The IT Nerd

Appdome announced at Black Hat 2025 the integration of its IDAnchor™’s Customer Identity Protection suite into MobileBOT™ Defense, Appdome’s bot defense offering. This powerful combination enables mobile brands and businesses to build a virtual Mobile API Gateway on top of any standard backend infrastructure, preventing unauthorized API access, stopping brute-force bot attacks, and eliminating point products for API Protection and Bot Defense.  

Build Your Own Mobile API Gateway
Powered by AI, Appdome’s MobileBOT™ Defense, with IDAnchor inside, enables mobile teams to create a virtual Mobile API Gateway that sits on top of any standard backend infrastructure. Together, they provide an OS-independent chain of trust consisting of:

1. WorkspaceID – root identifier from the DevOps environment,
2. ReleaseID – intermediate identifier for each App Release,
3. InstallID – leaf identifier for each App instance, and
4. DeviceID – leaf identifier for each mobile Device that uses an IDAnchor enabled app.
5. True Device Attributes™ – OS-independent device attributes.
6. Threat Signals – for identity, OS, Application and Device Threats.

During any API connection request, if any part of the chain is missing, altered, or replaced, the mobile brand or business knows the origin of API request is suspicious or malicious. If an attacker attempts to impersonate legitimate mobile users, applications, devices, locations, or uses automated programs to generate requests individually or via brute force methods, the connection can be dropped or routed for mitigation in the application. No external systems or SDKs are required.

Immutable Mobile Identity vs. Cookies and Tokens
Legacy mobile API and bot defense products use time-based cookies and tokens to determine session validity. They can be stored insecurely or transmitted in the clear, making them vulnerable to reuse by the attacker. Cookies and tokens do not provide any data on the mobile device, application, or installation making the API request. In short, cookies and tokens cannot tell if the API request is coming from a good, bad, real, fake, compromised or uncompromised mobile user, app, install, or device.

In contrast, each IDAnchor fingerprint can be cryptographically bound to each user so that it is not reusable and persists across re-installs, OS updates, and factory resets. This fully addresses these top challenges in legacy bot protection strategies:

1. Fake Users & Devices: Fake users and fake, emulated, or spoofed devices cannot present a valid IDAnchor identity, making it easy to block spoofed or impersonated sources.
2. Bot Attack Masking & Evasion Techniques: Any attempted reuse or manipulation of the device, application, or OS attributes will result in an IDAnchor mismatch, revealing the attacker.
3. Stolen Credentials or Identities: Stolen identities using separate devices, synthetic identity or AI generated deepfakes, vishing, or session hijacks.
4. Install and attribution fraud: Fraud attempts conducted by emulator farms, malware-controlled apps, or fake devices.
5. KYC-fraud: Fake signups, fake account creation, and usage performed by bots or automated tools designed to spoof real behavior. 
6. Weaponized Mobile Apps. Malware-controlled or modified apps will change the IDAnchor fingerprint, revealing the weaponized mobile app.
7. Brute force credential stuffing: Attacks that use automated programs or stolen credentials with fake or spoofed mobile applications and devices.
8. Bot Source Triangulation: A bot detected from App A can be blocked or flagged in App B—without needing to sync external intelligence. 
9. Risk Scoring for API Connection Requests: Each match or mismatch of IDAnchor values is represented as a percentage and can be used as a proxy for connection risk or used to influence risk scoring methods for such purpose.

Appdome will showcase IDAnchor™ and MobileBOT™ Defense at BlackHat USA in Vegas Aug 6^th and 7^th.  Stop by Booth #4746 in the Black Hat Business Hall to learn more and see it live. For those not attending Black Hat, learn more about Appdome Mobile API and Bot Protection.

Appdome has announced the availability of new dynamic defense plugins to detect and defend against Agentic AI Malware and unauthorized AI Assistants controlling Android & iOS devices and applications. The new Detect Agentic AI Malware plugins allow mobile brands and enterprises to know when Agentic AI applications interact with their mobile apps and use the data to prevent sensitive data leaks and block unvetted on-device AI Agents from accessing transaction, account, or enterprise data and services.

Agentic AI Assistants – such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same capabilities that make AI Assistants useful to consumers and employees can also be used by Agentic AI Malware and Trojans. Good and bad AI Assistants can gain broad runtime access to screen content, UI overlays, activity streams, user interactions, and contextual data. Malicious AI Assistants can exploit this access to perform data harvesting, session hijacking, and account takeovers—often under the guise of legitimate AI functionality. On Android, this risk is amplified by more permissive APIs. On iOS, threats extend to mirroring-based leaks (e.g., via AirPlay) and enterprise-targeted surveillance. 

