HUMA Shield · Session monitoring

The login page isn't the battle.
The session is.

Stolen credentials pass every login check — the attacker has the right password. What they can't steal is your user's behavior. HUMA Shield keeps scoring the session after login, compares it against the human baseline, and tells you the moment the person behind the keyboard stops acting like a person — or stops being the same one.

Get your API key →Read the docs
What it catches

Account takeover

Right password, wrong human. Behavioral drift from the account's own history exposes hijacked accounts in seconds.

Credential stuffing

Replayed logins driven by scripts carry no human micro-behavior — uniform timing, zero hesitation, no organic cursor.

Session hijacking

A stolen cookie moves the session to a new actor. The behavior changes with it — Shield sees the seam.

How it works — one call on an interval
POST /api/v1/session
Authorization: Bearer huma_live_...

{
  "userId": "user_123",
  "sessionToken": "h_...",       // from the initial verify
  "sessionData": { ...signals }   // collected by huma.js / SDK
}

→ {
  "score": 78,          // current humanity score
  "delta": -14,         // change vs. this session's baseline
  "anomaly": true,      // statistically unusual shift
  "action": "flag",     // allow | flag | block
  "notes": ["typing_cadence_shift", "cursor_pattern_change"]
}

Call it every ~30 seconds from your app with the SDK's useHumaSession hook or directly via REST. Wire bot.detected webhooks to alert your security channel in real time.

Three actions, your rules
allow

Behavior consistent with the session's human baseline. Do nothing.

flag

Anomalous shift detected. Log it, watch it, or require re-auth on sensitive actions.

block

High-confidence takeover pattern. Kill the session or demand a step-up challenge.

Frequently asked
What is account takeover (ATO) detection?
Detecting when an attacker controls a legitimate user's session — stolen credentials, hijacked cookies, credential stuffing. Shield compares live behavior against human baselines and flags the takeover as it happens.
How is this different from verification at login?
Login checks happen once, at the door. Shield keeps watching after the door — every report returns a score, a delta against the session's own history, an anomaly flag and a recommended action.
Does it collect personal data?
No. Statistical aggregates of behavior only — no keystroke contents, no PII, no cross-site profiles. Same zero-PII architecture as all of useHUMA.

Guard the whole session,
not just the door.

Included in every useHUMA plan · 14-day free trial.

Start free →