Product Capabilities

Bot Detection That Ships Fast

Deploy quickly without maintaining fragile rule sets. Add it to your gateway or middleware, then get transparent scoring, detector evidence, and policy control from day one. Every endpoint gets continuous learning.

Open source and free (at present). Start with the full core feature set, then scale to enterprise workflows when you need them.

Works out of the box • Learns automatically • Improves continuously

Zero PII storage
privacy-first by design

Explainable decisions
detector evidence on every request

Fast response
sub-millisecond fast-path checks

Open source core
no black-box lock-in

Why StyloBot is Different

The features that make bot detection actually work

Zero Configuration

Add two lines of code and you're protected. No complex rules. No tuning required. No ML expertise needed.

builder.Services.AddBotDetection();
app.UseBotDetection();

That's it. Really.

Self-Improving AI

Learns from every detection. Adapts to new bot tactics automatically. Gets smarter with every request.

Pattern reputation evolves in real-time
Weights adjust based on outcomes
Drift detection prevents model decay
No retraining required

Lightning Fast

Sub-millisecond detection doesn't slow your site. AI inference in < 1ms. No noticeable latency.

Heuristic AI

<1ms

Fast Detectors

<1ms

Stealth Defense

Bots can't detect they're being detected. Stealth throttling, silent redirects, and invisible challenges.

Bots keep trying, you stay protected

Self-Hosted & Private

Everything runs in your infrastructure. No data leaves your servers. No third-party dependencies. GDPR friendly.

No external API calls

All ML runs in-process

SQLite for storage (optional)

Flexible Policies

Different rules for different endpoints. Strict for checkout, relaxed for content. Path-based, risk-based, fully customizable.

"PathPolicies": {
  "/api/login": "strict",
  "/api/checkout": "strict",
  "/sitemap.xml": "allowBots"
}

Adaptive Scaling

Built on the powerful StyloFlow workflow engine. Runs anywhere from a Raspberry Pi to massive server clusters. Dynamically optimizes resource usage based on load.

Bounded concurrency prevents overload
Auto memory cleanup prevents leaks
Signal-based coordination
Observable async operations

Learn about StyloFlow

Deploy Anywhere

Raspberry Pi for hobbyists. Cloud VMs for startups. Kubernetes clusters for enterprises. Same code, scales automatically.

Minimum

Pi Zero

512MB RAM

Maximum

Unlimited

Horizontal scaling

The Paradox

Zero Config. Infinite Control.

Set it and forget it, or become a bot-hunting surgeon. Your choice.

Install & Ignore

Two lines of code. That's it. The system immediately starts learning your traffic patterns and protecting your endpoints.

Auto-Discovery

Every endpoint in your app is automatically tracked and protected

Per-Endpoint Learning

/login gets stricter, /sitemap.xml stays open—no config needed

Traffic Profiling

Learns "normal" behavior unique to YOUR application

Adaptive Thresholds

Detection sensitivity adjusts automatically based on outcomes

builder.Services.AddBotDetection();
app.UseBotDetection();

// Done. Protected. Learning.

Surgical Precision

Want control? You've got it. Override anything, tune everything, customize any behavior.

Per-Path Policies

/api/checkout: "nuclear", /blog/*: "relaxed"

Risk-Based Actions

0.3-0.5: throttle, 0.5-0.8: challenge, 0.8+: block

Custom Detectors

Write your own detection logic, plug it into the pipeline

Learning Rate Tuning

Conservative or aggressive—dial in the exact adaptation speed

"PathPolicies": {
  "/api/admin/*": "paranoid",
  "/api/checkout": "strict",
  "/health": "allowAll"
}

The Best Part?

You can switch between these modes instantly. Start with zero config, add overrides only where you need them. The automatic learning never stops—even your custom rules benefit from adaptive intelligence.

What makes StyloBot a strong choice

Teams evaluating bot protection often care about speed, explainability, control, and long-term flexibility. StyloBot is designed to deliver all four.

Evidence-first outputs

Detector-level reasons, confidence, and risk bands on every request.

Performance-aware design

Fast-path reputation and bounded workflows keep latency predictable.

Control without complexity

Start zero-config, then add per-path policies and custom detectors only where needed.

Open-source flexibility

Self-hosted core, transparent roadmap, and no forced platform lock-in.

The Intelligence Behind It

Multi-layered AI that adapts to your traffic

Adaptive Machine Learning

Learns Your Traffic Patterns

The heuristic AI model doesn't just detect bots—it learns what "normal" looks like for YOUR application. Every request refines the model. Every blocked bot makes it smarter. Every false positive teaches it to be more precise.

Exponential Moving Average Learning

Pattern reputations evolve smoothly. Not too reactive, not too slow.
Time Decay & Forgiveness

Old patterns fade. Infrastructure changes don't haunt you forever.
Concept Drift Detection

Alerts when bot behavior shifts. Automatic adaptation to new threats.

Learning Feedback Loop

Detection Occurs

Multi-signal analysis produces confidence score

Action Taken

Block, throttle, challenge, or allow

Patterns Updated

Reputation scores and weights adjust

Next Request Smarter

Improved accuracy on future detections

Instant Abort for Known Threats

Confirmed bad patterns trigger instant 403s before any analysis. Sub-microsecond lookups in memory cache.

Latency Impact

<0.1ms

Hash table lookup

Known Bad Patterns

Instant

No analysis required

Performance Optimization

Fast-Path Reputation Cache

Once a pattern is confirmed bad (high confidence over multiple requests), it gets promoted to the fast-path cache. Future requests from that pattern get blocked instantly—no detection pipeline, no AI inference, just instant rejection.

Why this matters

Under heavy bot attack, 90%+ of requests hit the fast-path cache. Your server barely notices.

Flexible Response Actions

Not all bots deserve the same treatment

Stealth Throttle

Slow bots down without them knowing. Variable delays with jitter. Risk-scaled timing.

Default

Hard Block

Instant 403. For confirmed malicious traffic and security scanners.

Strict

Challenge

Proof-of-work, CAPTCHA, or JavaScript tests. Verify humanity before allowing access.

Moderate

Honeypot Redirect

Silent redirect to study bot behavior. Learn new attack patterns automatically.

Intel

Shadow Mode

Log detections without blocking. Test rules in production safely.

Testing

Custom Policies

Write your own action policies. Webhook alerts, custom logging, anything.

Extensible

Enterprise-Grade Architecture

Without the enterprise complexity

Production-Ready Features

OpenTelemetry integration - Full observability out of the box
Health checks & diagnostics - Standard ASP.NET Core health endpoints
Graceful degradation - Never blocks your pipeline, even on failure
Docker & Kubernetes ready - Stateless design, volume mounts for persistence
Multi-instance safe - SQLite WAL mode or Redis for shared state

Developer Experience

Rich IntelliSense - Fully documented APIs with XML comments
Fluent configuration - JSON or code, your choice
Extension points everywhere - Custom detectors, policies, storage
Test mode support - Simulate any bot type in dev
Comprehensive docs - Real examples, not just API references

Fits Your Stack

Works with what you already have

ASP.NET Core

Middleware, MVC attributes, endpoint filters. Use what feels natural.

Docker/K8s

Stateless design. Volume mounts for learned weights. Horizontal scaling ready.

Start Fast. Keep Full Control.

Open source, free at present, and ready for production traffic.

Explore Source Start with NuGet

Open source • MIT License • .NET 8/9