From risk to real-time: fraud detection moves to the SOC

More than 40% of corporate fraud is now AI-driven, designed to mimic real users, bypass traditional defenses and scale at speeds that overwhelm even the best-equipped SOCs.

In 2024, nearly 90% of enterprises were targeted, and half of them lost $10 million or more.

Bots emulate human behavior and create entire emulation frameworks, synthetic identities, and behavioral spoofing to pull off account takeovers at scale while slipping past legacy firewalls, EDR tools, and siloed fraud detection systems.

Attackers weaponize AI to create bots that evade, mimic, and scale

Attackers aren’t wasting any time capitalizing on using AI to weaponize bots in new ways. Last year, malicious bots comprised 24% of all internet traffic, with 49% classified as ‘advanced bots’ designed to mimic human behavior and execute complex interactions, including account takeovers (ATO).

Over 60% of account takeover (ATO) attempts in 2024 were initiated by bots, capable of breaching a victim’s credentials in real time using emulation frameworks that mimic human behavior. Attacker’s tradecraft now reflects the ability to combine weaponized AI and behavioral attack techniques into a single bot strategy.

That’s proving to be a lethal combination for many enterprises already battling malicious bots whose intrusion attempts often aren’t captured by existing apps and tools in security operations centers (SOCs).

Malicious bot attacks force SOC teams into firefighting mode with little or no warning, depending on the legacy of their security tech stack.

“Once amassed by a threat actor, they can be weaponized,” Ken Dunham, director of the threat research unit at Qualys recently said. “Bots have incredible resources and capabilities to perform anonymous, distributed, asynchronous attacks against targets of choice, such as brute force credential attacks, distributed denial of service attacks, vulnerability scans, attempted exploitation and more.”

From fan frenzy to fraud surface: bots corner the market for Taylor Swift tickets  

Bots are the virtual version of attackers who can scale to millions of attempts per second to attack a targeted enterprise and increasingly high-profile events, including concerts of well-known entertainers, such as Taylor Swift.

DataDome observes that the worldwide popularity of Taylor Swift’s concerts creates the ROI attackers are looking for to build ticket bots that automate what scalpers do at scale. Ticket bots, as DataDome calls them, scoop up massive quantities of tickets at the world’s most popular events and then resell them at significant markups.

The bots flooded Ticketmaster and were a large part of a surge of 3.5 billion requests that hit the ticket site, causing it to crash repeatedly. Thousands of fans were unable to access the presale group, and ultimately, the general ticket sale had to be canceled.

Swarms of weaponized bots froze tens of thousands of Swifties from attending her last Eras concert tour. VentureBeat has learned of comparable attacks on the world’s leading brands on their online stores and presence globally. Dealing with bot attacks at that scale, powered by weaponized AI, is beyond the scope of an e-commerce tech stack to handle – they’re not built to deal with that level of security threat.  

“It’s not just about blocking bots—it’s about restoring fairness,” Benjamin Fabre, CEO of DataDome, told VentureBeat in a recent interview. The company helped deflect similar scalping attacks in milliseconds, distinguishing fans from fraud using multi-modal AI and real-time session analysis.

Bot attacks weaponized with AI often start by targeting login and session flows, bypassing endpoints in an attempt not to be detected by standard web application firewalls (WAF) and endpoint detection and response (EDR) tools. Such sophisticated attacks must be tracked and contained in a business’s core security infrastructure, managed from its SOC.

Why SOC teams are now on the front line

Weaponized bots are now a key part of any attacker’s arsenal, capable of scaling beyond what fraud teams alone can contain during an attack. Bots have proven lethal, taking down enterprises’ e-commerce operations or, in the case of Ticketmaster, a best-selling concert tour worth billions in revenue.  

As a result, more enterprises are bolstering the tech stacks supporting their SOCs with online fraud detection (OFD) platforms. Gartner’s Dan Ayoub recently wrote in the firm’s research note Emerging Tech Impact Radar: Online Fraud Detection that “organizations are increasingly waking up to the understanding that ‘fraud is a security problem’ as is becoming evident in adoption of some of the emerging technologies being leveraged today”.

Gartner’s research and VentureBeat’s interviews with CISOs confirm that today’s malicious bot attacks are too fast, stealthy and capable of reconfiguring themselves on the fly for siloed fraud tools to handle. Weaponized bots have long been able to exploit gaps between WAFs, EDR tools and fraud scoring engines, while also evading static rules that are so prevalent in legacy fraud detection systems.

All these factors and more are why CISOs are bringing fraud telemetry into the SOC.

Journey-Time Orchestration is the next wave of online fraud detection (OFD)

AI-enabled bots are constantly learning how to bypass long-standing fraud detection platforms that rely on sporadic or single point-in-time checks. These checks include login validations, transaction scoring tracking over time, and a series of challenge-responses. While these were effective before the widespread weaponization of bots, botnets and networks, AI-literate adversaries now know how to exploit context switching and, as many deepfakes attacks have proven, know how to excel at behavioral mimicry.

Gartner’s research points to Journey Time Orchestration  (JTO) as the defining architecture for the next wave of OFD platforms that will help SOCs better contain the onslaught of AI-driven bot attacks. Core to JTO is embedding fraud defenses throughout each digital session being monitored and scoring risk continuously from login to checkout to post-transaction behavior.

