Vercel is putting a sharper label on a cost problem for AI apps: inference theft, where automated clients route prompts through another company's paid model account and resell the output.

In a post published Friday, Vercel CTO Malte Ubl argued that the economics are different from ordinary web scraping. A normal HTTP request can be cheap enough to absorb, while a frontier-model agent call can be expensive enough that even modest abuse becomes material. The post frames the risk around applications that expose AI behavior through public routes, chat interfaces, or agent workflows.

Vercel's proposed defense is to put BotID in front of high-value AI routes. The company's docs describe BotID as an invisible bot-detection layer, powered by Kasada, that uses a client-side challenge and can protect APIs as well as user-facing flows such as signups and checkout. The blog shows the same control applied before traffic reaches a model-backed endpoint.

The detail matters because many AI teams already centralize model access through products such as AI Gateway, which Vercel says provides one endpoint for hundreds of models, budget controls, retries, and spend monitoring. Those controls help manage legitimate usage, but they do not by themselves prove that a caller is a human user rather than automation.

The conservative takeaway is that this is a vendor-specific mitigation, not a general standard. Still, it reflects a practical shift in AI security: protecting model spend is becoming part of application security, not only billing operations.