Agentic AI assistants have wide appeal in internal enterprise and public-facing consumer use cases. However, in consumer use cases—like banking, eWallet, and healthcare applications—some brands might take the view that, for now, the risks outweigh the benefits. Currently, whatever a good AI assistant can do, a bad AI Assistant can do. Both can access, extract or input credentials, intercept transactions, and send messages to other users. In enterprise environments, malicious AI Assistants could perform actions as the employee, accessing proprietary systems, leak sensitive documents, or create entry points for lateral compromise. Wrapped or re-skinned AI apps—especially unofficial or third-party clones of tools like ChatGPT—further increase the attack footprint, often requesting dangerous (overreaching) permissions and quietly transmitting captured data to external servers. Without real-time detection and control, mobile brands remain exposed to surveillance, compliance failures, and data loss at scale. 

Security researchers have observed that malicious AI Assistants can extract session data, cryptographic tokens, or decrypted content by analyzing on-screen information in real time. These apps often masquerade as legitimate voice assistants, and once granted access, can silently monitor users’ activity. Furthermore, when coupled with generative AI models, attackers can script automated reconnaissance, tampering, or replay of sensitive operations inside apps. 

Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time. This includes official, third-party, or wrapped AI apps that impersonate trusted tools or gain elevated permissions. Mobile brands and enterprises can use Appdome to monitor AI Assistant use or detect and defend against Agent AI Assistants using multiple evaluation, enforcement and mitigation options. Mobile brands and enterprises can also specify any number of Trusted AI Assistants, to guarantee that users have access to approved and legitimate Agentic AI Assistants.

To learn more about Appdome malware protection, including Detect Agentic AI Malware, please visit https://www.appdome.com/mobile-malware-prevention/.

Appdome today announced at RSAC 2025 that its AI-Native MobileBOT™ Defense solution now offers the most comprehensive mobile bot defense profile on the market. Capable of evaluating 400+ attack vectors in Android & iOS apps, OSs, devices, user interfaces and networks, Appdome’s new MobileBOT™ defense profile allows network security teams to not only stop brute force bot and credential stuffing attacks but also stop hyper targeted, spear phishing, account takeover (ATO), KYC fraud, on-device fraud (ODF), and deepfake threats in real time across account creation, login, password reset, payment and other critical API endpoints.

AI Has Changed Bot Defense Forever
Modern bot attacks aren’t contained to brute force bot and credential stuffing attacks launched from bot farms, automated scripts and similar attack vectors. Today, bot attacks can also include hyper-targeted ATO attacks that use AI-generated deepfake images, face cloning, liveness spoofing, and mobile Trojans to bypass biometric checks of specific users. These attacks can also be combined with client-side malware to intercept OTPs, complete Captcha challenges, hijack sessions, and exploit sensitive app flows like login, payment, and password reset. Some bot attacks weaponize the mobile app itself—evading traditional anti-bot defenses and putting user trust, compliance, and revenue at risk.

AI-Native Bot Defense is the Future
Appdome’s AI-Native MobileBOT™ Defense redefines mobile bot protection by providing multi-layered defense built for Android & iOS environments. While legacy bot defense SDKs aren’t protected in the app, use vulnerable cookies or JWTs to identify apps, and monitor only a few basic threat indicators such as emulators and jailbreak/root, Appdome’s MobileBOT™ Defense provides application-level rate limiting to eliminate the risk of weaponized and zombie applications, immutable application fingerprinting using secured client certificates to stop brute force attacks, and provides deep session risk, evaluating up to 400 configurable attack vectors in a single bot defense profile. With Appdome MobileBOT™ Defense, network security teams can stop brute force attacks and scan the mobile environment for any sign of deepfakes, social engineering scams, voice cloning, trojan attacks, vishing, remote access trojans (RATs), mobile device takeovers, and more before allowing a connection.