Journey-Time Orchestration continuously scores risk across the entire user session—from login to post-transaction—to detect AI-driven bots. It replaces single-point fraud checks with real-time, session-wide monitoring to counter behavioral mimicry and context-switching attacks. Source: Gartner, Innovation Insight: IAM Journey-Time Orchestration, Feb. 2025

Who’s establishing an early lead in Journey Time Orchestration defense  

DataDome, Ivanti and Telesign are three companies whose approaches show the power of shifting security from static checkpoints to continuous, real-time assessments is paying off. Each also shows why the future of SOCs must be predicated on real-time data to succeed. All three of these companies’ platforms have progressed to delivering scoring for every user interaction down to the API call, delivering greater contextual insight across every behavior on every device, within each session.

What sets these three companies apart is how they’ve taken on the challenges of hardening fraud prevention, automating core security functions while continually improving user experiences. Each combines these strengths on real-time platforms that are also AI-driven and continually learn – two core requirements to keep up with weaponized AI arsenals that include botnets.

DataDome: Thinking Like an Attacker in Real Time

DataDome, A category leader in real-time bot defense, has extensive expertise in AI-intensive behavioral modeling and relies on a platform that includes over 85,000 machine learning models delivered simultaneously across 30+ global PoPs. Their global reach allows them to inspect more than 5 trillion data points daily. Every web, mobile and API request that their platform can identify is scored in real time (typically within 2 milliseconds) using multi-modal AI that correlates device fingerprinting, IP entropy, browser header consistency and behavior biometrics.

“Our philosophy is to think like an attacker,” Fabre told VentureBeat. “That means analyzing every request anew—without assuming trust—and continuously retraining our detection models to adapt to zero-day tactics”​.

Unlike legacy systems, which lean on static heuristics or CAPTCHAs, DataDome’s approach minimizes friction for verified, legitimate users. Its false-positive rate is under 0.01%, meaning fewer than 1 in 10,000 human visitors see a challenge screen. Even when challenged, the platform invisibly continues behavior analysis to verify the user’s legitimacy.

“Bots aren’t just solving CAPTCHAs now—they’re solving them faster than humans,” Fabre added. “That’s why we moved away from static challenges entirely. AI is the only way to beat AI-driven fraud at scale”​.

Case in point: DataDome has proven capable of distinguishing between bots and fans in milliseconds, preventing bulk buyouts and preserving ticket equity during peak loads – all in real-time. In luxury retail, brands like Hermès deploy DataDome to protect high-demand drops (e.g., Birkin bags) from automated hoarding.

Ivanti Extends Zero Trust and exposure management into the SOC

Ivanti is redefining exposure management by integrating real-time fraud signals directly into SOC workflows through its Ivanti Neurons for Zero Trust Access and Ivanti Neurons for Patch Management platforms. “Zero trust doesn’t stop at logins,” Mike Riemer, Ivanti Field CISO told VentureBeat during a recent interview. “We’ve extended it to session behaviors including credential resets, payment submissions, and profile edits are all potential exploit paths.”

Ivanti Neurons continuously evaluates device posture and identity behavior, flagging anomalous activity and enforcing least-privilege access mid-session. “2025 will mark a turning point,” added Daren Goeson, SVP of product management at Ivanti. “Now defenders can use GenAI to correlate behavior across sessions and predict threats faster than any human team ever could.”

As attack surfaces expand, Ivanti’s platform helps SOC teams detect SIM swaps, mitigate lateral movement and automate dynamic microsegmentation. “What we currently call ‘patch management’ should more aptly be named exposure management or how long is your organization willing to be exposed to a specific vulnerability?” Chris Goettl, VP of product management for endpoint security at Ivanti told VentureBeat. “Risk-based algorithms help teams identify high-risk threats amid the noise of numerous updates.”

“Organizations should transition from reactive vulnerability management to a proactive exposure management approach,” added Goeson. “By adopting a continuous approach, they can effectively protect their digital infrastructure from modern cyber risks.”

Telesign’s AI-driven identity intelligence pushes fraud detection to session scale

Telesign is redefining digital trust by bringing identity intelligence at session scale to the front lines of fraud detection. By analyzing more than 2,200 digital identity signals ranging from phone number metadata to device hygiene and IP reputation, Telesign’s APIs deliver real-time risk scores that catch bots and synthetic identities before damage is done.

“AI is the best defense against AI-enabled fraud attacks,” said Telesign CEO Christophe Van de Weyer in a recent interview with VentureBeat. “At Telesign, we are committed to leveraging AI and ML technologies to combat digital fraud, ensuring a more secure and trustworthy digital environment for all.”

Rather than relying on static checkpoints at login or checkout, Telesign’s dynamic risk scoring continuously evaluates behavior throughout the session. “Machine learning has the power to constantly learn how fraudsters behave,” Van de Weyer told VentureBeat. “It can study typical user behaviors to create baselines and build risk models.”

Telesign’s Verify API underscores its omnichannel strategy, enabling identity verification across SMS, email, WhatsApp, and more, all through a single API. “Verifying customers is so important because many kinds of fraud can often be stopped at the ‘front door,’” Van de Weyer noted in a recent VentureBeat interview.

As generative AI accelerates attacker sophistication, Van de Weyer issued a clear call to action: “The emergence of AI has brought the importance of trust in the digital world to the forefront. Businesses that prioritize trust will emerge as leaders in the digital economy.” With AI as its backbone, Telesign looks to turn trust into a competitive advantage.

Why fraud prevention’s future belongs in the SOC

For fraud protection to scale, it must be integrated into the broader security infrastructure stack and owned by the SOC teams who use it to avert potential attacks. Online fraud detection platforms and apps are proving just as critical as APIs, Identity and Access Management (IAM), EDRs, SIEMs and XDRs. VentureBeat is seeing more security teams in SOCs take greater ownership of validating how consumer transactions are modeled, scored and challenged.