Introducing Jérôme Segura, DataDome’s New VP of Threat Research

Earlier this month, we welcomed Jérôme Segura as DataDome’s VP of Threat Research. A globally recognized expert in malware analysis and web threats, Jérôme brings nearly two decades of experience tracking how attackers innovate and how defenders can stay ahead.

Before joining DataDome, Jérôme spent more than 10 years at Malwarebytes, where he became known for pioneering research on malvertising, social engineering, and browser-based threats. His work helped expose large-scale threat campaigns and influenced how the industry approaches web-based fraud.

Now, Jérôme is bringing that expertise to DataDome to help push the boundaries of what bot detection and cyberfraud prevention can achieve in the age of AI. We sat down with him to discuss his journey, evolving threats, and why intent, not identity, holds the key to the next chapter of online security.

You’ve spent over a decade tracking evolving threats. What trends concern you most right now?

Jérôme Segura: One thing that hasn’t changed is how central social engineering remains. No matter how advanced security tools get, attackers continue to succeed by manipulating people. What’s changed is how accessible and scalable these attacks have become.

AI is accelerating that. We’re seeing phishing websites generated on the fly with LLMs, customized copy that evades detection, and scams that would have taken weeks to pull off now happening in minutes. These aren’t fringe experiments, they’re becoming part of the everyday attacker toolkit.

Your background spans malware, malvertising, and browser-based attacks. How does that shape how you approach bots and online fraud?

Jérôme Segura: I’ve always focused on web-based threats—the intersection where attackers reach people. Bots, to me, are another tool in the attacker’s arsenal. Whether they’re used to distribute malware, launch credential stuffing attacks, or proxy traffic for more advanced campaigns, they’re about achieving scale and persistence.

What really matters is understanding intent. Attackers aren’t using bots because they like automation, they’re using them to drive fraud. The bot is just the beginning.

You’ve spoken before about respecting adversaries’ creativity. How does that mindset affect your work as a defender?

Jérôme Segura: You don’t have to condone what attackers do to appreciate their craft. Some of the most impactful research I’ve done came from moments of: “Wow, that’s clever.” When you can reverse engineer an attack and fully understand how it works, that’s when you can actually beat it.

I think there’s mutual respect, too. Threat actors know which researchers are capable of figuring them out. And in turn, we have to take that responsibility seriously, especially when it comes to sharing findings.

Speaking of that, why is it important for threat researchers to share intelligence outside their own organizations?

Jérôme Segura: When we uncover something serious, it’s rarely something that affects just our users or our systems. Whether it’s sharing data with law enforcement or quietly collaborating with other researchers, there’s real value in moving as a community.

Of course, you have to be careful. Public blogs are read by everyone, including attackers. That’s why we sometimes publish technical breakdowns in more private circles or stagger releases. But when possible, I believe in sharing what we learn.

As AI-powered agents become more autonomous, how should detection strategies evolve?

Jérôme Segura: The old binary of “human or bot” is broken. Humans use AI now. AI mimics humans. You can’t draw a clear line anymore. And if you try, you’ll block good users and miss bad ones.

What really matters is intent. Is the visitor trying to book a trip, or scrape your pricing to feed a competitor’s model? Are they browsing, or probing for account takeovers? That’s where detection needs to go. AI is only going to blur the lines more, and only intent-based detection can keep up.

What types of threats do you think are flying under the radar today?

Jérôme Segura: Fraud and scams, especially the ones that seem “boring.” Ransomware gets the headlines, but the cost of credential stuffing, refund abuse, and marketplace scams is often much higher and harder to quantify.

Because some of these threats are difficult to solve or not widely reported, they don’t get the attention they deserve. But they’re persistent, they’re painful, and they’re costing companies a lot more than they realize.

What excites you most about joining DataDome?

Jérôme Segura: First, I love the French roots. It resonates personally. But more importantly, I saw a company that understands where the future is headed. DataDome is leaning into AI, not just as a buzzword but as a foundation for smarter, more scalable defense.

It’s also a new challenge for me. I’ve spent years focused on client-side threats. Now I get to look at server-side security, bot traffic, and fraud patterns at a much broader scale. And I get to work with a team that’s serious about not just reacting to threats, but shaping the response.

If you could give one piece of advice to companies facing cyberfraud, what would it be?

Jérôme Segura: Shift your focus from merely detecting bots to discerning the underlying intent of online behavior for more effective defense. That’s the future of fraud prevention, and it’s where the real battle is happening now.

Stay tuned for more from Jérôme and DataDome Advanced Threat Research.