Commercial defender landscape

This page reads vendor material as landscape evidence: useful for understanding the field’s vocabulary and claimed controls, but not as vendor evaluation.

There is no neutral, widely adopted defence ontology for commercial bot management comparable to OWASP OAT’s threat taxonomy. OWASP gives some countermeasure classes, and general web-security standards cover adjacent controls, but the operational defence landscape is still described mainly in the language of the vendors who sell it. This opacity is not incidental: part of the commercial moat is the opacity. Reading the landscape therefore means reading marketing as evidence and being disciplined about what it can and cannot establish.

The landscape sorts into rough categories — used here to organise the evidence, not to compare offerings:

• Edge / CDN bot management, where bot detection rides on an existing content-delivery position (Cloudflare, Bots docs; Cloudflare, Bot Management docs). The register now carries a much fuller Cloudflare picture — its layered detection-engine taxonomy, Detection IDs / coherence checks, Turnstile challenge model, defensive-stack overview, and AI-crawler blocking (Cloudflare, Block AI Bots; Cloudflare, Turnstile; Cloudflare, Detection IDs; Cloudflare, detection engines; Cloudflare, bot solutions overview). The value of this evidence is unchanged: it shows what signals a major control plane exposes and uses — bot scores, JA3/JA4 fingerprints, detection identifiers, rule fields — not whether any of them works in production.
• Dedicated bot-management vendors (DataDome; Netacea; Arkose; Kasada; HUMAN). Collectively these articulate the field’s working vocabulary: intent- and journey-based detection, behavioural signals, scoring, dynamic challenges, and proof-of-execution. A scarce-resource-specific defence taxonomy is now also represented (DataDome, ticket bots). Each of these is a claim about approach, traceable to a source, and none is independently verified here.
• WAF / broader application security, represented here by F5, Imperva/Thales, and Akamai: an F5 credential-stuffing report (F5 Labs 2021), the Thales/Imperva Bad Bot Report (Thales/Imperva 2026), and Akamai financial-services attack trends (Akamai 2026), all vendor-measured. Note the asymmetry: Imperva is seen through its own report and through a scraper-side bypass writeup, not through any neutral source (ScrapFly, Imperva bypass).
• Simple / self-managed controls — the low end of the stack the enterprise-vendor framing tends to omit: ModSecurity/WAF rule packs and user-agent blocklists (StopBadBots) and an open ASN/datacenter blocklist for signup abuse (Hamachek). These are maintainer claims attached to tooling, not evaluated controls, and the Hamachek list is dated and single-operator.

A recurring discipline applies to the quantitative claims in this category: they are almost all vendor-measured and self-reported, and the page marks them rather than repeating them as fact.

• Netacea’s executive survey reports a business-impact figure of roughly $85.6M per company (Netacea 2023) — this is a 440-respondent self-reported survey, not a measured prevalence or cost.
• DataDome’s “fully protected” exposure figure, on the order of a few percent of sites (DataDome) — vendor-measured against the vendor’s own criteria, not independently reproducible.

The strongest independent checks on commercial detection are few. FP-Inconsistent ran purchased evasive bot traffic against commercial detection on a honey site and remains the strongest non-vendor evidence about a deployed bot detector, with the limit that its threat model is impression fraud on one honey site (Venugopalan et al. 2025). Alongside it sit an independent measurement of AI-agent detectability against a Cloudflare free-tier check (Wang et al. 2026, FP-Agent), a leaked-credential honey-identity experiment (Wardle 2019), and a TLS/JA4 classification study whose headline AUC ≈ 0.998 is undercut by a label-leakage risk — the application field is both the labelling rule and a model feature, so the score may partly reflect dataset-metadata separation rather than transferable TLS-based detection (Jarad & Bıçakcı 2026).

The honest summary across all of these is that independent operational evidence exists but is still scarce and narrow. Each anchor is a single setting, a specific threat model, or a dated/weak-label dataset, and everything stronger than “the vendor claims” leans on this small set.

