A new chapter

After more than a decade at Malwarebytes, moving on was not a decision I took lightly. I had become closely associated with the company; many in the industry thought of me as “the Malwarebytes guy.” But I knew it was time for a new challenge.

I’ve always been drawn to the edges of the threat landscape. I enjoy the hunt: the curiosity, the puzzle, the craft of uncovering attacks in the wild. But in recent years, the most interesting threats haven’t come from traditional malware. They’re coming from the web. They’re automated. They’re evolving faster than many defenders can respond. And they’re being supercharged by AI.

That’s why I joined DataDome. From the outside, I could already tell this was a company ahead of the curve. Internally, I’ve now seen the scale, the accuracy, and the ingenuity of the detection systems. This is a company that understands where the industry is going and is already solving for it.

What makes the detection of AI-powered threats so challenging 

Most people still think of traffic in binary terms: human or bot. That’s outdated. We’re entering a new reality where the traffic is hybrid, the behaviors are sophisticated, and the signals are often subtle.

You’ve got agentic AI tools navigating sites autonomously. Deepfake profile pictures and AI-generated bios now pass casual inspection. LLM-powered crawlers are harvesting proprietary data at scale. In May alone, DataDome detected 976 million requests from OpenAI-identified crawlers, 92% of which were tied to ChatGPT. These models are no longer fringe traffic. LLM crawlers now make up 4.5% of all legitimate bot activity we observe across our customer base—a record high, and a clear sign that AI-driven automation is accelerating.

At the same time, the financial cost of launching these attacks has dropped significantly. With Bots-as-a-Service, anyone can rent a pre-built attack flow. With AI, attackers don’t even need to write scripts anymore. They can just describe what they want to do.

In this environment, simple signals like browser checks or CAPTCHAs fail. Even many modern solutions fall short, either because they focus too narrowly on bot signatures or because they rely on brittle heuristics that attackers can easily adapt to.

The fundamental shift we need is intent-based detection. It’s not about whether a user is “a bot.” It’s about why they’re acting the way they are. Are they checking out a ticket…or buying 100 to resell? Are they reading your blog…or scraping your pricing data?

Understanding intent is the only way to safely allow legitimate agentic AI use while stopping abuse. It’s the next frontier of detection and one of the reasons I believe so strongly in DataDome’s approach.

Where DataDome leads

A multi-layered AI detection engine, tuned in real time

What struck me immediately after joining DataDome was the breadth, depth, and discipline behind its detection engine. Many companies throw around buzzwords like “AI-powered” or “real-time,” but very few deliver on those promises. Especially at scale, and without sacrificing performance or user experience.

At DataDome, detection isn’t a single layer or a single model. It’s built on a multi-layered AI architecture designed to evaluate every request, every time. The platform analyzes over 5 trillion signals daily from both client-side and server-side sources, feeding a self-adjusting feedback loop that constantly learns from real-world behavior. Customer KPIs like bounce rates, login denials, and cart abandonment are used to fine-tune decisions continuously, ensuring the system understands context. Every decision is made in under 2 milliseconds, preserving seamless user experiences even at enterprise scale.

Defeating advanced evasion techniques

This is made possible by an architecture that blends multiple techniques, each reinforcing the other. Signature-based detection, supervised machine learning, and genetic algorithms form the backbone, while time series analysis, anomaly detection, and behavioral biometrics round out a system designed to evolve with the threat landscape. We also capture device-level signals and maintain full visibility at the session level, an essential capability when so many attackers now rely on emulation, spoofing, and AI-based evasion.

Fingerprinting and evasion detection are another area where DataDome excels. We identify TLS fingerprint manipulation, spoofed JavaScript environments, and anti-detect browser variants with high precision. Device fingerprinting is a critical part of this puzzle, especially as threat actors deploy frameworks like Puppeteer and tools that rotate low-level network identifiers. We also leverage proof-of-work challenges and VM-based client-side detection to uncover evasive behavior before it can be scaled. These techniques help expose automation frameworks and headless environments that attackers use to mimic real users.

Verifying good bots, blocking impersonators

Governance over good bots is just as important as blocking bad ones. DataDome goes beyond classifying automation to verify it. We distinguish trusted bots like Googlebot and Bingbot, while blocking imposters and unauthorized crawlers.

To make this visibility available beyond our platform, we maintain DataDome Intel, a public threat intelligence database that tracks AI crawlers, headless browsers, and impersonator bots. It’s part of our commitment to transparency and helping the broader security and fraud community stay ahead of automation threats.

Leading the way on LLM and agentic AI detection

One of the most exciting areas of advancement is how we detect and classify LLM-based crawlers and agentic AI traffic. These bots don’t follow traditional rules. Some are helpful tools used by legitimate users; others are scraping proprietary content without consent or probing for vulnerabilities. DataDome was first to market with nuanced detection and classification for this emerging category, enabling dynamic responses tailored to business risk: allow, block, challenge, or rate-limit.

Real-time anomaly detection across sessions

We also apply real-time anomaly detection to flag unusual traffic patterns and distributed attack behavior. Credential stuffing campaigns, low-and-slow scraping operations, and cross-site probing are quickly surfaced and routed for deeper inspection, often before damage is done.

Unified detection across web, mobile, & API

All of this happens across every surface our customers care about: websites, APIs, and mobile apps. By maintaining unified detection across all channels, we’re able to identify when a bot switches tactics mid-session, hopping from browser to API, for example, in ways that siloed systems often miss.

And even outside the core perimeter, we extend protection to overlooked and forgotten surfaces. DataDome’s discovery capabilities help organizations find shadow assets like unmonitored domains, abandoned login pages, and misconfigured subdomains, and bring them under protection to close blind spots before they become entry points.

Built for the threats that matter

What we’re building isn’t just a better bot detection engine. It’s a real-time, adaptive threat detection platform, purpose-built for the way modern fraud, automation, and AI-powered attacks actually work. And from everything I’ve seen so far, it’s exactly the kind of system businesses are going to need for what comes next.

Why breadth of detection matters for what comes next

The rise of agentic AI is changing everything. These tools operate independently, navigate web and API layers with ease, and adapt quickly to whatever’s blocking them. The old signals we used to rely on, like browser fingerprints or IP reputation, simply aren’t enough anymore.

This is where the breadth of detection becomes critical. AI-powered threats can come from anywhere, follow unexpected paths, and shift tactics mid-session. Defending against them requires full-spectrum visibility. Teams must focus on seeing the full context, across every channel, every request, in real time.

That’s why I believe detection breadth isn’t a nice-to-have, it’s essential. When you can detect early signals of abuse across surfaces, uncover evasive behavior, and adapt as attackers evolve, you give your business resilience, control, and the freedom to grow without fear of exploitation

And that’s what makes DataDome’s approach so powerful. It’s fast, accurate, and comprehensive. It gives teams the confidence that they’re seeing what matters, when it matters, and that they can respond before the impact hits their customers or their bottom line.

Join us

You’ll be seeing more from me soon, from research to analysis, maybe even a few unexpected discoveries. In the meantime, I invite you to:

• Run a free vulnerability scan
• Explore the latest threat research from DataDome

We’re just getting started.