Talos intent-based detection: Stopping the scrapers that legacy tools can’t see

Cybersecurity tools and procedures were designed to provide full defence against predictable threats that followed patterns that would raise alarms. Familiar CAPTCHAs, IP blocks, browser checks, browser fingerprinting, and login restrictions would provide a protective layer for businesses to ensure only genuine users were using their website, or app, or API responsibly. This layer of cybersecurity used to distinguish human from bot.

What happens when an AI bot successfully completes the CAPTCHA of identifying each bicycle in a series of photos in the amount of time it’s supposed to? What happens when a unique IP is used to access stock? What happens when it mimics human click paths with the right delays? The next generation of scraping bots seamlessly blends in with normal traffic patterns to harvest pricing or extract proprietary content, meaning defence tools are no longer able to defend.

This is why legacy tools fail to detect automated bots. Businesses need to know that this new era of scraping requires a new era of protection. It’s not about blocking bots anymore and knowing which user is non-human; it’s about understanding the intent of each visit. This involves evaluating how pages are accessed, the sequence and timing of requests, and behavioural patterns across sessions. This is the model of Talos:  Netacea’s fifth-generation detection engine that is built for the new era of threats.

The collapse of legacy defences in the age of AI scrapers

Modern bots don’t look malicious to legacy defences, but the level of automation and threat is much more of a threat than ever before, making their scraping attacks much more sophisticated.  
In the LLM era, scraping has become more sophisticated. Autonomous agents now learn how to navigate defences and extract structured or gated content at scale to build Large Language Models or train autonomous systems that continuously learn from your data, simply by simulating human engagement.   
Not only do they function invisibly, but their scale is unprecedented due to automation. AI is the reason this entire shift is happening. It’s the engine that transforms scraping from a simple, mechanical task into something adaptive that understands websites enough to adjust its behaviour in a targeted way to extract what it needs.

Weak points in today’s anti-scraping toolset

Modern defences simply aren’t prepared for a threat that is able to evolve:

Essentially, technical solutions like the IETF’s bot authentication framework and content provenance tools such as C2PA only work optimally when scrapers make it obvious that they are scrapers. Because scraping bots have grown in intelligence, they can effectively evade the defences that used to identify them straight away.

What is the real threat?

Businesses can no longer cling to an obvious distinction between “bot vs human”. Protection begins with a mindset shift. It’s not about blocking bots; it’s about governing bots. The danger isn’t the fact that a bot visited, but rather unpacking what the bot is trying to do, while appearing like a normal user. What’s their purpose?

• Steal your pricing strategy  
• Train competitor AI models on your data 
• Map your entire catalogue  
• Repurpose your proprietary content  
• Pollute your analytics

Bots are not going to self-identify. The only way to protect a business is by understanding why a visitor is acting, not what they look like on the surface.

What is intent-based detection?

Intent-based detection is the best approach for LLM scraping protection because it focuses on the purpose behind a session, not the surfacelevel signals, meaning the bots that replicate human behaviours are identified.

This model prioritises enforcement over assumed cooperation with bots, so even when bots successfully click “I’m not a robot”, they can still be traced and blocked.

Intent-based detection allows you to:

• Allow search engines 
• Allow accessibility tools 
• Allow legitimate integrations 
• Block malicious scrapers 
• Block competitive intelligence bots

Essentially, your digital assets and IP are protected around the clock without impacting genuine users’ experience.

How does it work?

Individual sessions are analysed, looking closely at how a user navigates your site. Intent can be found in the order they move between pages, how long they pause, what they prioritise, and how their journey compares to genuine decisionmaking, to dictate the objective of the visit.  
A real user compares two products, reads reviews, and pauses to think, and later returns; a scraper systematically scans through every product page in a category with identical timing and no decision-making behaviour.

How does Talos take this further?

Talos is the 24/7 detection engine that is built to defend websites, APIs, and mobile apps against increasingly sophisticated, AI-powered bots. It uses machine learning to understand what traffic is trying to do, not just how it looks. It evolves continuously as bots try new tactics to access your content with live insights from live threat intel groups with data from real attacks. Not only does it address the full threat lifecycle, but it doesn’t require any manual work to maintain levels of protection.  
What makes it effective against LLM scrapers is that Talos operates server-side and analyses behaviour across entire user journeys. It avoids JavaScript insertion and device fingerprinting techniques, both of which sophisticated attackers can easily bypass or manipulate.

Why Talos outsmarts modern scrapers

How Netacea caught what others missed

Netacea’s intent-based approach made the difference. For a luxury shoe retailer case the previous provider failed to spot the majority of automated activity because it relied on surface-level signals that bots could easily mimic. Once Netacea was deployed, Talos uncovered 11× more automated sessions, cutting malicious requests by 73% and reducing CPU load by 10%. It’s a clear example of how understanding why traffic behaves the way it does exposes threats that traditional detection simply never sees.

From hidden threats to new revenue streams

Not only does Talos provide bot protection, but it also turns that defence into a source of strategic value. By revealing who is accessing your content, when, how often, and for what purpose, it gives you the ability to identify high-value usage, open licensing conversations, and build monetisation models around demand that was previously invisible.

Scraper bots can be identified and prompted to pay for the content they want to scrape through licensing agreements. Netacea’s metrics reveal which parts of your content ecosystem hold real value.

Defending the new content economy with real visibility

The web was never designed to defend itself against adversaries that can think, which is why security defences struggle to block bots that are adaptable and learn with each failed attempt. Full visibility into threat needs to know not if bots have visited, but why they have visited.

That’s why Netacea’s model is built on intent detections, and our detection engine, Talos, is powering businesses to safeguard their content in this new era of the AI-enabled internet. Combining years of behaviour-based detection experience with the latest in machine learning, the level of insight and accuracy that traditional bot defences simply can’t match.

See what intent detection can reveal about your traffic. Book a demo with Netacea and unlock the visibility you’ve been missing.