Check out all the on-demand sessions from the Intelligent Security Summit here.

The market for policing the world of online advertising is heating up. Pixalate, the advertising analytics firm based in Palo Alto and London, announced a new round of $18.1 million of growth capital, increasing the total investment to date to $22.7 million. It plans to expand its tracking work to help enterprise organizations deliver better legal compliance and data privacy in the age of extreme AI-generated attacks and bot-directed ad fraud.

Enterprise organizations lose millions in ad revenue thanks to fraud and bad actors. Detecting those kinds of behaviors has grown harder as fraudsters deploy better tools like so-called “headless browsers” such as Puppeteer. These tools were originally created to help programmers test their work, but they make it simple to write bots that visit the same pages and click on ads.

Sophisticated bot creators can simulate much of what a real person could do, which forces enterprises to watch for patterns in low-level parameters like the IP address. For instance, thousands of requests for web pages in a few minutes from the same computer are unlikely to be from a real human.

Detecting ad fraud bot behavior

Pixalate’s funding is directly “focusing on emerging international regulatory obligations such as GDPR, CCPA, and the Children’s Online Privacy Protection Act (COPPA),” according to the announcement of the new funding. Pixalate builds its reports by combing through log files looking for examples of what it calls “invalid traffic” (IVT) and “sophisticated invalid traffic” (SIVT). Its tools try to distinguish between the behavior of a real human and an automated bot that is creating fake clicks just to collect revenue for the publisher. These measures track mistakes such as incorrect configuration. When each webpage is loaded, the browser reports its name, the so-called “user agent”; some bot creators use incorrect or misspelled names.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Pixalate has had plenty of success in the past detecting and publicly identifying ad fraud, such as the so-called Monarch scheme, which poisoned some Roku apps in order to spoof ad companies into believing that more than $10 million of political ads were viewed.

More sophisticated analysis can discover questionable ad placements on the web page. A common technique is to stack multiple ads on top of each other. The user sees only one ad, but the ad servers believe that many are actually visible. Sometimes the web designers will hide the ads in difficult-to-find sections of the page.

Some attacks can also reveal users’ personal information. The Matryoshka scheme apparently inserts malicious JavaScript that can, in the process of defrauding ad companies, collect personal information like the user’s latitude and longitude.

Pixalate supports advertising buyers with analytics for mobile apps and connected TV (CTV) platforms like Roku. It tracks online behavior looking for anomalies that might indicate fraud. This information is distilled into reports like its Publishers Trust Index, which scores apps according to how often questionably fraudulent behavior appears.

Additional funding comes from early Palantir and Google investor Western Technology Investment (WTI). Javelin Venture Partners, a prior investor, also added to their investment. Noah Doyle, managing director at Javelin Venture Partners, said that he was particularly attracted to their coverage for emerging markets like connected TV platforms like Roku, adding that “their data footprint is unprecedented.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.