Castle | FundersClub

SIZE XS SIZE SM SIZE MD SIZE LG

Castle

castle.io
Mountain View, CA, United States

Castle prevents account takeover in web and mobile apps.

Loading Tweets...

Jobs

View Castle's careers page

Data Scientist

San Francisco, CA

Blog Posts

How to detect Open Bullet 2 bots running in Puppeteer mode

August 12, 2025

How to authenticate OpenAI Operator requests using HTTP message signatures

From detection to trust: the evolving challenge of AI bot authentication

From LLM scrapers to AI agents: mapping the AI bot landscape for detection teams

Fraudulent email domain tracker: July 2025

Bringing bot detection research to your AI-powered workflow

What browser fingerprinting tests like Amiunique and Browserleaks really show, and what they miss

How to detect Selenium bots?

How we hire at Castle

Detecting Gmail-based fake accounts: what Emailnator teaches us

How to detect Brave browser using HTTP headers and JavaScript

How to detect browser time zone using JavaScript

Bought sneaker proxies by mistake, did science with them anyway

CAPTCHAs 101: what they are, how they work, and where they fall short

Fake account creation attacks: anatomy, detection, and defense

Credential stuffing attacks: anatomy, detection, and defense

Fraudulent email domain tracker: June 2025

How bot detection misfires on non-mainstream browsers and privacy tools

From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection

What TikTok’s virtual machine tells us about modern bot defenses

Fraudulent email domain tracker: May 2025

What a Binance CAPTCHA solver tells us about today’s bot threats

Castle for Cloudflare: Unified bot and fraud defense, from edge to in-app

Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers

Detect and crash Chromium bots with one weird trick (bots hate it!)

Fraudulent email domain tracker: April 2025

Understanding disposable emails

How dare you trust the user agent for bot detection?

Why traditional bot detection techniques are not enough, and what you can do about it

Analyzing anti-detect browsers: How to detect scripts injected via CDP in Chrome

Bot detection 101: How to detect bots In 2025?

How to detect Headless Chrome bots instrumented with Playwright?

How to detect Headless Chrome bots instrumented with Puppeteer?

Anti-detect browser analysis: How to detect the Undetectable browser?

Overview of anti-detect browsers

February 27, 2025

Antoine Vastel is joining Castle as Head of Research

February 21, 2025

Detecting noise in canvas fingerprinting

February 21, 2025

The role of WebGL renderer in browser fingerprinting

February 12, 2025

Anatomy of a 4-day mobile app credential stuffing attack

February 11, 2025

How bots and fraudsters exploit free tiers in AI SaaS

February 4, 2025

How bots and fraudsters exploit video games with credential stuffing

January 24, 2025

Open Bullet 2: The Preferred Credential Stuffing Tool for Bots

January 13, 2025

Canvas fingerprinting in the wild

December 27, 2024

Anatomy of a 6-day Credential Stuffing Attack From 2.2M Residential IPs

December 19, 2024

Fixing the blind spots in fraud prevention

October 15, 2024

Product Focus: Overview Page

8 Common Types of Account Abuse

August 14, 2023

Castle & Twilio Segment – Instant Account Defense

In Devices We Trust: Improving CAPTCHA Friction

How to Prevent Account Sharing Like Netflix

Using Zero Trust to reduce fraud and abuse

Which CAPTCHA(s) Should I Use?

Product focus: Policies

The Different Forms of Online Abuse

From Spam to Scams: How to Handle Fraud vs. Abuse

A Guide to Account Verification

Product focus: Time selector

7 Fraud Prevention Rules Using Device Fingerprinting

11 Ways to Pinpoint a User's True Location

9 Device Fingerprinting Solutions for Developers

7 Proxy Piercing Techniques: What Works in 2023?

Swiftly identify fraud rings with instant link analysis

February 16, 2023

Enhanced User Activity Monitoring

February 16, 2022

CyberNews Interview: Online businesses that handle money will be a target

February 1, 2022

A behavioral approach to device fingerprinting

November 17, 2021

Announcing the Event Explorer

Introducing the Detection of Multi-Accounting

Castle's API enhanced with Risk Signals

Introducing the React Native SDK

A Layered Approach to Bot Detection and ATO Prevention

Reducing Signup & Login Friction

February 25, 2021

Using Castle with OIDC Providers

February 16, 2021

Finding Signals in a Flood of Data

February 4, 2021

Bot or Not: Can you spot the automated mouse movements?

December 9, 2020

Joining Castle to help protect your online identity

October 12, 2020

Introducing the New Castle

October 9, 2020

How Effective Is Castle Against Credential Stuffing?

October 7, 2020

A UX Designer, Solutions Architect, and the Root of All Cool Things

August 28, 2020

How to Think About GDPR as a Security Vendor

Outsmarting ATO Threats

Protecting Consumer Identities Is a Team Effort

Managing ATOs When Online Engagement Is at a Peak [video blog]

Bad Bots vs SEO: Where Security and Marketing Collide

How We Built a Culture on Trust and Security

Defining AX: Attacker Experience

Introducing: Castle's Training Camp

Redefining Bot Detection: Why Identity Matters

Why Good Security Is a Profit Driver

February 13, 2020

Why More is Better for Attackers Perpetrating Account Takeover Attacks

January 21, 2020

Why Reputation is Everything When Perpetrating Account Takeover Attacks

January 8, 2020

How Acting Like Your Neighbor Helps Attackers Perpetrate Account Takeover Attacks

December 18, 2019

How Attackers Hide in Plain Sight When Perpetrating Account Takeover Attacks

December 11, 2019

How to Balance Security with Risk Tolerance and User Experience

November 20, 2019

[PODCAST] CISO Series Defense in Depth: User-Centric Security

October 17, 2019

Show all Blog Posts (90 more)

Join FundersClub for Free