Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More<\/em><\/p>\n\n\n\n More than 40% of corporate fraud is now AI-driven, designed to mimic real users, bypass traditional defenses and scale at speeds that overwhelm even the best-equipped SOCs.<\/p>\n\n\n\n In 2024, nearly 90% of enterprises were targeted, and half of them lost $10 million or more.<\/p>\n\n\n\n Bots emulate human behavior and create entire emulation frameworks, synthetic identities, and behavioral spoofing to pull off account takeovers at scale while slipping past legacy firewalls, EDR tools, and siloed fraud detection systems.<\/p>\n\n\n\n Attackers aren\u2019t wasting any time capitalizing on using AI to weaponize bots in new ways. Last year, malicious bots comprised 24% of all internet traffic, with 49% classified as \u2018advanced bots\u2019 designed to mimic human behavior and execute complex interactions, including account takeovers (ATO).<\/p>\n\n\n\n Over 60% of account takeover (ATO) attempts in 2024 were initiated by bots, capable of breaching a victim\u2019s credentials in real time using emulation frameworks that mimic human behavior. Attacker\u2019s tradecraft now reflects the ability to combine weaponized AI and behavioral attack techniques into a single bot strategy.<\/p>\n\n\n\n That\u2019s proving to be a lethal combination for many enterprises already battling malicious bots whose intrusion attempts often aren\u2019t captured by existing apps and tools in security operations centers (SOCs).<\/p>\n\n\n\n Malicious bot attacks force SOC teams into firefighting mode with little or no warning, depending on the legacy of their security tech stack.<\/p>\n\n\n\n \u201cOnce amassed by a threat actor, they can be weaponized,\u201d Ken Dunham, director of the threat research unit at Qualys recently said. \u201cBots have incredible resources and capabilities to perform anonymous, distributed, asynchronous attacks against targets of choice, such as brute force credential attacks, distributed denial of service attacks, vulnerability scans, attempted exploitation and more.\u201d<\/p>\n\n\n\n Bots are the virtual version of attackers who can scale to millions of attempts per second to attack a targeted enterprise and increasingly high-profile events, including concerts of well-known entertainers, such as\u00a0Taylor Swift.<\/span><\/p>\n\n\n\n DataDome observes that the worldwide popularity of Taylor Swift\u2019s concerts creates the ROI attackers are looking for to build ticket bots that automate what scalpers do at scale. Ticket bots, as DataDome calls them, scoop up massive quantities of tickets at the world\u2019s most popular events and then resell them at significant markups.<\/p>\n\n\n\n The bots flooded Ticketmaster and were a large part of a surge of 3.5 billion requests that hit the ticket site, causing it to crash repeatedly. Thousands of fans were\u00a0unable to access<\/span> the presale group, and ultimately, the general ticket sale had to be canceled.<\/p>\n\n\n\n Swarms of weaponized bots froze tens of thousands of Swifties from attending her last Eras concert tour. VentureBeat has learned of comparable attacks on the world\u2019s leading brands on their online stores and presence globally. Dealing with bot attacks at that scale, powered by weaponized AI, is beyond the scope of an e-commerce tech stack to handle \u2013 they\u2019re not built to deal with that level of security threat. \u00a0<\/p>\n\n\n\n \u201cIt\u2019s not just about blocking bots\u2014it\u2019s about restoring fairness,\u201d Benjamin Fabre, CEO of DataDome, told VentureBeat in a recent interview. The company helped deflect similar scalping attacks in milliseconds, distinguishing fans from fraud using multi-modal AI and real-time session analysis.<\/p>\n\n\n\n Bot attacks weaponized with AI often start by targeting login and session flows, bypassing endpoints in an attempt not to be detected by standard web application firewalls (WAF) and endpoint detection and response (EDR) tools. Such sophisticated attacks must be tracked and contained in a business\u2019s core security infrastructure, managed from its SOC.<\/p>\n\n\n\n Weaponized bots are now a key part of any attacker\u2019s arsenal, capable of scaling beyond what fraud teams alone can contain during an attack. Bots have proven lethal, taking down enterprises\u2019 e-commerce operations or, in the case of Ticketmaster, a best-selling concert tour worth billions in revenue. \u00a0<\/p>\n\n\n\n As a result, more enterprises are bolstering the tech stacks supporting their SOCs with online fraud detection (OFD) platforms. Gartner\u2019s Dan Ayoub recently wrote in the firm\u2019s research note Emerging Tech Impact Radar: Online Fraud Detection that \u201corganizations are increasingly waking up to the understanding that \u2018fraud is a security problem\u2019 as is becoming evident in adoption of some of the emerging technologies being leveraged today\u201d.