Tailored Profiles Stop Targeted ATO Attacks
Using a single MobileBOT™ Defense Profile, mobile brands and enterprises can evaluate up to 400+ attack vectors before allowing connections to any API, endpoint, or host. More importantly, network security teams can create separate defense profiles to address the specific threats applicable to each API. For example, network security professionals can evaluate different threats in each bot defense profile for:

• Sign Up & Onboarding APIs – Detect the presence of fake users and devices signing up to your service including fake taps, clicks, swipes, gestures as well as fake location and devices.
• Sign In & Password Reset APIs – Detect the presence of spyware such as keyloggers, overlay attacks, and activity monitoring, as well as ATO risk from deepfakes, ATS Malware and more.
• Payment APIs – Detect the presence of data harvesting and trojan malware, MiTM attacks, session hijacks, OS compromises, vishing, social engineering scams and more.

Layered Defense to Stop All Mobile Bot Attacks
Appdome’s MobileBOT™ Defense solution is the only anti-bot solution purpose built for mobile applications, mobile environments and mobile businesses. Every feature of MobileBOT Defense is designed to address the unique computing environment, threat vectors and operating requirements of the mobile channel. Here are just some of the key elements of MobileBOT Defense by Appdome:

• App-Level Rate Limiting – Leverages the compute on the mobile device to throttle API requests coming from “noisy,” malware controlled or zombie mobile apps.
• Application Fingerprinting – MTLS Pre-Check authenticates the real app during the TLS handshake, allowing network security teams to deny API requests from bot farms, bot scripts and fake applications.
• Extended Bot Defense Profiles – Evaluate session risk across up to 400+ separate threat vectors in mobile devices, OS, applications, user interface and networks to stop targeted ATOs, KYC Fraud and On-Device Fraud on a per API basis.
• Pin to Host – Uses Appdome’s secure certificate pinning to validate the authenticity of servers your application is connecting to per API.
• Dynamic API Updates – Remotely update protected hosts and endpoints without a new app release.
• Zero-Trust and Dynamic Threat Evaluation – Allows network security professionals to control when threat evaluations are performed.
• Hardened Implementation in Apps – Delivers tamper-proof anti-bot implementation in Android & iOS apps, free of spoofing, interception and compromise.
• All Mobile App Compatibility – Works seamlessly with any Android or iOS app.
• No-SDK, No Server Delivery – Eliminates integration work and infrastructure overhead, accelerating deployment and eliminating engineering work.
• All Web Application Firewall Compatibility – Compatible with all industry standard WAFs; no change outs required.

With the MobileBOT release, Appdome now offers full flexibility for mixing and matching where and how to enforce mobile app protections. Mobile businesses can enforce these protections at the client app level, network layer, or a combination of both. Whether stopping brute force bots or user-level targeted fraud, Appdome’s layered defense model ensures optimal protection and performance.

Appdome’s MobileBOT Defense requires no SDKs, no servers, and no changes to existing WAF infrastructure, bypassing the limitations, complexity and cost of traditional anti-bot products. By working with any WAF, businesses can preserve and extend their WAF investments and, with client-side rate limiting, can dramatically lower data processing costs.

Appdome is demonstrating the AI-Native MobileBOT Defense solution and the full Appdome AI-Native Platform at RSAC in San Francisco April 28^th  to May 1^st at booth South-0948.

Appdome also will be discussing the importance of mobile bot defense and a mobile bot solution jointly developed with Fastly at RSAC at the Fastly booth located at South-1255. Daniel Bechtel, Appdome director of enablement engineering, will co-present with Fastly on Monday at 6 pm, Tuesday at 3:30 pm, Wednesday at 10:30 am and Thursday at 10 am.

To learn more about AI-powered bot protection for mobile apps, you can request a personalized demo at https://www.appdome.com/mobile-antibot-detection-defense/ .

Appdome today announced it is strengthening its Account Takeover Protection suite with 32 new AI-Native dynamic defense plugins that provide Mobile Account Protection to the new frontline of Account Takeovers (ATOs) and On-Device Fraud (ODF). The new plugins are designed to help mobile brands and businesses maintain trust in the mobile experience and combat increasingly sophisticated malware that targets user identity, account creation, and transactions in mCommerce and other applications. Like all Appdome AI-Native defenses, each of the 32 new dynamic defense plugins for Mobile Account Protection is available by choice using the Appdome Platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

