SAMUEL BAKOUCH: Last year, a high-growth AI company discovered that a single user had created more than 86,000 accounts and never made any legitimate payments, not a single one. That wasn’t a bug in their system. It was in fact a coordinated multi-account attack that allowed bad actors to systematically take advantage of free token usage. So multi-account attacks are just one of many abuse patterns hitting high-growth companies. It’s happening across industries—from SaaS, retail, travel, AI, and more. There’s been a rise in first-party fraud. So, what is first-party fraud? It’s when a customer abuses businesses’ policies for their own gain. The exact shape of customer abuse varies by industry, but we saw that over 60% of businesses experienced an increase in first-party fraud in 2025—especially free trial, policy, and refund abuse. And AI has accelerated all of this, making these attacks much easier to orchestrate and more rewarding for bad actors.

I’m Samuel, a lead product for payments intelligence here at Stripe. And today, we’ll walk through how first-party abuse can impact your business. We’ll also talk about how Radar, Stripe’s fraud and abuse prevention solution, can help you at every stage of the customer lifecycle. We’ll also hear directly from Cursor about how they’ve responded to these new abuse vectors. So let’s get started, and let’s start by walking through the customer lifecycle to see exactly where these attacks hit and what we built to address it. So first, at account sign-up, bad actors commit multi-account abuse. What they do here is that they just cycle through multiple accounts using new email addresses. In fact, we found that 14% of new accounts at AI companies are suspected of committing multi-account abuse. It’s a big number. So the user I mentioned with 86,000 accounts—that’s an extreme, but it’s definitely not an anomaly.

So let’s spend a bit more time to understand what makes this hard to catch today. Generative AI has made all signals obsolete. We used to rely on things like gibberish email addresses, inconsistent names, suspicious sign-up patterns. Those are all gone. Bad actors are also using AI themselves, but this time to generate clean, convincing, onboarding data. So the accounts, they look pretty real. We did what we usually do best at Stripe, which is we built a new API. That API takes in sign-up events and returns a multi-account abuse risk score before the payment even occurs. So what you’re seeing here is you can think of Radar working upstream at sign-up time, decoupled entirely from the transaction itself. And because we’re looking across millions of businesses under Stripe network, you can now catch bad actors at sign-up using device, email, and identity signals from across millions of businesses, not just your own.

So now that we’ve talked about multi-account abuse, the next thing that happens is after sign-up, you may want to offer free trials to drive business growth. But this is also where trial abuse happens. This is when a user signs up and exploits the trial period by driving high usage without ever intending to pay. This actually can be quite challenging to catch because you have to tell the difference between a legitimate user interested in trialing your product and the bad actors looking to exploit free access. To make this even more challenging, traditional fraud prevention wisdom actually says to automatically block high-risk payment methods like virtual cards at trial. But today, virtual cards are legitimately used by customers for privacy and security reasons. So what that means is blanket blocking virtual cards as a payment method leads to rejecting legitimate trials, and in result, taking a hit to your revenue.

So now, to put all of this in perspective by the numbers: every day, on average, our models detect 155,000 fraudulent free trial with more than 100,000 high-risk cards added to trial accounts daily.

So the recommendation is just don’t stop offering free trials. You can’t just stop offering them. It’s a key way of driving growth. So we built a one-click control that lives within Radar that predicts the likelihood of an abusive free trial at the moment a payment method is added, not at the end of the trial when it’s already too late. So you can now block high-risk trials automatically before you’ve incurred the cost of serving them. And our models have a 95% precision at detecting fraudulent free trials and are getting better every day. Next, when it comes to payment, preventing transaction fraud is critical. When customers use stolen cards, it results in disputes driving up cost and reducing your revenue. This actually has been Radar’s bread and butter for a long time. And today, we’re excited to share that Radar now blocks high-risk transactions across all payment methods.

That’s right. All of them, including bank debits, BNPLs, wallet, stablecoins, and more. Sophisticated fraudsters don’t just stop at one payment method, and now Radar doesn’t either. We’re also excited to share that Radar now covers payments processed off-Stripe. What this means is you can think of Radar as your holistic fraud provider, even when payments run through other processors, with the same intelligence built in with fraud likelihood scores on every transaction.

