AI Detections
WebDecoy provides comprehensive detection of AI-related activity on your website, including server-side AI crawlers, client-side browser extensions, and suspicious signals that indicate AI-assisted browsing.
Overview
Section titled “Overview”AI activity falls into five main categories:
| Category | Detection Method | Examples |
|---|---|---|
| AI Scrapers | User-Agent analysis | GPTBot, ClaudeBot, CCBot |
| AI Browser Plugins | DOM/JavaScript analysis | Claude extension, ChatGPT sidebar |
| Vision AI Bots | Form behavior analysis | Claude Computer Use, Stagehand, Browser Use |
| AI Tools | Behavioral signals | Automated form filling, content extraction |
| Suspicious Signals | API monitoring | Wrapped fetch, modified observers |
┌─────────────────────────────────────────────────────────────────┐│ AI DETECTION LAYERS │├─────────────────────────────────────────────────────────────────┤│ ││ SERVER-SIDE CLIENT-SIDE (Pro) ││ ─────────── ───────────────── ││ ││ ┌─────────────────┐ ┌─────────────────┐ ││ │ AI Scrapers │ │ Browser Plugins │ ││ │ (User-Agent) │ │ (DOM Detection) │ ││ └────────┬────────┘ └────────┬────────┘ ││ │ │ ││ │ ┌────────┴────────┐ ││ │ │ Vision AI Bots │ ││ │ │ (Form Behavior)│ ││ │ └────────┬────────┘ ││ ▼ ▼ ││ ┌─────────────────┐ ┌─────────────────┐ ││ │ AI Scraper │ │ AI Plugin + │ ││ │ Score (0-100) │ │ Vision Flags │ ││ └────────┬────────┘ └────────┬────────┘ ││ │ │ ││ └──────────────┬───────────────┘ ││ ▼ ││ ┌─────────────────┐ ││ │ Detection │ ││ │ Record │ ││ └─────────────────┘ ││ │└─────────────────────────────────────────────────────────────────┘AI Scrapers (Server-Side)
Section titled “AI Scrapers (Server-Side)”AI scrapers are bots that crawl websites to collect content for training AI models. WebDecoy detects these through User-Agent analysis and assigns an AI Scraper Score.
Training Crawlers (High Score)
Section titled “Training Crawlers (High Score)”These crawlers explicitly collect content for AI/ML model training:
| Crawler | Company | Score | User-Agent Pattern | Purpose |
|---|---|---|---|---|
| GPTBot | OpenAI | 85 | GPTBot/1.0 | Training ChatGPT and GPT models |
| ChatGPT-User | OpenAI | 85 | ChatGPT-User | ChatGPT plugins and browsing |
| OAI-SearchBot | OpenAI | 80 | OAI-SearchBot | SearchGPT content retrieval |
| ClaudeBot | Anthropic | 85 | ClaudeBot | Training Claude models |
| Anthropic | Anthropic | 85 | anthropic-ai | Anthropic’s general crawler |
| CCBot | Common Crawl | 80 | CCBot/2.0 | Open dataset for AI training |
| Google-Extended | 80 | Google-Extended | Gemini/Bard AI training | |
| PerplexityBot | Perplexity | 80 | PerplexityBot | Perplexity AI search |
| Cohere | Cohere | 80 | cohere-ai | Cohere model training |
| ByteSpider | ByteDance | 75 | Bytespider | TikTok/Douyin AI features |
| Meta-ExternalAgent | Meta | 75 | Meta-ExternalAgent | Meta AI training |
| Applebot-Extended | Apple | 75 | Applebot-Extended | Apple Intelligence training |
| YouBot | You.com | 75 | YouBot | You.com AI search |
| Amazonbot | Amazon | 70 | Amazonbot | Alexa and Amazon AI |
| FacebookBot | Meta | 70 | facebookexternalhit | Facebook AI features |
| Diffbot | Diffbot | 70 | Diffbot | Knowledge graph extraction |
Search Crawlers (Lower Score)
Section titled “Search Crawlers (Lower Score)”Traditional search engines that may also feed AI features:
| Crawler | Company | Score | User-Agent Pattern | Note |
|---|---|---|---|---|
| Googlebot | 30 | Googlebot | Primary search indexing | |
| Bingbot | Microsoft | 30 | bingbot | Bing search + Copilot |
| DuckDuckBot | DuckDuckGo | 30 | DuckDuckBot | Privacy-focused search |
| Applebot | Apple | 30 | Applebot | Siri and Spotlight |
| YandexBot | Yandex | 35 | YandexBot | Russian search + AI |
