The Galileo Threat Research team hunts emerging cyberfraud threats and engineers the AI models that stop them. Every discovery becomes detection. Every insight strengthens protection for your business and customers worldwide.
17,000 websites tested across 22 industries to assess vulnerability to unwanted bots, agentic AI, and LLM crawlers. The 2025 edition reveals how AI traffic is redefining digital trust.
DataDome’s Galileo team blocked 16 million malicious requests from 3.9 million IPs targeting a global sports organization’s ticket sales over six days. Zero tickets lost to scalpers.
DataDome’s network processed nearly 8 billion AI agent requests in early 2026. Analysis covers traffic volume, agent spoofing, agentic browsers, and why most sites can’t distinguish between legitimate traffic and threat actors.
The Galileo Threat Research team is DataDome’s innovation engine. These researchers and engineers don’t just study threats. They build the AI models that detect and stop them.
We named the team after Galileo Galilei, who challenged accepted truths and revealed what others couldn’t see. Our team does the same: investigating what others miss, questioning assumptions about bot behavior, and building models that expose hidden fraud patterns. Like our AI models (named after great minds including Lovelace, Turing, and Curie), the Galileo name honors those who changed the world through relentless curiosity and invention.
The Galileo team operates where research meets engineering. They don’t publish findings and move on. They turn intelligence into models that protect millions of users.
The team publishes original research on bot evolution, attack methodologies, and fraud patterns that educate the security community. But publication is just the beginning. When researchers identify a new evasion technique, they build a detection model. When they discover a proxy network selling residential IPs to fraudsters, those IP ranges are flagged across the platform. When they test sites against bot and spoofed agent traffic, those findings inform model improvements.
This is research that becomes protection. Intelligence gathered from one customer’s traffic strengthens detection for all customers. Attack data becomes shared defense, automatically and continuously.
The Galileo team doesn’t just protect DataDome customers. They publish research that helps the entire security community understand evolving threats.
Recent work includes the Global Bot Security Report analyzing bot traffic patterns across industries, an investigation into proxy provider networks exposed through bots as a service, security alerts on seasonal fraud campaigns targeting gaming and e-commerce, and analysis of emerging exploit frameworks before they reach production use.
The team also contributes to the broader machine learning and security community through open-source initiatives. In 2022, DataDome open-sourced Sliceline, a machine learning package for model debugging that helps identify subpopulations where ML models underperform. The library is freely available on GitHub and has been adopted by data scientists working on fraud detection and model explainability.
This research helps businesses understand threats specific to their industries and informs how security teams should prioritize defenses. The team’s work has been featured in leading security and technology publications that DataDome customers trust, including The Information, Wired, and Forbes.
The team builds, tests, and refines AI models to improve detection accuracy and eliminate false positives. Model performance is measured constantly. When detection rates drop or false positives increase, the team retrains models using fresh attack data. This continuous improvement cycle keeps protection effective against evolving threats.
The Galileo team tests sites against bot and spoofed agent traffic to identify vulnerabilities before attackers exploit them. These findings feed directly into model training and detection rules that protect all customers. When the team discovers new evasion techniques through testing, countermeasures are developed and deployed across the platform.
The Galileo team delivers actionable intelligence directly to you through real-time Galileo Threat Discoveries on emerging threats relevant to your industry, quarterly reports analyzing attack trends across your traffic, real-time alerts when new fraud campaigns target your sector, and custom research on threats specific to your environment. This intelligence helps your security team understand not just what DataDome blocked, but why attacks are happening and how threat actors are evolving their techniques.
The Galileo team collaborates with industry partners to advance threat research and extend platform capabilities. These partnerships prove DataDome’s platform extensibility and industry trust.
Custom-built by DataDome’s threat research team, our AI models are named after great minds—philosophers, inventors, and pioneers who changed the world. Explore below how each model plays a specialized role in blocking cyberfraud.
Lovelace
Named after Ada Lovelace, a foundational thinker in computing. This model is specialized in fingerprint scoring for API servers.
Cardano
Named after Girolamo Cardano, a pioneer in probability theory. This model performs confidence scoring on Layer 1 decisions.
Leibniz
Named after Gottfried Wilhelm Leibniz, who advanced formal logic. This model provides normalized account scoring using graph neural networks.
Franklin
Named after Benjamin Franklin, a versatile innovator and thinker. This model scores email trust using fuzzy logic on the email pattern.
Bernoulli
Named after Jacob Bernoulli, a father of modern probability. This model scores IP, AS and User Agent reputations using PU-Learning.
Arendt
Named after Hannah Arendt, a political and ethical theorist. This model blocks high-scoring IPs using fuzzy logic.
Spinoza
Named after Baruch Spinoza, known for rationalist system-building. This model blocks IPs via scoring and hard rules.
Descartes
Named after René Descartes, thinker of reason and duality. This model detects client-side behavior using real-time signal modeling.
Hume
Named after David Hume, an empiricist philosopher focused on observed behaviors. This model automatically adjusts behavioral thresholds based on session stats.
Pascal
Named after Blaise Pascal, a pioneer of probability and decision theory. This model detects session anomalies from aggregated IP and sessions behaviors.
Kant
Named after Immanuel Kant, who explored how we perceive the world and structures. This model interprets real-time JS keyboard input to detect bots.
Venn
Named after John Venn, inventor of the Venn diagram. This model applies tagging based on IP aggregation and behavioral overlap.
Turing
Named after Alan Turing, a pioneer in machine reasoning. This model generates detection rules from time-based signal patterns.
Curie
Named after Marie Curie, known for discovering hidden elements and signal discovery. This model extracts detection rules from fingerprint scoring anomalies.
Darwin
Named after Charles Darwin for its work on biological evolution. This model explores rule generation via genetic modeling techniques.
Popper
Named after Karl Popper, philosopher of science and falsifiability. This model identifies anomalies via distribution shifts.
Bayes
Named after Thomas Bayes, a probability theorist. This model uses change-point heuristics for detecting sudden traffic shifts.
Godel
Named after Kurt Gödel, logician of incompleteness. This model flags edge-case anomalies across large field cardinalities.
Searle
Named after John Searle, known for theories of interpretation. This model refines account protection rules based on feedback loops.
Foucault
Named after Michel Foucault, theorist of hidden systems and power structures. This model detects subtle browser-level TCP signal differences.
Russell
Named after Bertrand Russell, logician and system critic. This model generates fallback rules in realtime during attack escalation.
Babbage
Named after Charles Babbage, the father of pattern computing. This model generalizes detection rules across customers.
Chomsky
Named after Noam Chomsky, linguist and cognitive theorist. This model performs structural refinement on detection rules.
Socrates
Named after Socrates, master of questioning and critique. This model creates signature-based embeddings and detects bots using real-time clustering on those embeddings.
Marconi
Named after Guglielmo Marconi, inventor of wireless transmission and radio telepathy. This model detects residential proxies by tracing hidden signal paths.
AI experts building better AI
Tell me more
Tell me more
Tell me more
Tell me more
Tell me more
Tell me more
Schedule a demo of the DataDome platform to see how you can start blocking bad bots and preventing cyberfraud.