The growing complexity of mobile applications, including Super Apps, the sophistication of threats, including those that leverage AI and AI-Agents, as well as the proliferation of on-device malware, have greatly lowered the barrier for attackers to carry out Account Takeovers in mobile businesses.  Further, new tools and techniques are emerging to capture or exploit mobile identities and account data at the point of user entry, download, processing and/or choice in a mobile app. Traditional fraud detection and prevention products don’t safeguard these critical functions in the mobile application. Instead, these point products look for ATOs after the fact, often looking for the same attack vectors as other security and bot defense products to distinguish and mitigate fraud. Appdome’s Mobile Account Protection is designed to go beyond legacy security, anti-fraud and bot detection methods and protect the critical identity and account functions from deep inside the execution layer of the mobile application. If a threat is detected, Appdome’s AI-Native Mobile Account Protection plugins can either defend the user automatically or notify the application (or application backend) when fraudsters and other attackers try to compromise these functions. The result is proactive, pre-emptive defense to stop fraud and ATOs before they are successful.

The 32 new AI-Native Mobile Account Protection plugins for the Appdome Platform fall into three mobile defense categories:

• Appdome Trusted Execution Environment (TEE). This series of plugins allows Android & iOS applications to use a segmented and secure execution environment to create, store, and retrieve critical account, identity and transaction data within Android and iOS applications. Within Appdome’s TEE, Appdome protects the application memory, state, workers, activities, notifications, IPCs, APIs, and CPCs, performs session management, and provides a dedicated secrets manager for the application to use.
• Dynamic Memory Protection: Attackers are increasingly targeting the mobile application memory to harvest account credentials, alter critical account information, or manipulate account values such as in program or loyalty abuse. Appdome provides a series of new plugins designed to detect when attackers attempt to access or dump the application memory, manipulate application values in memory, or harvest sensitive data and keys stored in an application’s memory with memory editing tools.
• Identity Theft Prevention: Appdome’s new Mobile Account Protection suite now includes plugins designed to protect mobile application users from identity theft, including SIM swaps, overlay attacks, fake screens, key logging, tap hijacking, clipboard hijacks and more.

Combined, Appdome’s Mobile Account Protection suite ensures mobile accounts and critical account data in Android and iOS applications is secure and exploit-proof, adding a layer of fraud detection and prevention deep in the execution layer of a mobile app. This level of protection against ATOs and ODF has never existed in the mobile economy before Appdome.

The new plugins combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Appdome Mobile Application Protection Plugins are available with Appdome’s Threat-Events™ Intelligence and Control Framework and Appdome ThreatScope™ Threat Analytics service. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile brands can track and monitor ATO attacks via Appdome’s ThreatScope™, either before or after the deployment of Mobile Account Protection features.

Learn more about Appdome’s Mobile Account Protection.

By Tom Tovar, CEO of Appdome

Everyone knows the story of a frog placed in a pot of cold water. As the water heats up, the frog remains still until it’s too late. Today, the cyber function faces the same challenge as the frog, as the rest of the enterprise transitions to AI Native.

What is AI Native? 

“AI Native” refers to organizations, teams, or functions that fully integrate artificial intelligence into core operations. Rather than treating AI as an add-on, these entities leverage AI as a foundational element of their business, execution, delivery, and decision-making. They operate with AI at their core, embedding it into every process for speed, automation, improved efficiency, and to reduce dependencies on human capital, and other resources.

The Enterprise-Wide Shift Towards AI Native 

Across industries, enterprises are now shifting to an AI-Native approach. In 2025, key parts of the enterprise are moving beyond experimentation to complete restructuring. Departments, workflows, decision-making, and strategic planning are being reshaped around AI-driven automation and analysis for productivity. Key areas include:

1. Software Development and Engineering: AI-powered coding assistants accelerate development, improve software quality, and streamline DevOps with automated testing and CI/CD processes. 
2. Marketing: AI-driven platforms analyze consumer behavior, enabling hyper-personalized campaigns and optimized ad spend. 
3. Customer Support & Experience: AI chatbots can handle customer service at scale, reducing dependence on humans.
4. Fraud & Risk Management: AI enhances for fraud detection and risk modeling, quickly identifying anomalies and mitigating financial risks.
5. Supply Chain and Logistics: AI predictive analytics optimize inventory while automating procurement and delivery. 
6. HR and Talent Management: AI streamlines recruitment, identifies top talent faster, and enhances workforce management.

The goal is clear: faster decision-making, increased efficiency, and minimized human error while maximizing value. 

