You can just steal tokens’: A new wave of AI fraud is reshaping the software business
Token theft has emerged as a real risk in the age of AI, and according to Stripe’s Emily Sands, it could spell the death of freemium software models.
AI token theft has eclipsed traditional credential harvesting to become one of the most urgent — and least discussed — cybersecurity threats facing businesses embedding AI into their products.
That’s the assessment of Stripe’s global head of data and AI, Emily Sands, whose team has a front-row seat to the emerging fraud wave, and the consequence it has beyond ‘surprise’ API bills, including the end of freemium as a business model.
“Fraudsters have figured out that in AI you don’t actually need to steal money or credentials,” Sands told Capital Brief. “You can just steal tokens — and tokens have real value.”
AI has destroyed the zero-marginal-cost economics that made SaaS fraud barely worth attempting or protecting against — all that a vendor risked losing was a small monthly fee. But that has now changed and every business embedding AI is about to inherit the consequences.
