Photo credit: venturebeat.com
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
A staggering 40% of corporate fraud is now attributed to AI-driven techniques that adeptly imitate real users, successfully circumventing conventional defenses and operating at unprecedented speeds that can outpace even the most advanced Security Operations Centers (SOCs).
In 2024, nearly 90% of organizations encountered attempts at fraud, and more than half of them reported losses exceeding $10 million.
Advanced bots are capable of mimicking human behavior to create comprehensive emulation frameworks and synthetic identities that facilitate large-scale account takeovers while eluding outdated firewalls, endpoint detection and response solutions, and isolated fraud detection systems.
Attackers weaponize AI to create bots that evade, mimic, and scale
Cybercriminals are rapidly exploiting AI technologies to enhance their bot capabilities. Last year, malicious bots accounted for 24% of global internet traffic, with 49% categorized as ‘advanced bots’ that effectively replicate human actions and conduct intricate interactions, including account takeovers.
In 2024, over 60% of account takeover attempts were driven by bots, using sophisticated emulation frameworks to break through victims’ credentials in real-time. The evolving tactics of attackers indicate a trend of merging weaponized AI with behavioral strategies into a cohesive bot strategy.
This evolution poses significant risks for companies already grappling with malicious bots, whose attempts often go undetected by the tools available within current SOCs.
Malicious bot incursions can leave SOC teams scrambling to respond, often with little foresight, depending heavily on their existing security technology infrastructure.
“Once amassed by a threat actor, they can be weaponized,” remarks Ken Dunham, director of the threat research unit at Qualys. “Bots possess remarkable resources and can execute anonymous, distributed, asynchronous attacks against chosen targets, ranging from brute-force credential theft to distributed denial-of-service (DDoS) assaults.”
From fan frenzy to fraud surface: bots corner the market for Taylor Swift tickets
Bots are the virtual equivalent of attackers, capable of executing millions of attempts per second against targeted organizations and high-profile events, including concerts featuring artists like Taylor Swift.
According to DataDome, the immense popularity of Taylor Swift’s concerts provides a lucrative incentive for attackers, who utilize ticket bots to automate the scalping process. These bots rapidly acquire large numbers of event tickets and resell them at inflated prices.
During a recent ticket release, the bots overwhelmed Ticketmaster, contributing to a staggering 3.5 billion requests that caused the platform to fail repeatedly. As a result, numerous fans found themselves unable to access presale options, ultimately leading to the cancellation of general ticket sales.
The attacks of weaponized bots effectively barred many dedicated fans from attending Swift’s highly anticipated concert tour. Reports from VentureBeat indicate similar infiltration attempts targeting leading brands’ online platforms. Addressing such extensive bot attacks, especially when bolstered by AI-driven capabilities, often surpasses the protective capacity of conventional e-commerce technology stacks.
“It’s not just about blocking bots—it’s about restoring fairness,” stated Benjamin Fabre, CEO of DataDome, during a recent discussion with VentureBeat. The firm successfully mitigated similar scalping attempts in mere milliseconds, differentiating between legitimate fans and fraudulent activities through real-time session analysis and advanced AI techniques.
AI-powered bot attacks tend to initiate by targeting login pathways and session flows, working to evade detection from typical web application firewalls (WAF) and endpoint detection tools. The complexity of these assaults necessitates integration and management within a business’s core security framework, tasks that are typically handled by SOC teams.
Why SOC teams are now on the front line
Weaponized bots represent a critical component of modern cybercriminal strategies, capable of exceeding the containment capabilities of traditional fraud prevention measures. These bots have the potential to dismantle e-commerce operations, as evidenced by significant disruptions like those experienced by Ticketmaster during high-demand concert ticket sales.
This escalating threat has prompted more organizations to enhance their technology frameworks supporting SOC operations with online fraud detection (OFD) systems. Dan Ayoub from Gartner recently emphasized that many organizations are increasingly recognizing that “fraud is a security problem,” as illustrated by the growing adoption of advanced technologies in the field.
Interviews with Chief Information Security Officers (CISOs) indicate that the speed and adaptability of contemporary bot attacks surpass the capabilities of siloed fraud detection mechanisms. Weaponized bots frequently exploit weaknesses among WAFs, EDR systems, and fraud scoring methods while circumventing static rules commonly found in outdated fraud detection frameworks.
These realities are driving a shift where CISOs are incorporating fraud telemetry into their SOC infrastructures.
Journey-Time Orchestration is the next wave of online fraud detection (OFD)
AI-driven bots consistently evolve to outsmart traditional fraud detection systems that rely on singular or sporadic evaluations. Such assessments often include login checks, transaction scoring, and a series of challenge-response interactions. While these methods proved effective before the prevalent weaponization of bots, adversaries fluent in AI now leverage context switching and excel at behavioral imitation, as illustrated by numerous deepfake incidents.
Gartner’s findings highlight Journey Time Orchestration (JTO) as the forthcoming architecture paradigm for OFD platforms, granting SOCs enhanced capabilities to combat the surge of AI-driven bot threats. Central to this approach is the continuous evaluation of risk throughout each digital session, with ongoing monitoring from login to checkout and even post-transaction behavior.
Journey-Time Orchestration continuously scores risk across the entire user session—from login to post-transaction—to detect AI-driven bots. It replaces single-point fraud checks with real-time, session-wide monitoring to counter behavioral mimicry and context-switching attacks. Source: Gartner, Innovation Insight: IAM Journey-Time Orchestration, Feb. 2025
Who’s establishing an early lead in Journey Time Orchestration defense
Companies like DataDome, Ivanti, and Telesign exemplify how shifting security from static checkpoints to continuous, real-time evaluation offers significant advantages. Each organization showcases the necessity for future SOC operations to be built on real-time data to remain effective. Their platforms deliver detailed scoring for every user interaction, extending down to API calls and providing comprehensive insights across every behavior within each session.