Cybersecurity Must Adapt…or Get Boiled Alive

Currently, cybersecurity teams focus on addressing the risks of AI adoption rather than embedding AI into their own cyber operations. This misalignment threatens their role as enterprises adopt AI-Native models at an accelerated pace. Without becoming AI-Native, the water will get too hot too fast. Cyber teams are falling behind as AI-Native organizations accelerate.  

Why Cybersecurity Must Go AI-Native Now

Cybersecurity must go beyond AI-enhanced tools. Here are the top 5 reasons why the cyber teams need to go AI-Native:

1. AI-Driven Threats Require AI-Driven Defense

Cybercriminals leapt into the AI boom to create highly sophisticated attacks, from deepfake-powered facial recognition bypasses to large-scale social engineering attacks at scale and autonomous malware evading detection. To counter these threats, organizations need an AI-Native defense that adapts, responds, and mitigates attacks in real time..

• Maintain Control of the Defense Lifecycle 

An AI-Native approach automates the entire defense lifecycle, including defense delivery, compliance, threat identification, and incident response, as well as guiding end users through resolving an attack. Gone are the days when the cyber function and the security operation center (SOC) could rely on AI for threat detection, but still depend on manual processes to resolve threats. With AI-Native cybersecurity, teams can control automatically every aspect of defense, eliminating delays caused by dependencies on multiple departments and manual actions. 

• Improve Decision-Making & Incident Response

Security leaders rely on multiple data sources, logs, and reports. AI-driven analytics provide deep insights and early warnings on emerging threats, along with benchmark comparisons and dynamic risk analysis. An AI-Native approach accelerates decision-making in incident response, automating defenses in real time before escalation.

• Eliminate Dependence on Other Departments

Many security teams are constrained by IT, engineering, and operations for critical tasks like threat modeling, infrastructure changes, and security tool integrations. With AI-Native defense, the cyber function can automate defense delivery independently of external teams. Now security teams can automate defense enforcement, reducing delays while accelerating security measures. 

• Guarantee Business Protection and Revenue Security

As AI drives efficiency across enterprise functions, cybersecurity teams must keep up with rapid innovation. New applications, capabilities, revenue sources, threats, and vulnerabilities are evolving faster than ever. AI-Native security delivers continuous fraud prevention, automated security updates, and preemptive threat mitigation. With AI-Native, cyber and fraud defenses can be deployed instantly and ensure continuous defense.

Cyber’s Top Priority for 2025: Become AI Native.  

Looking forward, CISOs and cybersecurity teams can no longer afford to see AI merely as a tool but must embrace AI as their foundation. Just as other enterprise functions use AI for speed, efficiency, and agility, cybersecurity must do the same – eliminating manual tasks, handoffs and learning curves.

With AI-Native, cyber teams use technology platforms to automate the entire defense lifecycle, ensuring readiness, reducing bottlenecks, and ensuring that security, ant-fraud and bot defense are delivered continuously. The future of cybersecurity isn’t just AI-aided — it’s AI-Native. Don’t be the cyber frog in the pot. The time to act is now.

Appdome has announced that new dynamic defense plugins are available on its AI-Native Defense platform to detect and defend against DeepSeek AI attacks on Android & iOS devices. The new plugins allow enterprises to safeguard mobile enterprise apps, harden remote access and protect mobile work from DeepSeek spyware. 

The new plugins use behavioral analytics to detect unusual file access, data extraction, user monitoring, and unusual network traffic to external AI servers performed by DeepSeek. Like all Appdome defenses, the new dynamic defense plugins targeting DeepSeek attacks are available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

DeepSeek, a free, AI-powered chatbot mobile app, has grown in popularity quickly. It has also created a huge risk for enterprises and governments using mobile devices and apps in the workforce. For example, reports have surfaced that DeepSeek can be used as spyware to harvest and send user data to China without the user’s knowledge. Likewise, users can unknowingly or accidentally post sensitive information to DeepSeek, creating data leakage risks for corporate data and sensitive documents. 

Recognizing the severity of the threat posed by DeepSeek, some enterprises have banned the use of DeepSeek for work purposes. Likewise, several government agencies, including in the United States and South Korea have introduced legislation to ban the use of DeepSeek on mobile devices used for government purposes. However, these bans are without teeth because – without Appdome – there is no way to detect DeepSeek on a mobile device, particularly a BYOD mobile device in an enterprise setting. And there’s no way to detect if DeepSeek is being used as spyware or if users share sensitive data via DeepSeek.

