Why traditional bot detection techniques are not enough, and what you can do about it

Antoine Vastel -

Bots are often used to conduct attacks at scale. They can be used to automatically test stolen credit cards, steal user accounts (account takeover), and create thousands of fake accounts.

Detecting bot activity has traditionally relied on techniques like Web Application Firewalls (WAFs), CAPTCHAs, and static fingerprinting. However, with the rapid advancement of anti-detect automation frameworks and AI-driven bot capabilities, traditional detection detection techniques are increasingly ineffective.

In this blog post, we’ll explore the limitations of conventional bot detection techniques, the modern tools available to bot developers, and the strategies required to detect sophisticated bots in 2025.

TL;DR

If you are just interested in the bot detection techniques, and how they can be bypassed by modern tools, you can have a look at the table below. The remainder of this article goes into the details of these techniques and explains how they can be bypassed by attackers:

Bot detection technique Possible bypass technique
❌ IP-based rate limiting Proxies can be used to spread attack across thousands of IP addresses, which enable attackers to stay under the rate limiting thresholds.
❌ Geo-blocking Proxies can be used to launch attacks from IP addresses located in the same countries as the users of the websites and mobile applications targeted enable attackers.
❌ IP reputation Residential, ISP and mobile proxies belong to well-known and trusted ISPs, similarly to the IP addresses used by human users.
❌ CAPTCHAs AI-based CAPTCHA farms and custom solutions that leverage AI image and audio-recognition models can be used to automatically solve CAPTCHAs.
❌ WAF signatures (TLS fingerprints, HTTP headers) Anti-detect HTTP client libraries like Curl cffi can be used to make HTTPs requests with consistent HTTP headers and consistent TLS fingerprints.
❌ Static JS browser fingerprinting Anti-detect automation frameworks like Camoufox and Nodriver take care of removing known static fingerprinting attributes like navigator.webdriver = true .

Traditional Bot Detection Techniques

Traditional bot mitigation strategies often revolve around 3 approaches:

  1. Web Application Firewalls (WAFs);
  2. CAPTCHAs;
  3. Static fingerprinting.

Web application firewalls (WAFs)

WAFs use static rules and signature-based detection mechanisms to identify and block bot traffic. Common techniques include:

  • IP-based rate limiting – Restricting the number of requests from a single IP to prevent high-volume bot activity.
  • Geo-blocking – Blocking traffic from certain geographic regions known for high bot activity.
  • IP reputation - Blocking traffic coming from data center IPs or IPs frequently reported as malicious in public block lists.
  • Static server-side fingerprinting – Identifying bots based on HTTP headers and TLS fingerprints using predefined signatures.

CAPTCHAs

CAPTCHAs have been a widely used defense against bots, leveraging challenges that were historically difficult for machines but easy for humans. Traditional CAPTCHAs rely on image and audio recognition challenges. However, modern AI techniques have significantly reduced their effectiveness.

Static fingerprinting techniques

The least sophisticated bots can also be detected by using static JavaScript-based fingerprinting signals, such as:

  • navigator.webdriver – Used to detect headless automation.
  • document.cdc_asdjflasutopfhvcZLmcfl_ – A Selenium-specific signature.
  • window._phantom – Identifies PhantomJS-based bots.

However, these detection methods are static and are easily circumvented by modern anti-detect bot frameworks.

Modern tools available to bot developers in 2025

As bot detection techniques evolve, so do the tools and services available to bot developers. Attackers today have access to several open-source anti-detect automation frameworks, headless browsers, and online services such as CAPTCHA farms and bot as a service.

Advanced anti-detect automation frameworks

Modern anti-detect frameworks remove inconsistencies in browser behavior and provide human-like fingerprints by default. Some notable frameworks include:

These frameworks are designed to:

  • Remove automation indicators. e.g. navigator.webdriver = true ;
  • Provide consistent and realistic browser fingerprints;
  • Be compatible with popular automation libraries like Puppeteer, Playwright, and Selenium. Thus, bot developers can easily switch from traditional automation frameworks to automation frameworks with anti-detect features.

Proxy networks

Bot operators can route requests through residential proxy networks, allowing them to:

  • Use IPs from well-known ISPs
  • Evade IP-based rate limiting and geo-blocking
  • Distribute attacks across thousands of IPs

AI-based CAPTCHA solvers

Rather than relying on human CAPTCHA farms, attackers now use AI-driven CAPTCHA solvers that:

  • Solve CAPTCHAs at a fraction of the cost (~$1/1000 CAPTCHAs);
  • Operate at high speed (< 10 seconds to solve a CAPTCHA);
  • Bypass even complex logical CAPTCHAs

Human-like mouse movements

When it comes to bypassing bot detection, it’s not only about fingerprinting. Frameworks like ghost-cursor make it easier to mimic human-like user behavior. These frameworks can be used to generate:

  • Realistic mouse movement trajectories;
  • Click patterns that resemble human behavior.

