The Castle blog

Research and insights on stopping modern bots and fraud

Featured

Company · Feb 21, 2025

Antoine Vastel is joining Castle as Head of Research

Bot detection is broken. Attackers have moved far beyond basic bot scripts—they’re leveraging AI, residential proxies, and sophisticated

Johan Brissmyr

Latest

Research · Mar 25, 2025

Bot detection 101: How to detect bots In 2025?

The good old days where bots used PhantomJS and could be detected because they didn’t support basic JavaScript features

Antoine Vastel

Research · Mar 19, 2025

How to detect Headless Chrome bots instrumented with Playwright?

Headless Chrome bots powered by Playwright have become a go-to tool for bot developers due to their flexibility and efficiency.

Antoine Vastel

Research · Mar 13, 2025

How to detect Headless Chrome bots instrumented with Puppeteer?

Headless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use,

Antoine Vastel

Research · Mar 5, 2025

Anti-detect browser analysis: How to detect the Undetectable browser?

This is the second article of our series about anti-detect browsers. In the first article, we gave an overview of

Antoine Vastel

Research · Feb 27, 2025

Overview of anti-detect browsers

This is the first article of a series about anti-detect browsers. In this article, we provide an overview of anti-detect

Antoine Vastel

Company · Feb 21, 2025

Antoine Vastel is joining Castle as Head of Research

Bot detection is broken. Attackers have moved far beyond basic bot scripts—they’re leveraging AI, residential proxies, and sophisticated

Johan Brissmyr

Research · Feb 21, 2025

Detecting noise in canvas fingerprinting

In a previous blog post, we talked about canvas fingerprinting, a technique commonly used to detect fraudsters and bots. In

Sebastian Wallin

Research · Feb 12, 2025

The role of WebGL renderer in browser fingerprinting

Browser fingerprinting leverages different JavaScript attributes related to the user's device, OS, and browser. When it comes to

Sebastian Wallin

Research · Feb 11, 2025

Anatomy of a 4-day mobile app credential stuffing attack

In this article, we cover the details of a distributed credential-stuffing attack that targeted the mobile application of a major

Sebastian Wallin

Research · Feb 4, 2025

How bots and fraudsters exploit free tiers in AI SaaS

The latest wave of artificial intelligence (AI) improvements significantly improved the quality of models for image and text generation. Several

Sebastian Wallin

Research · Jan 24, 2025

How bots and fraudsters exploit video games with credential stuffing

If you spend time on video game forums, you might have noticed posts from users discussing their accounts being hacked

Sebastian Wallin

Research · Jan 13, 2025

Open Bullet 2: The preferred credential stuffing tool for bots

Open Bullet 2 is an open-source software, specialized in credential stuffing attacks, i.e. attacks that use bots to automatically

Sebastian Wallin