Appdome’s new Detect DeepSeek Attack plugins are particularly powerful in enterprise use cases such as mobile apps for work, enterprise apps, and Bring Your Own Device (BYOD) mobile strategies. When deployed in an enterprise app, the defense will detect an active DeepSeek session on the device and offer enterprises and B2B mobile app makers multiple enforcement options to mitigate the DeepSeek risk. Appdome’s new DeepSeek detection can be deployed stand alone or in combination with other defenses to detect DeepSeek being used as spyware and when employees post content to DeepSeek.

In published cases, DeepSeek exposed users to unauthorized data collection, weak encryption practices, and potential surveillance by state-linked entities. Security analyses reveal that DeepSeek transmits user data without proper encryption, employs outdated cryptographic algorithms, and lacks robust anti-tampering protections, making it vulnerable to reverse engineering. Beyond these published risks, attackers can expedite the runtime analysis of potential victim apps by feeding DeepSeek with memory dumps, encrypted files, and server responses directly on the device. This could also enable runtime memory extraction, allowing attackers to scan active memory for cryptographic keys, authentication tokens, and decrypted session data, compromising financial transactions and authentication flows. 

Additionally, DeepSeek may facilitate dynamic code injection by identifying unprotected vectors, enabling attackers to bypass security controls like root detection and anti-debugging, manipulate app behavior, and intercept sensitive interactions without persistent malware. The creators of DeepSeek have set guardrails designed to prevent using the AI model for malicious purposes, however, during the analysis of this model multiple “jailbreaks” were found that allow circumventing security restrictions. 

Learn more about Appdome AI-Native defense for DeepSeek AI threats.

Appdome, the leader in protecting mobile businesses, today announced it is extending its Account Takeover Protection suite with 30 new dynamic defense plugins for Deep Fake Detection in Android & iOS apps. The new plugins are designed to guarantee the integrity of Apple Face ID, Google Face Recognition and 3^rd party face and voice recognition services against AI-generated and other deepfake attacks. Like all Appdome defenses, each of the 30 new dynamic defense plugins for Deep Fake Detection is available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

The mobile economy trusts Face ID and facial recognition for authentication, Know Your Customer (KYC) compliance, and to combat on-device fraud (ODF). Mobile brands rely on facial recognition, including liveness checks, to build and maintain trust with their users. These brands tell users that facial recognition will ensure that only the authorized account holder can access their apps, accounts, and services. However, the number and sophistication of attacks targeting every aspect of facial recognition and biometric authentication have exploded in the last nine months, driven by the rise of AI-generated deepfakes, virtual cameras, image substitution, buffer attacks, voice cloning and other methods. Deepfake attacks easily generate hyper-realistic, adversarial, replications or manipulations that fool facial and voice verification systems. Sometimes attackers use virtual cameras to inject pre-recorded or live video streams into the facial recognition process. Other times, image buffer attacks manipulate face data processing in real time to bypass liveness detection processes. The speed of evolution, ease of use, and ubiquity of deepfake attacks make deepfake detection one of the top anti-fraud and anti-ATO objectives for brands and enterprises in 2025.

Despite the growing sophistication of Face ID and facial recognition services for mobile applications, Face ID bypass techniques, which manipulate biometric authentication processes, use virtual cameras and use AI-generated synthetic images or streams to mimic legitimate users, have started to outpace biometric authentication methods. Additionally, malicious actors are developing tools and techniques to exploit vulnerabilities in device hardware, face recognition software and face recognition APIs to compromise the integrity of biometric authentication. These challenges highlight the need for enhanced security measures around the biometric authentication workflows, to safeguard Face ID and facial recognition against deepfake attacks. 

Appdome’s Deep Fake Detection plugins sit on top of OS-native or third-party Face ID, facial recognition and voice recognition methods, including face verification SDKs. This approach ensures that any facial recognition process is secure from deepfake attacks and provides enhanced integrity and security for authentication workflows, regardless of the provider. Specific attack vectors that Appdome’s Deep Fake Detection protects against include:

• Face ID Bypass: Detects attempts to bypass Native Android and iOS biometric, facial recognition authentication systems on mobile devices, including FaceID and Biometric API calls, hardware abstraction layers and more.
• Deep Fake Apps: Detects deepfake and face swap apps that can be used to spoof facial recognition services used by Android and iOS applications, including in combination with virtual camera and video injection tools.
• Deepfake Video Detection: Detects synthetic identity attacks, video injection, frame and image buffer attacks, Direct Memory Access (DMA) attacks, monitors face embeddings and more.
• Appdome Liveness Detection: Applies primary or secondary liveness check to ensure a real face is used during the facial recognition process, applying AI models to verify 3D depth, skin texture, lighting, eye reflectiveness, the strength of liveness image, and more.
• Voice Cloning:  Detects synthetic voice spoofing and voice cloning apps when in use with the protected application, perfect for applications that rely on “my voice is my password” authentication workflows.

