At RSAC 2025, Appdome launched its AI-native MobileBOT™ Defense profile, setting a new standard in mobile bot protection by delivering over 400 attack vector defenses in a single profile. Designed for seamless integration with all industry-standard Web Application Firewalls (WAFs), the update transforms traditional WAFs into advanced fraud-fighting platforms without the need for SDKs or backend changes.
The expanded profile goes far beyond brute force and credential stuffing prevention, targeting today’s AI-powered threats such as deepfakes, face cloning, session hijacks, and mobile Trojans. With per-API customizable threat assessments, network security teams can now detect and block account takeovers (ATO), KYC fraud, and on-device fraud in real time, across critical app flows like sign-up, login, and payment.
Tom Tovar, CEO of Appdome, emphasized that the complexity of mobile environments demands more than just a few signals from the device: “Mobile brands need to evaluate threats at the OS, app, UI, and network level before allowing any API access.”
The release also showcases key innovations like client-side rate limiting, immutable application fingerprinting, and dynamic API updates—all part of a no-SDK, no-server approach that lowers cost, accelerates deployment, and enhances security posture. Field CTO Gil Hartman called out the AI threat landscape: “Your bot defense strategy has to take AI into consideration—guessing credentials is no longer the hard part.”
Strategic Impact: For enterprises and mobile-first businesses, the update offers a future-proofed, WAF-compatible path to combating increasingly sophisticated mobile fraud. The ability to deploy layered defenses per API, and without infrastructure overhaul, positions Appdome as a leader in securing mobile channels against next-gen bot threats.
