AI bots, AI scrapers, AI agents—you’ve seen these terms thrown around in product announcements, Hacker News posts, and marketing decks. But behind the hype, what do these bots actually do? And more importantly, how are they changing the fraud and bot detection landscape? This article introduces| The Castle blog
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June's report, our goal is to equip security and anti-fraud teams with greater visibility into the email infrastructure commonly exploited by bots and fraudsters. What this list includes: The| The Castle blog
At Castle, we’ve increasingly embedded LLMs and tools like Cursor into our research workflows, whether we’re prototyping detection techniques, exploring automation fingerprints, or reviewing technical content. These tools help us move faster, focus on the right problems, and reduce overhead in our day-to-day work. We’ve always shared| The Castle blog
If you’ve ever visited a site like amiunique.org, browserleaks.com, or pixelscan.net, you’ve probably seen a warning about how “unique” your browser fingerprint is, often followed by a long list of technical attributes related to your browser and your IP address. These| The Castle blog
Headless Chrome bots controlled by Selenium remain a staple in the bot developer’s toolkit in 2025. While newer frameworks like Playwright have gained traction, Selenium’s long-standing compatibility, extensive documentation, and integration with testing pipelines keep it popular, especially for automating login, signup, and scraping workflows at| The Castle blog
We learned our hiring philosophy the hard way: by getting it completely wrong. After Y Combinator in 2016, we did what you're "supposed" to do. We raised capital. We scaled aggressively, hiring specialists and building redundant teams. But instead of creating a finely tuned machine, we| The Castle blog
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are widely known and routinely flagged by basic anti-abuse filters. Emailnator is different. While it still provides access to standard temporary inboxes, its most concerning feature is the ability to generate| The Castle blog
When it comes to bot and fraud detection, identifying the exact browser being used can be important, especially for privacy-focused browsers like Brave. Tools like Brave implement anti-fingerprinting features (e.g. canvas randomization), which can skew detection results or even cause false positives if misinterpreted. As we discussed here, users| The Castle blog
Time zone is a valuable signal in both bot and fraud detection. It's commonly used in browser fingerprinting and can be correlated with other data, like IP geolocation or language preferences, to flag inconsistencies. For example, a user claiming to be in Paris but presenting a system time zone of| The Castle blog
The other day, I bought sneaker proxies by mistake. I know, I know, how do you accidentally buy sneaker proxies? Well, I needed residential proxies for purposes and thought, hey, why not treat myself to the premium stuff? Instead of a basic sedan, I’ll get the proxy equivalent of| The Castle blog
