Sam Crowther created Kasada when he was only 19 years old, in a small shipping container under the Sydney Harbour Bridge.
Nine years later, Sam has tripled his team, raised over 39 million USD, protects more than 150 billion in annualised eCommerce and more than 100 million internet users daily. Last year he made the Forbes 30 under 30 list, and their aggressive approach to predicting and preventing bot attacks and online fraud is creating a safer, more secure digital experience for everyone.
M.R. Rangaswami: When it comes to bots, what are the most pressing challenges for enterprises today?
Sam Crowther: Attackers are driven by money and the use of bots has proven to be a quick, effective way to acquire and resell goods (like tickets, electronics, and shoes) and commit online fraud for huge profits. Accessibility of bots has become democratized where anybody can purchase a sophisticated bot (increasingly offered as a service) at little to no cost and use them without needing a technical understanding.
Another part of the challenge is that enterprises have historically been relying on inadequate, costly bot defenses. Traditional tools are static–allowing time for botters to reverse engineer and get past them. Or they require human interaction (like annoying CAPTCHAS) which frustrate the user experience. Attackers are incredibly motivated to work around these defenses—constantly changing their attack methods to stay a step ahead of defenders. This is all incredibly costly for businesses–both in the costs incurred by playing whack-a-mole with ineffective defenses and the bots themselves as processing fake traffic is expensive.
There’s a huge disparity. Users of bots are able to evade defenses at little to no cost, yet many businesses spend millions of dollars in an attempt to protect against bots and yet are unable to move at the increasing speed of the attacker – the bots are winning, and Kasada set out to change this paradigm.
M.R.: How is AI changing the bot landscape?
Sam: Bots are being used to exploit AI to damage brands, breach systems, and cost businesses a lot of money.
One of the most immediate areas is using AI to bypass CAPTCHAs. AI image recognition has gotten good enough that it can bypass even the newest forms of CAPTCHAs at very high degrees of accuracy and at a speed far quicker than a human can. That’s no good because the only ones fooled by CAPTCHAs nowadays are humans, not the bots. Resulting in a horrible user experience for those that decide to use them – and doing very little if anything to secure the experience.
One of the biggest existential threats to online businesses today is that AI companies have embraced web scrapers (also known as web crawlers) to haul in huge volumes of data from other companies to train their large language models (LLMs). This has ramifications for businesses that rely on website traffic for monetization, in addition to content creators who don’t receive acknowledgement or payment for their work. These persistent web scrapers can be extremely difficult to stop and detect.
Bots are also being used to reverse engineer businesses’ customized LLMs and expose private data or intellectual property via prompt injection attacks. Incorporating generative AI into web applications and mobile apps is opening-up a whole new attack surface aimed to exploit and extract personal information.
M.R.: How is Kasada addressing customers’ bot challenges?
Sam: One of the keys to success is to take away the ability for an attacker to be successful, impacting their ability to generate a profit. That means making it as costly and frustrating as possible to attack in order to disincentive the adversary.
That’s exactly what we’ve done. We have created a system with a proprietary language that dynamically changes itself to present differently every time someone tries to figure it out. This makes it very time consuming and frustrating to even begin understanding the Kasada defense techniques being applied. In addition, we study our adversaries to understand the tools and techniques they use to evade detection. We anticipate these and build layers of resilience in our system so they are forced to raise their game and constantly evolve their methods.
Bot detection is a game of cat and mouse. We stay ahead by making sure our dynamic platform and team of experts pivot quicker than the adversary. We make it effortless for our customers to use without any management, and never impede the user experience with visual CAPTCHAs. This is where early market entrants have fallen down — their defenses are static and don’t move fast enough — and they place all of the management overhead on the business which is not a path to success. We’ve learned from our predecessors to create something that not only works better to stop modern bots, but is incredibly simple to use so our customers can focus on growing their business, instead of defending it.
M.R. Rangaswami is the Co-Founder of Sandhill.com