Automation has become embedded in the fabric of the internet. While some bots serve useful functions, a growing share is designed to exploit systems, whether through credential stuffing, scraping, or fraudulent transactions.
Industry data from Kasada’s State of Bot Mitigation Report (2023) indicates that 96% of organisations experienced revenue loss linked to bot activity, while 79% reported increasing difficulty in detection.
Estimated Malicious Bot Share: 30% of total web traffic
A substantial portion of online traffic is automated, and a meaningful share of it is adversarial. This shifts cybersecurity priorities from perimeter defence to behaviour-level detection
From Early Exposure to a Systems-Level Insight
Kasada was founded in 2015 by Sam Crowther, whose early work exposed him to real-world cybersecurity challenges within Australia’s government-linked systems.
He later worked at Macquarie Bank, where recurring issues, account takeovers, scraping, and transaction abuse, pointed to a broader pattern. These incidents were not isolated vulnerabilities but symptoms of scalable automation.
Crowther’s central observation was structural: automated attacks persist because they are inexpensive to execute. Rather than focusing solely on detection, Kasada’s approach was built around increasing the cost and complexity of these attacks.
Building from Sydney: A Market Shaped by Digital Risk
Australia’s digital economy has created both opportunity and exposure. High adoption of online banking, ticketing, and retail platforms has made the region a target for automated abuse.
Institutions such as the Australian Cyber Security Centre have highlighted rising cyber threats, including credential theft and bot-driven fraud.
Operating from Sydney allowed Kasada to engage early with sectors where these risks were immediate, financial services, airlines, and e-commerce, while building a product shaped by real operational constraints.
Rethinking Bot Mitigation: What the Platform Actually Does
Kasada’s platform focuses on identifying signals that are difficult for automated systems to replicate, without introducing visible friction for users.
Core Functional Areas
- Bot Detection and Mitigation
Differentiates between human users, benign bots, and malicious automation. - Fraud Prevention
Addresses credential stuffing, carding, and account takeover attempts. - API and Mobile Protection
Extends mitigation to non-browser environments where attacks increasingly occur. - AI Abuse Detection
Identifies misuse of AI-driven scripts and automated agents.
How It Differs
Traditional approaches often rely on IP tracking, CAPTCHAs, or static fingerprinting. Kasada instead uses behavioural analysis and tamper-resistant telemetry, making evasion more resource-intensive.
Where Bots Cause the Most Damage
| Area of Impact | Effect on Business |
|---|---|
| Login Systems | Account takeover risk |
| Payment Flows | Fraudulent transactions |
| Product Pages | Data scraping |
| Checkout Systems | Inventory hoarding |
These attack points align with revenue-generating functions. As a result, bot mitigation is increasingly treated as a business-critical layer rather than a technical add-on.
The Limits of Traditional Defences
| Approach | Operational Challenge |
|---|---|
| CAPTCHA | Adds friction; increasingly bypassed |
| IP Blocking | Ineffective against distributed botnets |
| Rate Limiting | Easily circumvented |
| Device Fingerprinting | Vulnerable to spoofing |
As attackers adopt more advanced tools, static defences lose effectiveness. This has driven demand for adaptive systems that evolve alongside attack methods.
How Kasada Captures Value
Kasada operates on a software-as-a-service model, with pricing structured around:
- Volume of traffic analysed
- Number of protected endpoints
- Scope of enterprise deployment
In practice, pricing often reflects business impact, such as reduced fraud losses or improved infrastructure efficiency.
This aligns the platform with measurable outcomes rather than purely technical metrics.
Enterprise Response to Bot Threats
| Metric | Percentage |
|---|---|
| Organisations reporting revenue loss | 96% |
| Increased spending on mitigation | 65% |
| Executives concerned about bots | 90% |
| Difficulty in detection rising | 79% |
These figures illustrate a shift in enterprise priorities. Bot mitigation is no longer treated as a niche concern but as part of broader risk management.
Competitive Positioning in a Crowded Security Stack
Kasada operates alongside larger infrastructure and security providers, including:
- Cloudflare
- Akamai
- PerimeterX
Comparison Snapshot
| Feature | Kasada | Cloudflare | Akamai |
|---|---|---|---|
| Invisible protection | Yes | Partial | Limited |
| Behaviour-based detection | Core | Present | Present |
| Focus on bot economics | Central | Secondary | Secondary |
| AI abuse mitigation | Integrated | Emerging | Emerging |
While competitors offer broader infrastructure capabilities, Kasada’s positioning centres on specialised bot mitigation and fraud prevention.
Common Bot Attack Categories
| Category | Mechanism |
|---|---|
| Credential Stuffing | Using stolen login data |
| Carding | Testing payment credentials |
| Scraping | Extracting structured data |
| Scalping Bots | Bulk purchasing items |
These attack types are often interconnected. For example, scraped data can inform pricing strategies for resellers, while credential stuffing feeds account takeover attempts.
Milestones That Shaped the Company
| Year | Development |
|---|---|
| 2015 | Kasada founded in Sydney |
| 2017–2019 | Early enterprise adoption |
| 2020 | Recognition for bot mitigation approach |
| 2023 | Platform updated with adaptive protection |
| 2025 | Industry recognition in AI abuse detection |
| 2026 | Raises $20M to expand globally |
(Source: Company announcements and external reporting including Kalkine, 2026)
Applying the Platform: Operational Scenarios
E-commerce Environment
- Challenge: Automated bulk purchasing during product launches
- Impact: Reduced availability for genuine customers
- Result: Lower bot traffic and improved purchase distribution
Financial Services Environment
- Challenge: Credential stuffing attacks
- Impact: Account takeover and fraud risk
- Result: Reduced abnormal login attempts
These scenarios show how bot mitigation intersects with customer experience, revenue protection, and operational stability.
Signals, Not Signatures: A Shift in Detection Thinking
A defining element of Kasada’s approach is its focus on signals that cannot be easily replicated by automated systems.
Rather than identifying known bot patterns, the platform analyses how requests are generated, looking for inconsistencies that indicate automation. This reduces reliance on static rules and increases resilience against evolving attack methods.
Funding and Expansion Trajectory
In 2026, Kasada secured $20 million in funding to support international expansion and further product development.
The investment reflects increased attention on cybersecurity solutions addressing:
- Automated fraud
- AI-driven attack vectors
- API-based vulnerabilities
Shifting Threat Models in an AI-Driven Environment
Automation is no longer limited to scripts. AI models are now capable of generating human-like interactions at scale, complicating detection.
This evolution introduces new challenges:
- Differentiating between legitimate and malicious AI usage
- Managing large-scale automated interactions
- Maintaining low-friction user experiences
Kasada’s focus on behavioural signals places it within a segment adapting to these shifts.
Follow Inspirepreneur Magazine for more business case studies from around the world.
