How AI is Reshaping the Dynamics of Ad Fraud

Faced with an alarming rise in invalid web traffic due to the rise of AI-powered crawlers and scrapers, Campaign explores the strategies advertisers can implement to mitigate the impact of evermore sophisticated AI ad fraud schemes.

‍

Moreover, there has also been a sharp rise in AI-powered Sophisticated Invalid Traffic (SIVT) schemes. Unlike GIVT, SIVT schemes are intentionally designed to evade detection. Fraudsters use SIVT schemes and intentionally disguise themselves as human visitors, making tactics more damaging for advertisers. For example, SIVT can be caused by scrapers that conceal their nature by hiding behind seemingly benign user credentials.

"Fraudsters have become highly skilled at using AI to create bots that closely mimic human behaviour, making them difficult to detect," says Matt Sutton, CCO at TrafficGuard. "These bots are able to generate large volumes of ad impressions and clicks that mirror and mimic human interactions in real time. This creates the illusion of high volume, genuine traffic performing in human ways, deceiving advertisers into believing their campaigns are performing well."

Sutton ads that the sophistication of ad fraud has reached unprecedented levels, with fraudsters leveraging advanced AI tools to exploit vulnerabilities.

"Everyone is aware of the phenomena of click farms, this can now all be automated and orchestrated using generative AI that evolves where, when and how automated scripted traffic is being generated and how it behaves," says Sutton.

Other emerging trends in ad fraud include sophisticated domain spoofing bots that can splice together non-existent URLs, making fraudulent sites appear legitimate. Bots are also being used to scrape websites, which can be exploited for competitive advantage or other malicious purposes.

"At TrafficGuard we have also seen a huge rise in how applications using AI are being used to scrape websites for information on deals and promotions, which can be exploited by competitors or for other malicious purposes," says Sutton. "In addition, applications using AI can complete actions within apps, such as making purchases, further complicating the detection of fraudulent activity. Malvertising, which involves injecting malicious ads into legitimate advertising networks as they grow, is another tactic used to target specific devices with malware.

‍

Detecting ad fraud

However, just as fraudsters are exploiting AI tools to create more convincing and scalable fraud schemes, verification companies like DoubleVerify and TrafficGuard are leveraging AI to identify the constantly evolving landscape of bots and their sophisticated behavioural nuances.

‍

"We use machine learning algorithms to capture and analyse vast amounts of data in real-time, enabling us to detect patterns indicative of fraudulent activity," says Sutton. "Detecting ad fraud is a constant game of cat-and-mouse and as bad actors increasingly leverage AI to evade detection, in turn our machine learning and generative AI models continue to evolve to identify new anomalies in advertising traffic that become new, known ad fraud techniques."

However, Dr Augustine Fou, an independent cybersecurity and ad fraud researcher, disputes the rise of AI-powered ad fraud, saying that ad fraudsters are not using AI, or AI agents that can buy stuff for you, to enhance SIVT fraud schemes, because it's entirely unnecessary.

"Simple bots are already enough to bypass the fraud detection of the largest two legacy verification vendors," claims Fou. "Ad fraudsters don't need the expense or hassle of AI to accomplish the ad fraud, as has been the case for the last 15 years."

He adds that ad fraudsters were using simple python code to remix plagiarised content (text and images) for their Wordpress-templated sites more than 15 years ago.

"We just didn't call it AI back then. That's how they could create 100s of thousands of fake websites so easily," says Fou. "Ad fraudsters were using simple JavaScript code to fake mouse movements on the page to defeat fraud detection."

He remains unconvinced that machine learning and AI systems are being used to combat evolving ad fraud schemes.

"Neither of the legacy fraud detection vendors can catch even the simplest bots, including ones that declare themselves as bots. So they are definitely not catching slightly more advanced bots," he says. "Also, when these vendors claim they are using AI to catch fraud, it's basically marketing materials and PR. Good guy's AI will always lag behind bad guys' AI, just like good guys detection algorithms have always lagged behind bad guys' algorithms designed to help them evade detection."

Yet Tallariti at DoubleVerify argues that a comprehensive and cohesive strategy is critical to combat SIVT and GIVT, especially as AI introduces more campaign sophistication.

"Advanced verification tools are essential; pre-bid filtering can help block invalid traffic before ad spending is committed, while post-bid monitoring can identify fraudulent activity that bypasses initial defenses," says Tallariti. "Optimising campaign settings is equally important—enabling GIVT and SIVT blocking while refining targeting criteria helps avoid high-risk traffic."

Additionally, Tallariti recommends that regular analysis of campaign data can help in detecting anomalies, such as sudden spikes in clicks or impressions, and predictive analytics can forecast emerging fraud trends to inform proactive adjustments. "By combining these strategies, advertisers can combat both GIVT and SIVT, reduce wasted ad spend and maintain the integrity and performance of their digital campaigns."

‍

Buy from real publishers

However, rather than invest in advanced verification tools to mitigate the increasing sophistication of AI-driven ad fraud schemes, Fou argues that advertisers instead just need to buy direct from real publishers with real human audiences (as opposed to large quantities of ads through programmatic ad exchanges).

"If you've never heard of a website or app before, most likely other humans have not either. So those sites will not have mass audiences of humans," says Fou. "Similarly, if you've never heard of a mobile app before, those mobile apps should not be generating massive quantities of ad impressions for you to buy. If you just look more closely, you can see the obvious fraud to avoid. Advertisers are starting to do this and dispensing with the legacy verification vendors who have failed to detect more than 1% of the fraud for the last decade straight."

Fou argues that some of the top verification vendors are public companies and their top priority is to increase revenues and profits.

"The best thing advertisers can do is turn off fraud detection (pre-bid blocking and filtering, post-bid detection) so they can see there is no change," adds Fou. "They should also ask the vendors to explain why they marked something as fraudulent or why they failed to detect even the most simple of bots. This should help inform advertisers that they have been wasting money on fraud verification for years."

However, Sutton at TrafficGuard maintains that much like the scourge of phishing emails, the industry must accept that AI bots are here to stay.

"As AI becomes more capable and accessible, the threat of AI-driven bots stealing ad budgets will become more acute," says Sutton. "Advertisers no longer have the luxury of ignoring ad fraud and need to implement systems that protect them from this activity."

‍

Read more at Campaign Asia.