Brands and businesses can expect each Appdome defense to detect the Deep Fake attack as well as its variants. Appdome dynamic defense plugins use real-time behavioral analysis to detect the behaviors and methods that the multitude of FaceID bypass and AI-based Deep Fake and Voice Cloning Tools use to exploit authentication checks in Android & iOS apps. As a learning system, it constantly evolves to ensure continuous defense against Deep Fakes and related threats.

Like all Appdome mobile app defenses, the new deep Fake Detection plugins combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Android & iOS Deep Fake Detection Plugins are available with Appdome’s Threat-Events™ Intelligence and Control Framework and ThreatScope™ Mobile XDR service. Threat-Events allows mobile brands and facial recognition SDK and API providers to gather data on each attack and use the data to control the application or user experience when deepfake attacks happen. Mobile brands and facial recognition SDK and API providers can use Threat-Events to gather deeper threat intelligence and create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile brands can track and monitor Deepfake attacks via Appdome’s ThreatScope™, either before or after the deployment of the anti-Deep Fake features.

For more information about Appdome’s Deep Fake Detection, click here.

Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat Dynamics™ will be offered inside Appdome’s ThreatScope™ Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index™ for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors with the highest potential impact and preempt these threats before they escalate. This also allows businesses to continuously benchmark and manage their business- and application-level risk against the baseline of Appdome’s growing monthly data stream of tens of billions of mobile fraud, scam, bot, and cyber threat events globally. These new capabilities add to ThreatScope Mobile XDR’s existing real-time threat intelligence, inspection, and rapid response capabilities.

As mobile becomes the business, the landscape of fraud and cyber-attacks in the mobile economy has grown significantly. It now includes a wide range of adversaries, such as active hacker communities, criminal organizations, and AI-powered attacks. In this economy, attack vectors such as account takeover (ATO), on-device fraud (ODF), scams, identity theft, bot attacks, and more are proliferating quickly. Mobile businesses switched to Appdome to accelerate their defense time to market, eliminate work, gain automation through machine learning, and build any combination of Appdome’s 10,000+ dynamic defense plugins into mobile apps fast. With Appdome Threat Dynamics, mobile businesses can now leverage the biggest and most diverse data stream of mobile fraudand threat events in the digital economy to take a holistic and continuous approach to threat management. With Threat Dynamics, businesses leverage the power of AI to analyze and benchmark their active attack surface against the active attack surface in billions of Appdome-defended mobile apps. By analyzing this data from multiple perspectives, mobile businesses can see how cyber-attacks, fraud, and threats move across the mobile business and use Appdome’s Threat Dynamics to identify fraud and cyber-attack patterns early on, rank the potential impact of each attack prospectively, and preempt cyber-attacks, fraud, and threats before the attacks proliferate.

Data Siloes and Basic High-Med-Low Severities Are Not Enough.

Mobile businesses need usable and relevant data about the attacks and threats impacting their Android & iOS applications, users, identities, and transactions. However, point products aimed at mobile app security, mobile fraud prevention, KYC checks, and mobile identity only provide one slice of data. These slices are often available in siloed implementations that isolate data to one app, customer, and attack vector only. The same products either can’t or don’t aggregate, analyze, or expose data from all installations, leverage adaptive learning models or apply AI to benchmark trends, virality, or future potential impact of attacks. The output from these systems is often limited to human-defined “true / false” or “high,” “medium,” and “low” severity designations, which fatigue users and lead to false positives and missed attacks.

Appdome’s Threat Dynamics leverages AI and Appdome’s big-data footprint to continuously analyze and rank mobile threats, including fraud, malware, and bot trends in its global data set. Using this data, Threat Dynamics continuously calculates a Mobile Risk Index™ for each mobile business and app, providing a holistic, living, and dynamic context to the threat data sent to their ThreatScope instance. Threat Dynamics also shows how fraud, cyber-attacks, and other threats move across mobile apps, releases, installations, devices, users, and networks. With Threat Dynamics, mobile businesses can see which attacks are moving fastest, which mobile applications suffer the most, and which attacks are likely to have the biggest impact on the business. Trends such as Infection Rate, Attack Frequency, Attack Velocity, Cohort Placement, Variance, Projected Impact, and more are provided for each attack, application, release, device, OS, geographic source, and other dimensions.

