Stopping AI and LLM abuse

Kilo Code is the open-source alternative to Cursor. It’s a powerful AI coding assistant that connects to your favorite models, used by more than 500,000 developers.

Kilo Code is the open alternative to Cursor. It offers a fast, flexible AI coding assistant that connects to over 400 frontier and custom models. Kilo goes beyond code generation and offers powerful modes – Code, Architect, Ask, and Debug – that tailor the agent’s behavior to the task at hand. Since launching in early 2025, Kilo has become the most popular AI coding agent on OpenRouter, is used by more than 500,000 developers, and serves over 100 billion tokens every day.

In April 2025, Kilo Code entered a crowded and fast-moving market for AI coding assistants. With dozens of startups competing for attention, the team knew they needed a differentiated launch that showcased both the product’s power and its open philosophy. One of their boldest moves was to offer free LLM credits to new users that lets developers start coding immediately without bringing their own API key or payment method.

It was an instant hit, helping Kilo grow rapidly and earn a top ranking on OpenRouter. Instead of the hassle of setting up billing or bringing an API key separately, developers could immediately jump into the experience and use frontier models for coding. Once they got a feel for the product, they could upgrade for long-term use.

But as Kilo Code’s growth scaled up, those free credits became an unexpectedly expensive problem.

Challenge

Within weeks, the team noticed strange traffic spikes — huge bursts of new signups from unusual IP ranges, all redeeming free credits at once. These weren’t curious developers. They were account farms.

Attackers were creating thousands of accounts to claim free Kilo Code credits, then reselling those accounts or routing LLM traffic through them for profit. At scale, this could feed large chunks of the growth budget directly to the attackers, instead of to real users.

Traditional defenses weren’t helping. While social sign-on with Google was required, it’s easy for attackers to mass-create or buy accounts. And captcha tools worked only briefly before the attackers figured out how to bypass them.

The team was hesitant to add credit card verification. It would add a huge barrier to the attackers… and most of their legitimate users. Most developers weren’t willing to enter payment info just to test a new coding tool.

So Kilo Code faced a classic tradeoff:

• Stay open and keep attracting abusers.
• Tighten the gates and lose genuine users.

They needed a middle ground — a way to separate bots from real people before signup, without adding friction for everyone.

Solution

Kilo Code integrated Stytch Device Fingerprinting at signup, alongside their existing auth stack.

Instead of asking users to complete a CAPTCHA or for high-friction verification steps, they simply captured Stytch’s fingerprint signals from the frontend and looked at the verdict in the backend response: allow, challenge, or block.

When a signup looked suspicious — known automation warning flags and other suspicious characteristics — Stytch’s verdict would be to block or challenge (depending on severity). For Kilo Code, that meant one thing: verify your credit card to unlock free credits.

Everyone else could go straight through. Now, good users could claim free credits while the attackers had to perform expensive (and hard to scale) verification steps.

The implementation was lightweight — just a few lines in their existing signup flow. Stytch handled the fingerprinting, device clustering, and model updates behind the scenes to provide verdict recommendations. Kilo Code handled the business logic: exactly where to verify fingerprints and the full user experience for block or challenge verdicts.

Many attackers disappeared entirely. As the remaining attackers tried to get more creative, Device Fingerprinting helped the team correlate clusters of bad actors. Accounts sharing fingerprinting attributes or other signatures could be flagged and reviewed together, making it easier to shut down whole farms instead of playing whack-a-mole.

Value

With Stytch in place, Kilo Code was able to safely scale up its growth.

Marketing campaigns that once would’ve been a magnet for abuse could now scale confidently. Paid traffic and organic growth drove hundreds of thousands of real new users, while automated signups quietly got filtered or funneled into verification.

The results were dramatic:

• Kilo Code climbed to the #1 AI coding tool on OpenRouter, serving over 100 billion tokens every day.
• Real users faced almost zero friction — most never even saw the verification step.
• Attackers, on the other hand, ran straight into a wall.

Behind the scenes, the Kilo Code team could focus on building new features — Teams and Enterprise plans, better agentic coding modes, improved UX — instead of building up bot and abuse detection from scratch.

It’s an elegant trade: developers get a frictionless signup, while attackers are quietly funneled away. Security improvements like this are a lever for growth, driving down customer acquisition costs and making sure that teams can focus on their real users.

What’s next

Kilo Code is at the top of the OpenRouter rankings, but they’re not done growing. You can try for yourself at kilocode.ai and see why hundreds of thousands of developers have switched to using Kilo Code inside VSCode, JetBrains or the CLI.

The team’s philosophy hasn’t changed — power, speed, and developer trust remain core to Kilo Code’s DNA. Stytch just made it possible to scale that trust to half a million users without making product onboarding difficult. Attackers are always evolving tactics, but we’re excited to continue working together to keep them out.