<\/p>\n\n\n\n Gartner\u2019s research and VentureBeat\u2019s interviews with CISOs confirm that today\u2019s malicious bot attacks are too fast, stealthy and capable of reconfiguring themselves on the fly for siloed fraud tools to handle. Weaponized bots have long been able to exploit gaps between WAFs, EDR tools and fraud scoring engines, while also evading static rules that are so prevalent in legacy fraud detection systems.<\/p>\n\n\n\n All these factors and more are why CISOs are bringing fraud telemetry into the SOC.<\/p>\n\n\n\n AI-enabled bots are constantly learning how to bypass long-standing fraud detection platforms that rely on sporadic or single point-in-time checks. These checks include login validations, transaction scoring tracking over time, and a series of challenge-responses. While these were effective before the widespread weaponization of bots, botnets and networks, AI-literate adversaries now know how to exploit context switching and, as many deepfakes attacks have proven, know how to excel at behavioral mimicry.<\/p>\n\n\n\n Gartner\u2019s research points to Journey Time Orchestration \u00a0(JTO) as the defining architecture for the next wave of OFD platforms that will help SOCs better contain the onslaught of AI-driven bot attacks. Core to JTO is embedding fraud defenses throughout each digital session being monitored and scoring risk continuously from login to checkout to post-transaction behavior.<\/p>\n\n\n\n Journey-Time Orchestration continuously scores risk across the entire user session\u2014from login to post-transaction\u2014to detect AI-driven bots. It replaces single-point fraud checks with real-time, session-wide monitoring to counter behavioral mimicry and context-switching attacks. Source: Gartner, Innovation Insight: IAM Journey-Time Orchestration, Feb. 2025<\/em><\/p>\n\n\n\n DataDome, Ivanti and Telesign are three companies whose approaches show the power of shifting security from static checkpoints to continuous, real-time assessments is paying off. Each also shows why the future of SOCs must be predicated on real-time data to succeed. All three of these companies\u2019 platforms have progressed to delivering scoring for every user interaction down to the API call, delivering greater contextual insight across every behavior on every device, within each session.<\/p>\n\n\n\n What sets these three companies apart is how they\u2019ve taken on the challenges of hardening fraud prevention, automating core security functions while continually improving user experiences. Each combines these strengths on real-time platforms that are also AI-driven and continually learn \u2013 two core requirements to keep up with weaponized AI arsenals that include botnets.<\/p>\n\n\n\n DataDome, A category leader in real-time bot defense, has extensive expertise in AI-intensive behavioral modeling and relies on a platform that includes over 85,000 machine learning models delivered simultaneously across 30+ global PoPs. Their global reach allows them to inspect more than 5 trillion data points daily. Every web, mobile and API request that their platform can identify is scored in real time (typically within 2 milliseconds) using multi-modal AI that correlates device fingerprinting, IP entropy, browser header consistency and behavior biometrics.<\/p>\n\n\n\n \u201cOur philosophy is to think like an attacker,\u201d Fabre told VentureBeat. \u201cThat means analyzing every request anew\u2014without assuming trust\u2014and continuously retraining our detection models to adapt to zero-day tactics\u201d\u200b.<\/p>\n\n\n\n Unlike legacy systems, which lean on static heuristics or CAPTCHAs, DataDome\u2019s approach minimizes friction for verified, legitimate users. Its false-positive rate is under 0.01%, meaning fewer than 1 in 10,000 human visitors see a challenge screen. Even when challenged, the platform invisibly continues behavior analysis to verify the user\u2019s legitimacy.<\/p>\n\n\n\n \u201cBots aren\u2019t just solving CAPTCHAs now\u2014they\u2019re solving them faster than humans,\u201d Fabre added. \u201cThat\u2019s why we moved away from static challenges entirely. AI is the only way to beat AI-driven fraud at scale\u201d\u200b.<\/p>\n\n\n\n Case in point: DataDome has proven capable of distinguishing between bots and fans in milliseconds, preventing bulk buyouts and preserving ticket equity during peak loads \u2013 all in real-time. In luxury retail, brands like Herm\u00e8s deploy DataDome to protect high-demand drops (e.g., Birkin bags) from automated hoarding.<\/p>\n\n\n\n Ivanti is redefining exposure management by integrating real-time fraud signals directly into SOC workflows through its Ivanti Neurons for Zero Trust Access and Ivanti Neurons for Patch Management platforms. \u201cZero trust doesn\u2019t stop at logins,\u201d Mike Riemer, Ivanti Field CISO told VentureBeat during a recent interview. \u201cWe\u2019ve extended it to session behaviors including credential resets, payment submissions, and profile edits are all potential exploit paths.