How DataDome’s New AI Models Strengthen Account Security

Accounts remain a prime target for fraudsters due to the sensitive information and stored value they contain. Tactics to exploit accounts include credential stuffing and brute force attempts to fake account creation, session abuse, and account takeovers (ATOs). Increasingly, these threats involve hybrid patterns that blend automation and human actions; for example, bots may test stolen credentials at scale, while humans step in to complete fraudulent transactions.

For organizations, account security is a high-stakes challenge: how do you mitigate account fraud while ensuring frictionless access for legitimate users?

At DataDome, we believe the answer lies in adaptive, intelligent defenses: systems that learn, evolve, and customize themselves to the environment they protect. That’s why our latest release of Account Protect introduces two new AI models designed to adapt in real time and safeguard against both automated and hybrid threats.

Genetic algorithms for continuous learning

One of the key innovations in this release is the integration of genetic algorithms into Account Protect. Inspired by natural selection, genetic algorithms are designed to continuously generate, test, and refine different ways of distinguishing legitimate activity from malicious behavior.

In practice, the model explores a wide range of detection strategies, sets of conditions, or scoring logic that help identify whether an account action, such as a login attempt, account creation, or session behavior, is trustworthy or suspicious. A strategy might evaluate the velocity of login attempts from a single IP, the diversity of fingerprints within a session, the ratio of failed to successful logins, or the frequency of account creations.

Each strategy is tested against real-world traffic data. Those that prove most effective at separating good users from attackers are reinforced and refined, while less effective ones are discarded. Over successive iterations, the system “evolves” stronger and more precise detection logic, ensuring Account Protect stays ahead of sophisticated and ever-changing attack patterns, including hybrid threats where bots and humans coordinate to evade detection.

The result is protection that doesn’t stand still; it continuously evolves, powered by multi-layered AI and enriched with real-world input.

Automated baseline learning with dynamic thresholds

The second major innovation in this release focuses on how Account Protect adapts to each customer’s environment. No two businesses look alike. A gaming platform may see login surges at night, while a financial institution may have steady daytime patterns, and an e-commerce site may experience spikes during seasonal promotions.

Static defenses often struggle to account for these differences. What looks abnormal in one environment may be completely normal in another. To address this, Account Protect now automatically learns traffic baselines per customer and endpoint.

By analyzing historical data, the system sets dynamic upper thresholds on key signals, like login attempts, request rates, and session activity. These thresholds adjust automatically as patterns evolve, flagging activity that strays too far from the baseline without requiring manual tuning.

This ensures defenses are finely calibrated to each customer’s unique environment, while remaining resilient against attackers who deliberately mix automated and manual actions to blend in with legitimate traffic.

Why this matters for customers

Together, these two new AI models deliver protection that is:

• Precise: tuned to your unique traffic patterns.
• Automated: reducing the need for manual configuration or intervention.
• Resilient: evolving alongside both your business and the threats it faces.

In short, smarter protection with less operational burden, whether the threat comes from bots, humans, agents, or the increasingly common tactic of using a combination. 

A step toward truly adaptive account security

This release marks another step in DataDome’s mission to deliver comprehensive, adaptive account protection. By combining customer input with advanced AI techniques like genetic algorithms and dynamic baseline learning, Account Protect is continuously evolving to meet the challenge of modern threats.

The result is a solution built not just to defend against unwanted bots, agents, and fraudsters, but to protect against the full spectrum of account abuse, from brute-force automation to sophisticated hybrid attacks where humans, bots, and AI agents work hand-in-hand. 

Want to see how DataDome’s Account Protect can safeguard your users’ accounts? Request a demo today.