Bots-as-a-Service (BaaS)

Bypassing professional anti-bot services requires expertise and is a continuous task since these services frequently update the signals they collect and their detection logic. Thus, for developers without deep expertise in bot evasion, Bots-as-a-Service (BaaS) platforms provide ready-to-use solutions that:

  • Automatically configure headless browsers with realistic fingerprints
  • Integrate proxy rotation for evasion
  • Solve CAPTCHAs without manual intervention
  • Charge only for successful, non-blocked requests

Why traditional bot detection techniques are easily bypassed

In this section, we go through the different traditional bot detection approaches presented earlier and explain how they can be easily bypassed

Bypassing WAF IP-based rate limiting and geo-blocking: proxies

Residential proxies allow bots to rotate between millions of real user IPs. Thus, it makes it look like attacks from different devices, can be used to bypass IP-based rate-limiting mechanisms.

Attackers can choose residential proxies that belong to well-known ISPs, which can help them bypass simple reputation-based systems that tend to penalize low-quality data center IP addresses. Proxy networks also enable bot developers to select the countries of their proxies. Thus, attackers can strategically select IPs within the target website’s expected geographic distribution to bypass geo-blocking techniques.

Bypassing CAPTCHAs: AI-based CAPTCHA farms

CAPTCHAs are traditionally the cornerstone of bot detection systems. However, traditional CAPTCHAs suffer from several limits. Indeed, traditional CAPTCHAs rely on the difficulty of the challenge — often an image or audio recognition task — to distinguish between bots and human users:

  • Evolving AI models – Advances in AI-driven image and audio recognition have made solving CAPTCHAs trivial for bots.
  • Increased difficulty for humans – To stay effective, some CAPTCHA providers have increased challenge complexity, making them harder for legitimate users while bots still bypass them.
  • Single point of failure (SPOF) – CAPTCHAs verify users at a single point in time but do not account for behavioral patterns across sessions.
  • Lack of protection against CAPTCHA farms – Attackers use AI-based CAPTCHA solvers or human-based CAPTCHA farm services to bypass these challenges at scale.

AI-based CAPTCHA farms make it simple to automatically pass traditional CAPTCHAs using APIs. The use of AI-enabled most CAPTCHA-solving services to significantly scale their operations. They can solve CAPTCHAs in less than 10 seconds at a low cost (< $1 per 1,000 CAPTCHAs).

Bypassing static JavaScript browser fingerprinting

The latest improvements in anti-detect browsers made it easier for bot developers to have bots with near-perfect fingerprints. It’s as simple as a library import to automate a headless browser with no detectable fingerprint side effects. No webdriver = true and no CDP side effect, bots have a human-like fingerprint by default.

Bypassing WAF server-side fingerprinting and static signatures

In addition to JavaScript browser fingerprinting signals, attackers also have access to a wide range of frameworks like Curl cffi that enable them to consistently forge popular server-side fingerprinting signals, such as HTTP headers and the TLS fingerprint. Thus, it can be used to bypass WAF static signatures.

All of the bypass techniques presented in this section are also bundled within bots as a service, which makes it a convenient way for bot developers to bypass bot detection without being bot experts.

What’s needed to detect modern bots in 2025?

Bots have adapted, and so must the bot detection techniques to stay ahead in the bot detection arms race. It’s important to collect all available detection signals and use them in a multi-layered approach. More specifically, we argue that modern bot detection engines should implement the following features.

Collect and analyze all available signals

Attackers try to forge and modify all detection signals to bypass detection. Thus, it’s key to collect all available signals and to leverage them in the detection:

  • Client-side JavaScript browser fingerprinting signals;
  • Behavioral data across multiple interactions;
  • IP reputation and contextual risk indicators.

Moreover, when collecting more signals, it's key to ensure these signals are consistent with each other to detect potential fingerprinting lies and randomization. For example, information about the GPU can be collected using different APIs, such as the WebGL API and the WebGPU API. The WebGL renderer may return a string like Apple GPU, which indicates that the user is on MacOS, while the webGPU vendor may indicate intel. The combination of an Apple native GPU is not consistent with the presence of the Intel webGL renderer. Thus, it indicates a potential fingerprint lie.

The same principle can be generalized to other fingerprinting signals, such as the user agent. The HTTP user agent is often used to obtain information about the OS, browser and their versions. For example, the user agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 indicates that the request originates from Chrome version 134 on MacOS. It's important to ensure the browser has all the latest JS APIs that should be available on the browser and associated version claimed in the user agent. For example the subgroupMinSize property of the webGPU GPUAdapterInfo class is only available starting from Chrome 134, as we can see in the screenshot below. Thus, if a user claims to be on Chrome version 134 but doesn't have this API available, it can indicate a potential fingerprint modification.