Learn more and register for your personalized demo of Appdome ThreatScope XDR.

Americans are rapidly losing faith in mobile app security. New data reveals that one in four believe brands “don’t care” about protecting their security within the app experience, marking a staggering 337% increase since 2021. For brands, this growing skepticism is more than a reputation issue—it could jeopardize loyalty and retention on a massive scale. 

Appdome’s latest U.S. Consumer Survey highlights this shift in consumer trust. With mobile devices now integral to daily life, users expect proactive protection, not just promises. It’s the responsibility of brands to make security a priority, or risk losing consumer trust and engagement: 

• 73% of U.S. consumers say they’d delete an app if it lacked proper security. 
• 87% prefer proactive fraud prevention, not just reimbursement post-incident. 
• 90% now rate security as equally or more important than innovative app features, signaling that robust protection is an essential part of the user experience. 

You can view additional key findings from Appdome’s U.S. Consumer Survey here.  

Appdome today announced its new Threat Resolution Center, powered by GenAI. The new service enables mobile support teams to instantly identify mobile threats, generate context-specific resolution steps, and improve threat response for all stakeholders. Appdome will be demonstrating the new GenAI powered Threat Resolution Center live at the upcoming Black Hat USA cybersecurity conference in Las Vegas Aug. 7 and 8.

The scope, diversity, and sophistication of mobile threats are exploding. This, combined with the proliferation of malware, spyware and AI-based threats, means that the risk to mobile identity, data and transactions is higher than ever. Legacy mobile app security, anti-fraudand other products don’t consider the user experience. When mobile attacks happen, mobile end users are typically locked out of their accounts and left confused, frustrated, and flying blind. Likewise, understanding, and troubleshooting mobile cyber-attacks and threats is complex, time consuming and costly – for the mobile brand, enterprise and user.

The new Appdome Threat Resolution Center leverages the power of GenAI to provide real-time, context-specific, step-by-step guidance for end users to resolve threats and attacks on mobile devices quickly. This gives mobile support teams and end users the information they need to get past any attack fast. It also shrinks the mobile attack surface by speeding removal of mobile threats on end user devices. Mobile support teams also realize a boost in productivity by delivering faster mean time to resolution (MTTR) and reducing overall cost of threat response for all end users.

Fraud, malware and other attacks, combined with limited attack data and poor resolutions destroy the mobile experience. When cyberattacks happen, fire-drills arise between cyber and support teams. Triage, diagnosis and removing threats from mobile devices is extremely complex, time-consuming and challenging due to the immense diversity and dynamic nature of (a) mobile exploits, tools and malware, (b) mobile devices, (c) mobile operating systems (OS), (d) mobile networks and (e) other factors. To make matters worse, many forms of malware can hide inside other mobile apps, and access mobile apps via accessibility, custom keyboards and other settings. What works to remove a threat on one mobile device, mobile OS and network will not work for a different threat on a different mobile device, mobile OS and network.

How Appdome Threat Resolution Center Works

When an attack or threat is detected by an Appdome-protected mobile app, the Appdome Defense Framework in a mobile app dynamically generates a context-specific ThreatCode™. The ThreatCode is encoded with detailed and specific data about the threat, attack method, device, OS and other information, providing the DNA of each attack on the mobile end user’s device. Support, engineering or cyber personnel at mobile brands and enterprises enter the ThreatCode into Appdome’s Threat Resolution Center where Appdome’s Threat Resolution Agent™ generates the GenAI-prompts using retrieval augmented generation (RAG) to query and optimize responses from GenAI for the attack. The resolution response includes how to identify and understand the attack, how to find the attack, and the step-by-step instructions to remediate or remove the mobile threat on the end user’s device, creating – for the first time – true self-service threat response and real-time threat resolution for mobile end users.

Appdome will be demonstrating its new Threat Resolution Center at the Black Hat Conference in Las Vegas Aug. 7-8, 2024 at booth #1350.

Learn more about Appdome Threat Resolution Center and schedule your demo online.