But transaction fraud is no longer the only threat at checkout. We’re seeing a rise in automated bot-driven purchases—high volume of transactions made programmatically. The key here is distinguishing between legitimate agentic transactions and abusive ones like bulk buying subscriptions to resell or draining limited inventory. That’s why we’re introducing a bot score: a new signal at payment time to help you catch fraudulent automated transactions. To be clear, not all bots are bad. We actually love good bots. We welcome them. As we’ve shared yesterday, agentic commerce represents a huge opportunity. The goal isn’t to block automation; it’s to tell the difference between a legitimate agent acting on a user’s behalf and an automated scheme with the goal of committing fraud.

Now, at the end of the cycle, after your customer uses your product, you experience pay-as-you-go abuse. So if you have a usage-based business model, or you may just invoice your customers at the end of the month, let’s say, for services already rendered, you face the risk that a user racks up a bunch of usage only for the payment to fail. So to bring this to life, let’s say a SaaS business attempts to charge their user for their monthly usage bill, but they can’t successfully complete the transaction. So the SaaS business is stuck with the bill for a service they already provided. So what makes this kind of abuse hard to detect? The challenge here is that the initial transaction often looks clean and went through. The problem doesn’t surface until later in the billing failure. That’s why to minimize pay-as-you-go abuse, Radar now helps you spot users who complete initial transactions, but have no intent to pay for future usage.

So to recap, you can now protect your business from fraud and abuse across the entire customer lifecycle with Radar—not just at transaction time. And Radar is now able to do that because it analyzes data from millions of businesses across the full customer lifecycle. This allows it to detect front-end abuse patterns that might not normally stand out when looking at individual interactions. Now, customer abuse affects every industry as we’ve shared earlier, but AI companies are feeling this even more acutely because of the high compute cost. So to learn how a leading AI company is navigating these threats, please join me in welcoming Jacob Meltzer, engineering lead for Radar, and Jacob Witt, product manager at Cursor.

JACOB MELTZER: Hi. Thanks, Samuel, and thanks, Jacob, for joining us.

JACOB WITT: Of course.

JACOB MELTZER: I think most people in the audience have probably heard of Cursor, but for those who haven’t, can you give us the 10-second pitch?

JACOB WITT: Yeah. Cursor is a developer tool. We make it easy to build, and build with agents. We’re used by millions of people, across a lot of society—from Fortune 500, high school teachers, and even Stripe.

JACOB MELTZER: That’s awesome. So you lead growth at Cursor. Can you share how you think about growth? And specifically, we know that growth often comes with an increased opportunity for fraud. How do you think about balancing that trade-off?

JACOB WITT: Yeah. So high level for growth is, you want to acquire customers that are happy on your platform, and you want to make sure the customers you have are getting the most out of the tool. Now, the challenge is, and I think a lot of people are not selling an AI product, this is not intuitive, but inference is very similar to interchange. You’ve got this very valuable thing that has a high marginal cost, and it incentivizes actors to come and take it. So what we get is a lot of people who, any offer we give or promo or referral bonus, you get inference and you can take it, resell it, package it, take the SDK, the API, whatever. If you scroll down to like 20 through 30 on the app store ranks for productivity apps, a lot of those apps are probably reselling inference from some other tool. So what that means for us is, everything we’re balancing between—sure, there’s a growth opportunity—but we have a real fraud cost.

JACOB MELTZER: Yeah, that makes sense. I feel like even just like a year or two ago, we would see cards get used and you would see stealing shoes and things like that. And it’s like token theft is like the new shoe stealing and stuff like that, which is kind of interesting.

JACOB WITT: You can steal a lot more tokens than shoes for sure.

JACOB MELTZER: A little easier to store, I guess. Cool. So walk us through, how long have you been at Cursor?

JACOB WITT: Eight months.

JACOB MELTZER: Okay. I think it’s probably been an exciting eight months. Walk us through fraud when you first joined. What did it look like? What did you do about it? Stuff like that.

JACOB WITT: One of the things we’re known for, at least in SF, is when you’re interviewing, you come on-site and you’re in the office for two days. So I was expecting to have a project, go and put together some slides, maybe a prototype. And I come in Monday morning, and there’s a literal war room going on. Our COO, some engineers, the finance team, and it’s like, we have to fix the trials. At the time, we did not require a credit card to start a trial. And inference cost on free trials was approaching or even greater than some of our inference costs for paid segments. We were just getting completely lit up. So after this huge period of growth, it was like, we have to put our feet down. We have to fix it. So my two-day onboarding interview project was: how are we going to actually require credit cards up front? How are we going to test it? How are we going to make sure that we’re not hurting conversion, but bringing these costs down?