| Baiduspider | Baidu | 40 | Baiduspider | Chinese search + AI |
SEO and Analytics Crawlers
Section titled “SEO and Analytics Crawlers”| Crawler | Company | Score | User-Agent Pattern |
|---|---|---|---|
| Semrush | Semrush | 35 | SemrushBot |
| Ahrefs | Ahrefs | 35 | AhrefsBot |
| MJ12bot | Majestic | 30 | MJ12bot |
| DotBot | Moz | 30 | DotBot |
HTTP Client Libraries
Section titled “HTTP Client Libraries”Detected when used for scraping:
| Library | Pattern | Score |
|---|---|---|
| Python Requests | python-requests | 25 |
| Go HTTP Client | Go-http-client | 25 |
| Java HTTP Client | Apache-HttpClient | 25 |
| cURL | curl/ | 20 |
| Wget | Wget/ | 20 |
| Scrapy | Scrapy | 40 |
AI Browser Plugins (Client-Side)
Section titled “AI Browser Plugins (Client-Side)”WebDecoy’s Bot Scanner detects AI browser extensions installed by visitors. These extensions inject DOM elements, global variables, and content scripts that can be identified.
Primary AI Assistants
Section titled “Primary AI Assistants”High-confidence detection of major AI assistant extensions:
| Extension | Detection Flags | Score Impact |
|---|---|---|
| Claude Extension | claude_extension | +15 points |
| ChatGPT Extension | chatgpt_extension | +15 points |
| GitHub Copilot | copilot_extension | +15 points |
| Gemini/Bard Extension | gemini_extension | +15 points |
| Perplexity Extension | perplexity_extension | +15 points |
Secondary AI Tools
Section titled “Secondary AI Tools”Other AI-powered browser extensions:
| Extension | Detection Flags | Score Impact |
|---|---|---|
| Monica AI | monica_extension | +10 points |
| Jasper AI | jasper_extension | +10 points |
| WriteSonic | writesonic_extension | +10 points |
| Merlin AI | merlin_extension | +10 points |
| Sider AI | sider_extension | +10 points |
| MaxAI | maxai_extension | +10 points |
Detection Methods
Section titled “Detection Methods”WebDecoy uses multiple techniques to detect AI browser plugins:
1. DOM Element Detection
Section titled “1. DOM Element Detection”AI extensions inject UI elements with identifiable patterns:
// Claude extension patterns'[class*="claude"]''[data-claude]''[data-anthropic]''[id*="claude-"]''claude-extension'
// ChatGPT extension patterns'[class*="chatgpt"]''[class*="openai"]''[data-chatgpt]''chatgpt-sidebar'
// Copilot patterns'[class*="copilot"]''[data-copilot]''github-copilot'2. Global Variable Detection
Section titled “2. Global Variable Detection”Extensions often expose global objects:
// Claudewindow.__claude__window.__CLAUDE__window.__anthropic__
// ChatGPT/OpenAIwindow.__chatgpt__window.__openai__window.chatGPTExtension
// Copilotwindow.__copilot__window.githubCopilot
// Generic AIwindow.__aiAssistant__window.__AI_EXTENSION__3. Shadow DOM Detection
Section titled “3. Shadow DOM Detection”Modern extensions use Shadow DOM for isolation. WebDecoy inspects:
- Custom element tag names (
<claude-assistant>,<chatgpt-sidebar>) - Shadow root content for AI-related patterns
- Nested shadow DOM structures
4. Custom Element Registry
Section titled “4. Custom Element Registry”Extensions register custom HTML elements:
// Checked custom elements'claude-assistant''claude-sidebar''claude-popup''chatgpt-assistant''chatgpt-sidebar''gpt-popup''copilot-assistant''copilot-suggestion''perplexity-assistant''gemini-assistant''monica-assistant''merlin-assistant''sider-assistant'Vision AI Detection (Pro)
Section titled “Vision AI Detection (Pro)”Vision AI bots represent a new category of AI-assisted browsing where AI agents directly control browser interactions. Unlike traditional browser extensions that assist users, Vision AI bots operate the browser autonomously by manipulating the DOM directly.