Use dynamic fingerprinting

Static JS browser fingerprinting attributes linked to the OS and the browser, such as the WebGL renderer and the screen resolution, collected with window.screen object , are often modified by anti-detect frameworks. Thus, it’s key to use dynamic fingerprinting challenges, such as red pills and proof of works, whose value is not static but varies based on the user’s device and OS. Thus, the result of the dynamic challenge can still be verified on the server side to detect potential fingerprinting lies, but it makes it more difficult for an attacker to forge its bot fingerprint consistently.

The Picasso canvas fingerprinting approach, proposed by Google is an example of a dynamic fingerprinting proof of work. Instead of relying on a static canvas fingerprinting challenge, whose code is always the same, Picasso relies on a seed to make the canvas fingerprinting challenge different at every execution. In the context of an anti-bot system, the seed could be based on different dynamic parameters, such as the time of the day or a number derived from the session cookie. Then, they use a statistical approach to determine whether or not the output of the Picasso challenge is consistent with the seed parameter and the other fingerprinting attributes (OS, browser, version) by comparing the challenge output with the outputs of other trusted devices (old accounts, users with significant low fraud score, etc). The dynamic nature of the challenge combined with the fact it is difficult to guess the proper canvas fingerprinting's output without having the actual claimed configuration (OS, browser, version) makes it more difficult for attackers to lie about their actual browser fingerprint in a consistent way.

Continuously validate user identity

Several anti-detect bot frameworks and open-source CAPTCHA solvers exploit the fact that certain bot detection engines verify the presence of a bot only once, at a given time, and then deliver a cookie that is used to trust the user. While this solution is more cost-effective since you only verify the human nature of the user once, what happens if the cookie is shared with a bot afterward?

Thus, it’s key to avoid single-point-of-failure checks like one-time CAPTCHA verification. Modern bot detection engines should monitor the user's behavior continuously throughout the session. They should reassess the fingerprint and behavior consistency across multiple interactions.

Employ multi-layered detection

While it’s key to collect and leverage as many detection signals as possible, another major component of the multi-layered bot detection approach lies in how the data are leveraged.

Detection signals, in particular behavioral signals, should be analyzed at different granularities:

  • Per IP address;
  • Per session cookie;
  • Per fingerprint;
  • At the whole website/application traffic level.

The idea is to aggregate (group by) behavioral data and fingerprinting data at different scales. You want the bot detection engine to operate at a small granularity, like a fingerprint, or a user session to detect inconsistencies, but also to operate at a bigger granularity, like the whole website traffic, to detect an abnormal change in the traffic distribution.

Combine real-time and long-term analysis

Time window aggregation granularity is also key in a multi-layered approach, to analyze the traffic through different lenses. You want a bot detection engine capable of detecting and blocking bots immediately, in a few milliseconds. However, you also need a detection engine capable of operating at bigger time windows to leverage ML-based models that detect low-and-slow attacks across hours or days.

Balance security with user experience (UX)

Security should never come at the cost of a smooth user experience. While stronger defenses often mean more friction, tools like complex CAPTCHAs and aggressive rate-limiting can frustrate legitimate users and damage trust. Worse, bot detection systems that rely more on guesstimates than on high-confidence signals risk flagging real users as threats—hurting retention more than helping security.

But false positives aren't the only concern: speed matters. Signal collection and detection logic can impact page load times and other Core Web Vitals—metrics directly tied to conversion and user satisfaction. Even milliseconds of latency can translate to lost users.

Modern bot detection needs to be invisible to legitimate users. That means collecting signals quietly in the background, challenging only truly suspicious traffic, and ensuring the system’s overhead is low enough not to degrade performance or user experience.

Conclusion

Traditional bot detection techniques like WAFs, CAPTCHAs, and static fingerprinting are no longer sufficient to protect against modern, sophisticated bots. The rapid evolution of anti-detect frameworks, AI capabilities, and BaaS platforms has made it easier than ever for attackers to bypass these conventional defenses.

As we've explored throughout this article, each traditional defense mechanism has significant vulnerabilities: IP-based protections are easily circumvented with residential proxies, CAPTCHAs can be solved automatically using AI or human farms, and static fingerprinting signals can be consistently forged using modern frameworks. Moreover, the emergence of Bots-as-a-Service platforms has democratized advanced evasion techniques, making them accessible to attackers without deep technical expertise.

To stay ahead in this continuous arms race, organizations must embrace a more sophisticated, multi-layered approach to bot detection. This includes:

  • Implementing dynamic fingerprinting that adapts and evolves with each session.
  • Deploy continuous validation throughout user sessions rather than relying on one-time checks
  • Analyzing behavioral patterns across multiple time windows and traffic aggregation levels
  • Leveraging machine learning to detect subtle anomalies and emerging attack patterns

Most importantly, these advanced detection methods must be implemented without compromising the user experience for legitimate visitors. The future of bot detection lies in invisible security measures that can effectively distinguish between human and automated traffic while maintaining seamless access for genuine users.