\u201d<\/p>\n\n\n\n Ivanti Neurons continuously evaluates device posture and identity behavior, flagging anomalous activity and enforcing least-privilege access mid-session. \u201c2025 will mark a turning point,\u201d added Daren Goeson, SVP of product management at Ivanti. \u201cNow defenders can use GenAI to correlate behavior across sessions and predict threats faster than any human team ever could.\u201d<\/p>\n\n\n\n As attack surfaces expand, Ivanti\u2019s platform helps SOC teams detect SIM swaps, mitigate lateral movement and automate dynamic microsegmentation. \u201cWhat we currently call \u2018patch management\u2019 should more aptly be named exposure management or how long is your organization willing to be exposed to a specific vulnerability?\u201d Chris Goettl, VP of product management for endpoint security at Ivanti told VentureBeat. \u201cRisk-based algorithms help teams identify high-risk threats amid the noise of numerous updates.\u201d<\/p>\n\n\n\n \u201cOrganizations should transition from reactive vulnerability management to a proactive exposure management approach,\u201d added Goeson. \u201cBy adopting a continuous approach, they can effectively protect their digital infrastructure from modern cyber risks.\u201d<\/p>\n\n\n\n Telesign is redefining digital trust by bringing identity intelligence at session scale to the front lines of fraud detection. By analyzing more than 2,200 digital identity signals ranging from phone number metadata to device hygiene and IP reputation, Telesign\u2019s APIs deliver real-time risk scores that catch bots and synthetic identities before damage is done.<\/p>\n\n\n\n \u201cAI is the best defense against AI-enabled fraud attacks,\u201d said Telesign CEO Christophe Van de Weyer in a recent interview with VentureBeat. \u201cAt Telesign, we are committed to leveraging AI and ML technologies to combat digital fraud, ensuring a more secure and trustworthy digital environment for all.\u201d<\/p>\n\n\n\n Rather than relying on static checkpoints at login or checkout, Telesign\u2019s dynamic risk scoring continuously evaluates behavior throughout the session. \u201cMachine learning has the power to constantly learn how fraudsters behave,\u201d Van de Weyer told VentureBeat. \u201cIt can study typical user behaviors to create baselines and build risk models.\u201d<\/p>\n\n\n\n Telesign\u2019s Verify API underscores its omnichannel strategy, enabling identity verification across SMS, email, WhatsApp, and more, all through a single API. \u201cVerifying customers is so important because many kinds of fraud can often be stopped at the \u2018front door,\u2019\u201d Van de Weyer noted in a recent VentureBeat interview.<\/p>\n\n\n\n As generative AI accelerates attacker sophistication, Van de Weyer issued a clear call to action: \u201cThe emergence of AI has brought the importance of trust in the digital world to the forefront. Businesses that prioritize trust will emerge as leaders in the digital economy.\u201d With AI as its backbone, Telesign looks to turn trust into a competitive advantage.<\/p>\n\n\n\n For fraud protection to scale, it must be integrated into the broader security infrastructure stack and owned by the SOC teams who use it to avert potential attacks. Online fraud detection platforms and apps are proving just as critical as APIs, Identity and Access Management (IAM), EDRs, SIEMs and XDRs. VentureBeat is seeing more security teams in SOCs take greater ownership of validating how consumer transactions are modeled, scored and challenged.<\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>Attackers weaponize AI to create bots that evade, mimic, and scale<\/strong><\/h2>\n\n\n\n
From fan frenzy to fraud surface: bots corner the market for Taylor Swift tickets \u00a0<\/strong><\/h2>\n\n\n\n
Why SOC teams are now on the front line<\/strong><\/h2>\n\n\n\n
Journey-Time Orchestration is the next wave of online fraud detection (OFD)<\/strong><\/h2>\n\n\n\n
![\"\"](\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/04\/Figure_1_Orchestration_of_Risk_Management_Capabilities_Along_the_Digital_User_Journey-1.png?w=800\")
<\/figure>\n\n\n\nWho\u2019s establishing an early lead in Journey Time Orchestration defense \u00a0<\/strong><\/h2>\n\n\n\n
DataDome: Thinking Like an Attacker in Real Time<\/em><\/strong><\/h2>\n\n\n\n
Ivanti Extends Zero Trust and exposure management into the SOC<\/em><\/strong>
Telesign\u2019s AI-driven identity intelligence pushes fraud detection to session scale<\/em><\/strong><\/h2>\n\n\n\n
Why fraud prevention\u2019s future belongs in the SOC<\/strong><\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n