Research
·
Roll your own bot detection: server-side detection (part 2)
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint.
Antoine Vastel
Antoine is currently the Head of Research at Castle. In this role, he focuses on improving Castle's bot detection engine using different approaches, including behavioral detection, and fingerprinting.
Latest
Research
·
Roll your own bot detection: fingerprinting/JavaScript (part 1)
This is the first article in a two-part series where we show how to build your own anti-bot system to
Research
·
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August&
Research
·
Deep dive: how navigator.deviceMemory can be used for fingerprinting and bot detection
The navigator.deviceMemory attribute is part of the Device Memory API. It exposes an approximate amount of system RAM to
Research
·
How we detected a CAPTCHA solver in the wild, and what it says about bot defenses
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in
Research
·
Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed)
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
Research
·
Fraudulent email domain tracker: August 2025
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Research
·
Finding links between fraudulent email domains using graph-based clustering
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Research
·
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Industry
·
How to authenticate OpenAI Operator requests using HTTP message signatures
Cloudflare recently introduced a new authentication standard, HTTP message signatures, designed to securely verify automated traffic from known bot operators.
Industry
·
From detection to trust: the evolving challenge of AI bot authentication
This is the second post in our series on AI bots and their impact on fraud and detection systems. In
Industry
·
From LLM scrapers to AI agents: mapping the AI bot landscape for detection teams
AI bots, AI scrapers, AI agents—you’ve seen these terms thrown around in product announcements, Hacker News posts, and