Research
·
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August&
Latest — page 3
Research
·
Deep dive: how navigator.deviceMemory can be used for fingerprinting and bot detection
Important update: This article reflects the behavior of navigator.deviceMemory before Chrome’s recent Device Memory API update. New Chrome
Research
·
How we detected a CAPTCHA solver in the wild, and what it says about bot defenses
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in
Research
·
Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed)
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
Research
·
Fraudulent email domain tracker: August 2025
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Research
·
Finding links between fraudulent email domains using graph-based clustering
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Research
·
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Industry
·
How to authenticate OpenAI Operator requests using HTTP message signatures
Cloudflare recently introduced a new authentication standard, HTTP message signatures, designed to securely verify automated traffic from known bot operators.
Industry
·
From detection to trust: the evolving challenge of AI bot authentication
This is the second post in our series on AI bots and their impact on fraud and detection systems. In
Industry
·
From LLM scrapers to AI agents: mapping the AI bot landscape for detection teams
AI bots, AI scrapers, AI agents—you’ve seen these terms thrown around in product announcements, Hacker News posts, and
Research
·
Fraudulent email domain tracker: July 2025
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&
Industry
·
Bringing bot detection research to your AI-powered workflow
At Castle, we’ve increasingly embedded LLMs and tools like Cursor into our research workflows, whether we’re prototyping detection