Research and insights on stopping modern bots and fraud
Today, May 15, 2025, Castle extends its proven behavioral detection to the network edge through a no-code, fully managed Cloudflare
This is the seventh edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in September&
To scale a fraud or bot attack, adversaries need more than just realistic automation. They need infrastructure. A convincing browser
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint.
This is the first article in a two-part series where we show how to build your own anti-bot system to
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August&
The navigator.deviceMemory attribute is part of the Device Memory API. It exposes an approximate amount of system RAM to
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Cloudflare recently introduced a new authentication standard, HTTP message signatures, designed to securely verify automated traffic from known bot operators.
