Research
·
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Antoine Vastel
Antoine is currently the Head of Research at Castle. In this role, he focuses on improving Castle's bot detection engine using different approaches, including behavioral detection, and fingerprinting.
Latest
Industry
·
How to authenticate OpenAI Operator requests using HTTP message signatures
Cloudflare recently introduced a new authentication standard, HTTP message signatures, designed to securely verify automated traffic from known bot operators.
Industry
·
From detection to trust: the evolving challenge of AI bot authentication
This is the second post in our series on AI bots and their impact on fraud and detection systems. In
Industry
·
From LLM scrapers to AI agents: mapping the AI bot landscape for detection teams
AI bots, AI scrapers, AI agents—you’ve seen these terms thrown around in product announcements, Hacker News posts, and
Research
·
Fraudulent email domain tracker: July 2025
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&
Industry
·
Bringing bot detection research to your AI-powered workflow
At Castle, we’ve increasingly embedded LLMs and tools like Cursor into our research workflows, whether we’re prototyping detection
Industry
·
What browser fingerprinting tests like Amiunique and Browserleaks really show, and what they miss
If you’ve ever visited a site like amiunique.org, browserleaks.com, or pixelscan.net, you’ve probably seen a
Research
·
How to detect Selenium bots?
Headless Chrome bots controlled by Selenium remain a staple in the bot developer’s toolkit in 2025. While newer frameworks
Research
·
Detecting Gmail-based fake accounts: what Emailnator teaches us
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are
Research
·
Bought sneaker proxies by mistake, did science with them anyway
The other day, I bought sneaker proxies by mistake. I know, I know, how do you accidentally buy sneaker proxies?
Industry
·
CAPTCHAs 101: what they are, how they work, and where they fall short
CAPTCHAs are the most recognizable anti-bot mechanism on the web. Whether you're logging into a game, signing up
Industry
·
Fake account creation attacks: anatomy, detection, and defense
Fake account creation is one of the most persistent forms of online abuse. What used to be a fringe tactic