JACOB MELTZER: How’d you go about making that trade-off? What was the thinking?

JACOB WITT: When you see a chart that is going so up into the right that quickly, it was a, like, we have to pull a lever, we have to do something. I think for free trials generally—especially for Cursor starting in 2023, which seems really recent—but for a lot of customers at the time, you maybe don’t believe in AI. So it was very important for us to have an extremely generous free trial to feel the magic, actually use it, believe that it’s something that you can work with. By the time we were doing this, I think the name Cursor was a little more well-known. I think a lot of people understood, yes, AI is valuable and it’s more, what do I do with it? So we were really concerned about the trade-off, and we didn’t end up actually seeing that much of a conversion hit. People understand now that tokens cost money and are a little more willing to pay up front before they even get into the app.

JACOB MELTZER: Yeah. That makes sense. It’s sort of like a unique challenge, I guess, in an industry that’s sort of evolving and a lot of people are experiencing this for the first time. So you sort of mentioned something interesting. You said free trials and then I think you hinted at free accounts. So my understanding is Cursor at one point offered trials, now less trials, more free accounts. I know I’ve talked to a bunch of AI companies here today who are thinking about promos. Maybe I should actually do 50% off. How do you think about these trade-offs? And why offer free trials? Why offer free accounts? When to think about promos?

JACOB WITT: We’ve evolved over time as malicious actors have kind of gotten smarter. I wish we could be more generous, but there’s a cost to giving free things away. So we required a credit card to start a trial and eventually, we had to make the decision to remove trials entirely. We still offer a free plan, but I think the way we thought about the trial versus a free plan was, free plan you can really kick the tire a tiny bit, get started, see how it works. Versus the trial, we wanted to replicate, what does the paid plan feel like? And it was much more generous in terms of usage. We just didn’t find a way to make that work. And even in cases where we could identify who are the really good trusted customers, there wasn’t that much of a conversion delta. So now it’s just a, when you sign up, there’s a paywall to start on our $20 entry plan, or you can start for free and that’ll get you a couple minutes, maybe a couple of requests to play around.

JACOB MELTZER: Yeah, that makes sense. I guess free is never fully free, but that’s sort of interesting though. You don’t want to degrade the trial experience if it’s a trial, you want to give someone the experience of the full thing. Whereas free accounts are sort of an opportunity to have a more limited product experience. So what do you do today to mitigate the risk of the free accounts?

JACOB WITT: We lean heavily on you guys. We have probably 200-plus Radar rules at this point. It’s been a work in progress, but we need, we have tons and tons and tons of sign-ups every day and we need to measure like, do we think these actors are real? Are they actually going to pay us? And the math is basically: the more we’re able to cut off and get signals on users before they sign up, the more generous we can be for valid users, who we want to have a really good experience. But if we can’t stop fraud, then your mix is much worse.

JACOB MELTZER: Definitely. I think it’s been really helpful. One of the… Previously, Radar usually only operated at payment time and we’ve sort of been going up the funnel and hopefully down the funnel, too. And I think being able to screen the sign-ups has both made us better at helping stop abuse early, but also has made us better at payment time, which is kind of cool. Other than free accounts and obviously credit card fraud and traditional fraudulent disputes, what other risk vectors are you currently fighting?

JACOB WITT: We see a lot of it. There’s card testing. Local payment methods, I think was this beautiful idea of like, people want to pay the way they want to pay. So, why add friction? It was not as easy just flipping a switch. Local payment methods have local fraud varieties and different logic, and dealing with either flow of funds or the timing between transactions can get kind of gnarly. So we flipped some switches and got blown up a little bit and then had to figure out on the Radar side. But working with you all has made that work well. What we’re starting to see more is—and again, it feels very much like operating a fintech or a crypto company—of account takeovers, of more and more and more we’re seeing people either managing to get an invite to customer, they’re pretending to be a valid user. They get joined onto this team and then all of a sudden they’re able to invite hoards of bots. You’re draining inference. It’s again, this variable product that you can resell extremely easily. So we’ve had to implement a ton of controls to protect against that.

JACOB MELTZER: That makes sense. On the LPM side. I definitely wanted to get there, so it is as easy as a click of a button, but yeah—

JACOB WITT: Not yet.

JACOB MELTZER: Not yet. I think like a lot of businesses, they’re not used to the asynchronous nature of some of the payment methods. They get less information. And I think Radar sort of adapting is one way we want to close that gap. Can you share any other examples of customer-friendly features that you’ve introduced, and have been exploited in ways that you didn’t expect?