What are Vision AI Bots?
Section titled “What are Vision AI Bots?”Vision AI bots are AI systems that:
- See the page visually using screenshots or DOM snapshots
- Interact programmatically by setting form values directly via JavaScript
- Skip human input patterns by not generating keyboard/mouse events
- Operate autonomously to fill forms, click buttons, and navigate sites
┌─────────────────────────────────────────────────────────────────┐│ VISION AI BOT INTERACTION │├─────────────────────────────────────────────────────────────────┤│ ││ Human User Vision AI Bot ││ ────────── ────────────── ││ ││ Keyboard → keydown event DOM Manipulation ││ → keyup event element.value = "text" ││ → input event ↓ ││ → value changes input event only ││ (no keyboard events!) ││ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ Detection: Field has content but ZERO keyboard events │ ││ │ Confidence: 90% | Score Impact: +40 points │ ││ └─────────────────────────────────────────────────────────┘ ││ │└─────────────────────────────────────────────────────────────────┘Known Vision AI Bots
Section titled “Known Vision AI Bots”| Bot/Tool | Type | Detection Method |
|---|---|---|
| Claude Computer Use | AI Agent | DOM manipulation, no keyboard events |
| Stagehand | Browser Automation | DOM manipulation, synthetic events |
| Browserbase Agents | Cloud Browser | DOM manipulation, headless signals |
| Playwright AI | Testing Framework | DOM manipulation, automation flags |
| Browser Use | AI Agent Framework | DOM manipulation, programmatic clicks |
How Detection Works
Section titled “How Detection Works”WebDecoy uses two complementary techniques to detect Vision AI bots:
- Ghost Click Detection - Clicks at positions where the mouse was never near
- FormAnalyzer - Form fields with content but no keyboard events
Ghost Click Detection
Section titled “Ghost Click Detection”Real users must move their mouse to a position before clicking there. Vision AI bots using element.click() or browser automation APIs can click anywhere without prior mouse movement.
┌─────────────────────────────────────────────────────────────────┐│ GHOST CLICK DETECTION │├─────────────────────────────────────────────────────────────────┤│ ││ Human User Vision AI Bot ││ ────────── ────────────── ││ ││ 1. Move mouse to button 1. Find element via DOM ││ 2. Hover over button 2. Call element.click() ││ 3. Click button 3. No mouse movement at all! ││ ││ Mouse path recorded: Mouse path recorded: ││ ▸ (100,50) → (150,80) → click ▸ click at (150,80) ││ (no prior movements!) ││ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ Detection: Click with NO mouse activity within 100px │ ││ │ Confidence: 95% | Score Impact: +45 points │ ││ └─────────────────────────────────────────────────────────┘ ││ │└─────────────────────────────────────────────────────────────────┘Key features:
- Tracks mouse position history with timestamps
- Checks if mouse was within 100px of click position in the 2 seconds before click
- Immediate detection: Sends alert instantly when 2+ ghost clicks detected (doesn’t wait for behavioral phase)
- Works even if page navigates away immediately after click
FormAnalyzer (DOM Manipulation Detection)
Section titled “FormAnalyzer (DOM Manipulation Detection)”WebDecoy’s FormAnalyzer tracks keyboard events per form field and compares them against actual content:
1. Event Tracking
Section titled “1. Event Tracking”// FormAnalyzer tracks per-field keyboard activity{ "email_field": { keydownCount: 0, // No keydown events keyupCount: 0, // No keyup events inputCount: 1, // One input event (from DOM manipulation) pasteCount: 0, // No paste events contentLength: 25 // But field has 25 characters! }}2. Pattern Detection
Section titled “2. Pattern Detection”| Pattern | Detection | Confidence | Score |
|---|---|---|---|
| Content without keyboard | Field has content but zero keydown/keyup events | 90% | +40 |