What differentiates these three firms is their innovative approach to strengthening fraud protection, streamlining core security functionalities, while continuously enhancing user experiences. All have developed AI-powered platforms that learn consistently—an essential trait for keeping pace with evolving botnet threats.
DataDome: Thinking Like an Attacker in Real Time
As a frontrunner in real-time bot defense, DataDome excels in AI-based behavioral modeling, operating with a platform featuring more than 85,000 machine learning models deployed simultaneously across over 30 global points of presence. This extensive reach enables the analysis of more than 5 trillion data points each day. Every web, mobile, and API request is evaluated in real-time, typically achieving a response time of 2 milliseconds using multi-modal AI that assesses device fingerprinting, IP address variances, browser header consistency, and behavioral biometrics.
“Our strategy revolves around thinking like an attacker,” stated Fabre. “This involves scrutinizing every request individually without presumptions of trust and continually refining our detection models to adapt to newly emerging tactics.”
In contrast to legacy systems that depend on rigid heuristics or challenge-response metrics, DataDome’s methodology minimizes disruption for authenticated users. Its false-positive rate is exceptionally low, under 0.01%, ensuring that fewer than 1 in 10,000 legitimate visitors encounter a verification screen. Even when a challenge is presented, the platform continues to assess behavior discreetly to validate user authenticity.
“Bots are no longer simply overcoming CAPTCHAs—they’re doing so more quickly than human users,” Fabre emphasized. “This is precisely why we have shifted away from static challenges. Employing AI is the only effective strategy against AI-driven fraud on a large scale.”
For instance, DataDome has demonstrated the ability to differentiate between bots and genuine fans within milliseconds, preventing mass ticket buys and safeguarding equitable access during peak demand periods. High-end retail brands, like Hermès, utilize DataDome to protect limited-release items (e.g., Birkin bags) from automated hoarding.
Ivanti Extends Zero Trust and exposure management into the SOC
Ivanti is reshaping exposure management by integrating real-time fraud indicators within SOC workflows through their Ivanti Neurons for Zero Trust Access and Ivanti Neurons for Patch Management systems. “Zero trust extends beyond just logins,” stated Mike Riemer, Ivanti Field CISO, highlighting the expansion to session behaviors including credential resets and payment processes, all of which can represent potential vulnerabilities.
Ivanti Neurons continuously assess device status and user behavior, flagging unusual activities and enforcing privilege restrictions mid-session. “2025 will mark a pivotal change,” added Daren Goeson, Senior Vice President of Product Management at Ivanti. “Defenders can leverage AI to correlate behavioral patterns across sessions and identify threats faster than any human team could achieve.”
As the threat landscape evolves, Ivanti’s platform empowers SOC teams to identify SIM swap attacks, manage lateral movements, and facilitate dynamic microsegmentation. “What we currently refer to as ‘patch management’ should be redefined as exposure management—how long an organization is willing to be vulnerable to a known threat,” noted Chris Goettl, VP of Product Management for Endpoint Security. “Risk-based algorithms assist teams in recognizing high-risk threats amidst the deluge of updates.”
“Organizations ought to move from a reactive vulnerability management approach to a proactive exposure management framework,” added Goeson, emphasizing that a continuous strategy can efficiently protect against contemporary cyber threats.
Telesign’s AI-driven identity intelligence pushes fraud detection to session scale
Telesign is enhancing digital trust by delivering identity intelligence at session scale directly to the forefront of fraud detection. By evaluating over 2,200 digital identity signals—ranging from phone number metadata to device integrity and IP reputation—Telesign’s APIs generate real-time risk assessments that intercept bots and synthetic identities before they can cause harm.
“AI serves as the most robust defense against AI-powered fraudulent activities,” stated Telesign CEO Christophe Van de Weyer during a recent conversation with VentureBeat. “At Telesign, our commitment lies in utilizing AI and machine learning technologies to combat digital fraud, guaranteeing a more secure and trustworthy online environment for everyone.”
Rather than depending on static assessments at login or checkout phases, Telesign’s dynamic risk scoring method persistently assesses behaviors throughout the customer journey. “Machine learning possesses the capability to adapt continuously, analyzing how fraudsters behave,” Van de Weyer elaborated. “It can establish standard user behavior patterns for creating effective risk models.”
Telesign’s Verify API underlines its omnichannel approach, facilitating identity verification across multiple communication platforms, including SMS, email, and WhatsApp, all through a unified API. “Verifying customers is critical; many types of fraud can often be thwarted before they reach the ‘front door,’” Van de Weyer stated.
With the rise of generative AI boosting attacker sophistication, Van de Weyer emphasized the imperative need for prioritizing trust in the digital realm: “The advent of AI has underscored the necessity for trust in the digital environment. Enterprises that focus on cultivating trust will emerge as leaders within the digital marketplace.” Leveraging AI as its foundation, Telesign aims to transform trust into a competitive edge.
Why fraud prevention’s future belongs in the SOC
To effectively scale fraud protection, it must become a foundational element of the larger security infrastructure, managed by SOC teams tasked with preventing potential attacks. Online fraud detection solutions are becoming as essential to cybersecurity as APIs, Identity and Access Management (IAM) systems, endpoint detection and response (EDR) systems, Security Information and Event Management (SIEM), and Extended Detection and Response (XDR). Observations from VentureBeat indicate that security teams within SOCs are taking on increased responsibility for overseeing how consumer transactions are analyzed, scored, and challenged.
Source
venturebeat.com