JACOB WITT: We just want to be generous for customers, and I think most of the time we get hammered when we try to do so.

JACOB MELTZER: What are some of those features?

JACOB WITT: So the one that was like the most frustrating was, if you’re using Cursor, you send a message in the chat, the agent works with you, and you get code or whatever output you requested. We care a lot about the uptime on the agent, but there are errors. And we want to be super generous for customers when there are errors. We assume if it’s an error, it’s Cursor’s fault, we need to figure out how to make that request go through. So for a very long time, any error, the entire request, we would not charge you for it. Something we’ve been dealing with over time in both the business model, but also specific instances like this, is agent requests used to run for like 10 seconds. It cost 2¢ or 3¢. And now these models are running for 20, 30 minutes at a time. You can have one request cost $100.

So what we ended up seeing was, users would cancel requests. That sends a error message. We would treat it as an error. We would not charge for the request. And we had a whole host of users. We were looking at like cancellation, and like everyone right at the very end, the agent would produce all of this code, and then the user would cancel the request. They don’t pay for it, and they keep the code. And this became a GitHub repos started popping up of like, “Here’s how to defraud Cursor.” And everyone started realizing how to do this, and we had to kill it. And for two days, there was like riots on our forum of people who were telling really convincing stories around like, “This is crazy. I only do this every once in a while. I can’t believe Cursor blocked this.” And we actually almost pulled it back.

We thought we had made a mistake. We thought these were valid users. And then we kind of stopped and realized of like, someone literally would have to be at 99.9% utilization, know that they’re there, start the request, and stop it on time and do that repeatedly to even know that we didn’t charge for that request. So we were basically just getting astroturfed by bots, which again, maybe soured me a little bit on some of the forum, but it’s tricky.

JACOB MELTZER: No, but I think the forum’s a great example. It’s so easy to just like say, “Oh, the customers are in pain. I want to go help.” And then you take a step back and you look and it’s like, “Oh, maybe this isn’t exactly what it looks like.” What surprised you the most about the growth in the fraud space? And maybe particularly working at an AI company.

JACOB WITT: Yeah. We were talking about this. We have a colleague who worked at Stripe and now at Cursor, and he helps on both growth and billing and fraud. And I think something that’s been so surprising is that you really need those people either doing all of it or sitting next to each other because for every promo, for every referral program, these trials that we run, you have to size it for fraud. And it basically is just a drag on efficiency, which is not the worst thing of like you have these inorganic growth levers. They just become a little more inefficient, which pushes you more towards, what are actually the organic good ways to get growth? So I can implement a referral program, I can pay people money, I can get lit up by bots—or I can find more organic ways to give people opportunities to share, either configs for automations or MCPs or skills or setups like that has pushed us to be a lot more creative of beyond just giving people inference for free—what are other ways to drive more adoption on the platform?

JACOB MELTZER: No, that makes sense. I think one of the really interesting things, like we work with companies in all these different industries—like when we’re working with SaaS companies, they really just want to grow top of funnel. The cost of offering the service is low. They should just have as many sign-ups as possible, see who converts. And it seems just like very different for AI companies, where the cost of service is so much different. I’m curious how that sort of plays into your growth strategies.

JACOB WITT: It’s like payments. I don’t think it is very hard to sell a variable service unless you’re carrying the risk. So we just need to be smart about it.

JACOB MELTZER: No, that makes sense. I really appreciate your time. Before we close out, I wanted to share three practical lessons that I’ve learned from working with businesses like Cursor and helping them keep growing while managing risk. First, your growth strategy depends on your cost structure. If your cost to serve a free user is low, offering free accounts is easy. No need to apply the friction of collecting a card. If your cost of product is high, cards up front really matter. The real question is if the extra protection is worth the friction of requiring a card. Second, you should consider how much you actually need to offer to convert a trial user into a paying user. For AI companies in particular, anything beyond that is additional compute or services that you’re kind of giving away for free without too much of a reason. And third, you should plan for abuse before your launch. Whether it’s rolling out a new growth strategy, launching in a new region, launching new promotion codes, you should think about how it’s going to get abused ahead of time, and if it does, how you would respond.

If you want to get ahead of the next wave of customer abuse, scan the QR code to join our waitlist, or stop by the fraud booth in the expo hall. Would love to chat with you all. Thank you so much for your time.