| High DOM manipulation ratio | More input events than keyboard events | 75% | +25 |
| Abnormal keydown/keyup ratio | Ratio outside 0.5-2.0 range | 60% | +15 |
| Multiple DOM manipulations | 3+ fields with suspicious patterns | — | +20 |
3. Typing Rhythm Analysis
Section titled “3. Typing Rhythm Analysis”Real humans have variable typing rhythms. Bots often have:
- Zero variance in keystroke timing
- Superhuman speed (< 30ms between keystrokes)
- Perfect consistency across all fields
Detection Flags
Section titled “Detection Flags”When Vision AI activity is detected, these flags are added:
| Flag | Meaning | Score Impact | Confidence |
|---|---|---|---|
ghost_clicks | Clicks at positions with no prior mouse activity | +45 | 95% |
form_dom_manipulation | Field content set via DOM, not keyboard | +40 | 90% |
high_dom_manipulation_ratio | Mixed DOM/keyboard with suspicious ratio | +25 | 75% |
instant_clicks | Clicks with no delay after mouse stops | +30 | 85% |
clicks_no_pre_movement | Clicks without preceding mouse movement | +20 | 80% |
multiple_dom_manipulations | 3+ fields showing DOM manipulation | +20 | — |
abnormal_key_ratio | Keydown/keyup ratio outside normal range | +15 | 60% |
Example Detection Record
Section titled “Example Detection Record”{ "id": "det_xyz789", "source": "bot_scanner", "unified_score": 85, "threat_level": "HIGH",
"flags": [ "ghost_clicks", "form_dom_manipulation", "multiple_dom_manipulations" ],
"metadata": { "behavior": { "clickAnalysis": { "ghostClicks": true, "ghostClickRatio": 0.67, "instantClicks": false, "noPreMovement": true }, "formAnalysis": { "suspiciousFields": [ { "id": "email", "reason": "content_without_keyboard", "contentLength": 24, "confidence": 0.9 }, { "id": "message", "reason": "content_without_keyboard", "contentLength": 156, "confidence": 0.9 } ], "totalDomManipulations": 2, "fields": { "email": { "contentLength": 24, "keyCount": 0, "noKeyboardEvents": true }, "message": { "contentLength": 156, "keyCount": 0, "noKeyboardEvents": true } } } } }}Distinguishing from Legitimate Use Cases
Section titled “Distinguishing from Legitimate Use Cases”Not all DOM manipulation is malicious. WebDecoy accounts for:
| Scenario | How We Handle It |
|---|---|
| Password managers | Usually trigger paste events (tracked separately) |
| Autofill | Browser autofill fires input events with isTrusted: true |
| Copy/paste | Paste events are tracked and not flagged |
| Form pre-population | Only analyzed after user interaction begins |
Use Cases
Section titled “Use Cases”Detect Browser Automation (Ghost Clicks)
Section titled “Detect Browser Automation (Ghost Clicks)”Alert Rule: Ghost Click DetectionTrigger: - flags contains 'ghost_clicks'Action: Block immediatelyRationale: Strongest indicator of browser extension or automationProtect High-Value Forms
Section titled “Protect High-Value Forms”Alert Rule: Vision AI on SignupTrigger: - path matches '/signup' OR '/register' - formAnalysis.suspiciousFields.length > 0Action: Require additional verificationRationale: Prevent AI-automated account creationDetect AI-Powered Scraping
Section titled “Detect AI-Powered Scraping”Alert Rule: AI Form ProbingTrigger: - formAnalysis.totalDomManipulations >= 2 - session duration < 10 secondsAction: Block and logRationale: AI bot rapidly filling forms to test responsesMonitor for AI Agents
Section titled “Monitor for AI Agents”Dashboard Query: Vision AI ActivityFilter: - flags contains 'ghost_clicks' OR 'form_dom_manipulation'Group by: pathMetric: Count per pageFiltering Vision AI Detections
Section titled “Filtering Vision AI Detections”In the Detections table, use these filters:
| Filter | Value | What It Shows |
|---|---|---|
| Flags contain | ghost_clicks | All ghost click detections |
| Flags contain | form_dom_manipulation | All DOM manipulation detections |
| Unified Score ≥ | 70 | High-confidence Vision AI activity |
