In the second half of 2024, HUMAN Security's Satori threat-intelligence team catalogued a new generation of synthetic traffic. The fraud was not bot-like. It was the opposite. Coherent multi-session journeys, dwell distributions indistinguishable from a real homepage visit, scroll velocity within human envelopes. The networks shipping it had moved on from cron-job click farms to LLM-orchestrated browsers. The old detection stack, which had spent a decade learning to identify bots by their tells, was looking at traffic that did not have any.
The IAB's 2024 Bot Traffic Report and the ANA's programmatic study reached the same conclusion through different lenses. The fraud share inside open-exchange inventory had risen, but the variance between vendors had widened sharply. Buyers were no longer comparing fraud stacks. They were comparing the assumptions inside fraud stacks.
The four new threat vectors
- LLM-generated synthetic users that produce coherent multi-session journeys
- Headless browser farms running on residential IP networks indistinguishable from real homes
- Click-laundering through real human devices via opt-in apps
- Inventory laundering where high-fraud sites are syndicated through clean reseller paths
The most damaging of these is the residential proxy network. Fraud that travels through a real person's home IP looks, by every classical metric, like real traffic. HUMAN's Satori posts have profiled at least three large operators of this kind in the past 18 months.
Why the old stack misses it
Classical fraud stacks score traffic against behavioural baselines collected from known-good and known-bad data sets. The known-bad data sets predate generative AI. The new fraud generators are designed to defeat exactly those baselines. The arms race is asymmetric. The generators iterate weekly. The baselines update quarterly.
“You cannot detect AI-generated fraud with behaviour models that were trained before AI could generate behaviour.”
What the new defence layer looks like
Three things have changed in serious advertisers' fraud stacks in the past year.
- Dynamic device-graph reputation that updates daily, not quarterly
- Adversarial baselines retrained weekly against the generators known to be in market
- Closed-loop verification with the conversion-side data: does the click ever turn into a basket, a churn-out, a return
The third item is the most important. If the unit converts at scale and the converted users behave like real customers, the fraud question collapses. If it converts and the converted users churn instantly, refund or charge back, the unit is fraudulent regardless of what the impression-layer data says. The signal moved further down the funnel.
What you should ask your media partners
Three questions cut through most vendor decks.
- When was your bad-actor baseline last retrained?
- What share of your conversion-side verification comes from first-party brand data, not modelled?
- Show me the attribution path of the cleanest 10 percent and dirtiest 10 percent of your inventory side by side
If they cannot answer the third, they are still scoring impressions instead of outcomes. That was fine for a 2018 budget. It is not enough for a 2026 budget.