Published case studies and analyses from the BotConduct behavioral observatory. Real data on how bots and AI agents behave on the open web.
OpenAI Daybreak and Anthropic Glasswing defend your code. Neither observes what your AI agents do after authentication. BotConduct covers that layer. The next era of cyber defense is a stack, not one product.
We cross-referenced 240 hostile actors operating from 380 IPs against AbuseIPDB. 45% have scores below typical WAF thresholds. 18% have zero reports anywhere. The data on why reputation-based defense misses the careful operators.
What 30 production agents revealed: executor-role agents failed cost induction at 74% rate. Reviewer-role agents failed at 0% (Fisher exact p < 0.001). Governance score showed no correlation with resistance.
Browserbase open-sourced Autobrowse u2014 a browser agent that learns a target site and remembers. Scraper intelligence now compounds across sessions. Why receiver-side behavioral classification is the only defense that scales.
A single actor visited the observatory for 17 consecutive days from 20+ cloud and ISP providers across four continents, progressively escalating from content reading to credential extraction. Memory score 70. Susceptibility 53. The pattern is invisible to every layer of standard defense.
A stealth bot operating from Alibaba Cloud infrastructure with identical TLS fingerprint across 107 connections. 13 fake browser identities. Zero ALPN. Never read robots.txt. Same fingerprint appeared on AWS us-east-1. Multi-cloud evasion documented with verifiable evidence.
Why static checklists fail and what second-generation adversarial evaluation looks like. The case for trajectory-based behavioral measurement over checkpoint scoring.
The distinction between what an agent promises and what it actually does. Why governance policies and behavioral verification are complementary, not interchangeable.
First results from the BotConduct observatory. 145 bots profiled by behavioral observation over two weeks. What the data looks like when you measure conduct instead of identity.