The same pattern holds across the register’s operational proximity axis. The defender landscape concentrates at capability and claimed; observed is mostly vendor-measured telemetry (DataDome; Kasada; HUMAN; F5 Labs 2021; HUMAN, OpenClaw; HUMAN, State of Agentic Traffic; Thales/Imperva 2026; Akamai 2026); and measured is essentially the handful of honey-site/weak-label studies above. The register evidences what the field can do and says it sees far more strongly than what actually happens in production.

Next: AI-agent shift

Sources used on this page

• Akamai 2026 — Akamai Security (2026). AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services.
• Arkose — Arkose Labs (2023–2026). Bot Manager; ACTIR; Agentic AI Security Report.
• Cloudflare, Block AI Bots — Cloudflare (2026). Block AI Bots (bot solutions docs).
• Cloudflare, Bot Management docs — Cloudflare (2026). Bot Management documentation.
• Cloudflare, bot solutions overview — Cloudflare (2026). Bot solutions — Overview (docs).
• Cloudflare, Bots docs — Cloudflare (2026). Bots documentation — bot scores, JA3/JA4, Detection IDs, Web Bot Auth, custom rules.
• Cloudflare, detection engines — Cloudflare (2026). Bot detection engines (bot solutions docs).
• Cloudflare, Detection IDs — Cloudflare (2026). Detection IDs (bot solutions docs).
• Cloudflare, Turnstile — Cloudflare (2026). Turnstile — Overview (docs).
• DataDome — DataDome (2025–2026). Bot Protect; AI Detection Engine; 2025 Global Bot Security Report.
• DataDome, ticket bots — DataDome / Falokun (2026). How to Restore Fairness in Online Ticketing by Fighting Ticket Bots.
• F5 Labs 2021 — F5 Labs / Vinberg, S., & Overson, J. (2021). 2021 Credential Stuffing Report.
• Hamachek — Hamachek (n.d., ~2019–2020, unverified). bad-asn-list: open-source ASN blocklist for cloud/hosting/colo traffic.
• HUMAN — HUMAN Security / PerimeterX (2026). Sightline; AI Agent Detection; OpenClaw; 2026 benchmark.
• HUMAN, OpenClaw — HUMAN Security / Kaiserman & Cirlig (2026). OpenClaw in the wild: How autonomous agents can drive abuse at scale.
• HUMAN, State of Agentic Traffic — HUMAN Security / Kaiserman (2026). State of Agentic Traffic – May 2026.
• Jarad & Bıçakcı 2026 — Jarad, G., & Bıçakcı, K. (2026). When Handshakes Tell the Truth: Detecting Web Bad Bots via TLS Fingerprints (arXiv:2602.09606). Preprint.
• Kasada — Kasada (2025–2026). Bot Defense; Adversarial Techniques; AI Agent Trust; 2026 Benchmark.
• Netacea — Netacea (n.d.). Bot Management (product brochure).
• Netacea 2023 — Netacea (2023). Death by a Billion Bots.
• ScrapFly, Imperva bypass — ScrapFly / Alisauskas, B. (2026). How to Bypass Imperva Incapsula when Web Scraping in 2026.
• StopBadBots — StopBadBots / sminozzi (2025). Comodo ModSecurity WAF Rules Update; SBB-WAF-Rules.
• Thales/Imperva 2026 — Thales / Imperva (2026). 2026 Thales Bad Bot Report: Bad Bots in the Agentic Age.
• Venugopalan et al. 2025 — Venugopalan, et al. (2025). FP-Inconsistent: Detecting Evasive Bots using Browser Fingerprint Inconsistencies (arXiv:2406.07647).
• Wang et al. 2026, FP-Agent — Wang, Shafiq & Vekaria (2026). FP-Agent: Fingerprinting AI Browsing Agents.
• Wardle 2019 — Wardle (2019). How long does it take to get owned? (honey-identity leaked-credential experiment).