How bots evade the most common AI & ML-driven web protections

Amit Siva Levi
Published in
3 min readApr 4, 2022


Photo by Alex Knight on Unsplash

Two of the most common methods that are leveraged by today’s AI and machine learning (ML) driven web protections are behavioral analysis and browser parameter anomaly detection.

And while AI and ML sound impressive, fraudsters and their bots are not impressed. What’s worse, they’re even evading these detection methods very easily, every day.

Bypassing behavior analysis tools

How behavior analysis works

Behavior analysis has been used to attempt to bot detection since 2010. The idea is pretty simple. Whenever a user moves their mouse, types something on their keyboard, or interacts in any way with a website, a request is sent from the browser to the anti-bot tool with the precise interactions and relevant information, so the machine learning (ML) model can determine whether the user is human or a bot.

But this method is flawed.

AI/ML need several interactions

Several interactions with the websites are required before detection can be accomplished. This means that the attacker can simply generate a new bot every time they get blocked and successfully advance towards achieving their goal.

Bots are very good at faking it

Moreover, fraudsters often leverage open-source for creating bots that can fake mouse movements and other human-like behaviors very well. This makes it very difficult for AI and ML that’s trained to pick up on abnormal behavior to detect bots who are behaving “normally.”

Browser parameter anomaly detection tools

The second approach that bots easily overcome is browser parameter anomaly detection, which has been used by most anti-bot solutions since 2015.

This type of AI/ML-driven detection is no longer reliable for detecting anomalies in browser parameters. This is because in 2017, Google released Puppeteer, a tool for web developers that provides a high-level API to control headless Chrome or Chromium over the DevTools Protocol. As such, Puppeteer enables fraudsters to endow their bots with the ability to intercept network traffic as well as to manipulate browser parameters. This means that bots can override certain browser parameters and cover up potential anomalies that anti-bot solutions typically look for, and thus — evade detection.

So, what can be done?

The key to outsmarting these sophisticated bots is to take an approach that’s completely different from that which is being used by today’s AI/ML-driven protections.

Relying on behavior analysis and anomaly detection alone simply won’t do.

This new approach should allow for uncovering the full scope of every attack, including what tools are being used, which attack vectors are being exploited, and exactly what is happening at every layer of the attack.

And this is exactly what Immue is all about. To learn about our multi-layer and deep browser analytics that detect both bots and human fraudsters, and also stop today’s threats and preempts tomorrow’s, we invite you to reach out to us at or here.



Amit Siva Levi
Editor for

CTO & CO-Founder of Immue