Antoine is currently the Head of Research at Castle. In this role, he focuses on improving Castle's bot detection engine using different approaches, including behavioral detection, and fingerprinting.
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Cloudflare recently introduced a new authentication standard, HTTP message signatures, designed to securely verify automated traffic from known bot operators.
This is the second post in our series on AI bots and their impact on fraud and detection systems. In
AI bots, AI scrapers, AI agents—you’ve seen these terms thrown around in product announcements, Hacker News posts, and
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&
At Castle, we’ve increasingly embedded LLMs and tools like Cursor into our research workflows, whether we’re prototyping detection
If you’ve ever visited a site like amiunique.org, browserleaks.com, or pixelscan.net, you’ve probably seen a
Headless Chrome bots controlled by Selenium remain a staple in the bot developer’s toolkit in 2025. While newer frameworks
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are