| Source | bot_scanner | All client-side detections |
API Example:
# Get all Vision AI detectionscurl -H "Authorization: Bearer $TOKEN" \ "https://api.webdecoy.com/v1/detections?flags_contain=ghost_clicks"
# Get all form manipulation detectionscurl -H "Authorization: Bearer $TOKEN" \ "https://api.webdecoy.com/v1/detections?flags_contain=form_dom_manipulation"Suspicious Signals
Section titled “Suspicious Signals”These signals indicate potential AI-assisted or automated browsing but aren’t specific to a single extension:
API Wrapping
Section titled “API Wrapping”| Signal | Flag | Score Impact | Meaning |
|---|---|---|---|
| Wrapped Fetch API | wrapped_fetch | +5 points | window.fetch has been modified |
| Wrapped XHR | wrapped_xhr | +5 points | XMLHttpRequest.open has been modified |
| Modified MutationObserver | modified_mutation_observer | +5 points | Observer constructor has been patched |
API wrapping can indicate:
- AI extensions intercepting network requests
- Content extraction tools
- Automated form submission tools
- Browser automation frameworks
Detection Logic
Section titled “Detection Logic”// Check if fetch has been wrappedvar fetchStr = window.fetch.toString();if (fetchStr.indexOf('[native code]') === -1) { // Fetch has been wrapped by an extension flags.push('wrapped_fetch');}
// Check if XHR has been wrappedvar xhrStr = XMLHttpRequest.prototype.open.toString();if (xhrStr.indexOf('[native code]') === -1) { // XHR has been wrapped flags.push('wrapped_xhr');}Context Menu Modifications
Section titled “Context Menu Modifications”| Signal | Flag | Meaning |
|---|---|---|
| AI Context Menu | ai_context_menu | Extension added AI options to right-click menu |
Understanding Detection Flags
Section titled “Understanding Detection Flags”When AI activity is detected, flags are added to the detection record:
Flag Categories
Section titled “Flag Categories”┌─────────────────────────────────────────────────────────────────┐│ DETECTION FLAGS BREAKDOWN │├─────────────────────────────────────────────────────────────────┤│ ││ Primary AI Extensions (15 pts each) ││ ──────────────────────────────────── ││ claude_extension, chatgpt_extension, copilot_extension, ││ gemini_extension, perplexity_extension ││ ││ Secondary AI Extensions (10 pts each) ││ ───────────────────────────────────── ││ monica_extension, jasper_extension, writesonic_extension, ││ merlin_extension, sider_extension, maxai_extension ││ ││ Suspicious Signals (5 pts each) ││ ─────────────────────────────── ││ wrapped_fetch, wrapped_xhr, modified_mutation_observer ││ ││ Other Signals (8 pts each) ││ ───────────────────────── ││ generic_ai_extension, ai_context_menu ││ │└─────────────────────────────────────────────────────────────────┘Example Detection Record
Section titled “Example Detection Record”{ "id": "det_abc123", "source": "bot_scanner", "ip_address": "192.168.1.100",
"unified_score": 45, "threat_level": "MEDIUM",
"ai_scraper_score": 0, "ai_scraper_category": "none",
"flags": [ "claude_extension", "wrapped_fetch" ],
"metadata": { "aiBrowserPlugins": { "detected": true, "plugins": ["claude_extension"], "count": 1 } }}Filtering AI Detections
Section titled “Filtering AI Detections”In the Detections table, filter specifically for AI-related activity:
Filter Options
Section titled “Filter Options”| Filter | How to Use | Effect |
|---|---|---|
| AI Scraper Score | Set minimum score | Show only AI crawler activity |
| Flags contain | Search for flag name | Show detections with specific AI flags |
| Source = bot_scanner | Select source filter | Show client-side detections |
Example Filters
Section titled “Example Filters”Find all Claude extension users:
Flags contain: claude_extensionFind all AI training crawlers:
AI Scraper Score >= 70AI Scraper Category = training_crawlerFind all AI browser plugin activity:
Flags contain: _extensionSource = bot_scannerFind suspicious API wrapping:
Flags contain: wrapped_Score Impact
Section titled “Score Impact”AI browser plugin detection contributes to the overall bot score:
Scoring Breakdown
Section titled “Scoring Breakdown”| Detection | Points Added | Rationale |
|---|---|---|
| Single primary AI extension | +15 | Strong indicator of AI-assisted browsing |
| Multiple primary AI extensions | +15 each | Compounding evidence |
| Secondary AI extension | +10 | Common AI productivity tools |
| API wrapping | +5 | Could be legitimate extensions too |
| Generic AI signals | +8 | Unspecified AI activity |
Score Examples
Section titled “Score Examples”| Scenario | Flags | Added Score |
|---|---|---|
| Claude extension only | claude_extension | +15 |
| ChatGPT + wrapped fetch | chatgpt_extension, wrapped_fetch | +20 |
| Multiple AI tools | claude_extension, monica_extension, copilot_extension | +40 |
| Wrapped APIs only | wrapped_fetch, wrapped_xhr | +10 |
Use Cases
Section titled “Use Cases”Content Protection
Section titled “Content Protection”Detect when AI tools might be used to extract or summarize your content:
Alert Rule: AI Content ExtractionTrigger: - flags contains 'claude_extension' OR 'chatgpt_extension' - path matches '/premium/*'Action: Log and alertRationale: User may be using AI to summarize premium contentForm Protection
Section titled “Form Protection”Identify AI-assisted form filling:
Alert Rule: AI Form AssistanceTrigger: - source = 'bot_scanner' - flags contains any '_extension' - path matches '/signup' OR '/checkout'Action: Add CAPTCHA challengeRationale: AI tools may be automating form submissionsResearch and Analytics
Section titled “Research and Analytics”Track AI adoption among your visitors:
Dashboard Query: AI Tool AdoptionGroup by: flagsFilter: flags contains '_extension'Metric: Unique visitors per AI toolAPI Access
Section titled “API Access”Access AI detection data via the WebDecoy API:
Detection Response Fields
Section titled “Detection Response Fields”{ "flags": ["claude_extension", "wrapped_fetch"], "metadata": { "aiBrowserPlugins": { "detected": true, "plugins": ["claude_extension"], "count": 1 } }, "ai_scraper_score": 0, "ai_scraper_category": "none", "ai_scraper_name": null}Filtering API Requests
Section titled “Filtering API Requests”# Get all detections with AI browser pluginscurl -H "Authorization: Bearer $TOKEN" \ "https://api.webdecoy.com/v1/detections?flags_contain=_extension"
# Get Claude extension detectionscurl -H "Authorization: Bearer $TOKEN" \ "https://api.webdecoy.com/v1/detections?flags_contain=claude_extension"
# Get all AI scraper activitycurl -H "Authorization: Bearer $TOKEN" \ "https://api.webdecoy.com/v1/detections?ai_scraper_score_gte=50"Privacy Considerations
Section titled “Privacy Considerations”AI browser plugin detection is designed to be:
- Non-invasive: Only checks for presence, doesn’t read content
- Privacy-respecting: Doesn’t capture what users type into AI tools
- Transparent: Detection signals are clearly documented
Future Detection Capabilities
Section titled “Future Detection Capabilities”WebDecoy continues to expand AI detection as the landscape evolves:
Planned Additions
Section titled “Planned Additions”- New AI Extensions: Detection for emerging AI browser tools
- AI Agent Detection: Identifying AI agents browsing on behalf of users
- LLM API Detection: Detecting pages being fed to LLM APIs
- Content Summarization Detection: Identifying AI summary extraction patterns
Community Contributions
Section titled “Community Contributions”If you discover new AI extension patterns, please report them to help improve detection coverage.
Related Documentation
Section titled “Related Documentation”- AI Scraper Scoring - Detailed AI crawler scoring methodology
- Bot Scanner - JavaScript-based bot detection
- Threat Scoring - Overall threat assessment
- Viewing Detections - Working with detection data