Zero-Configuration Bot Protection

Bot Protection That Just Works

No machine learning expertise required. No complex rules to configure. No maintenance headaches. Just drop it in and watch it adapt to your traffic in real-time. Every endpoint learns automatically.

Works out of the box • Learns automatically • Improves continuously
Powered by StyloFlow • Raspberry Pi to Server Clusters

Why StyloBot is Different

The features that make bot detection actually work

Zero Configuration

Add two lines of code and you're protected. No complex rules. No tuning required. No ML expertise needed. 

builder.Services.AddBotDetection();
app.UseBotDetection();

That's it. Really.

Self-Improving AI

Learns from every detection. Adapts to new bot tactics automatically. Gets smarter with every request.

  • Pattern reputation evolves in real-time
  • Weights adjust based on outcomes
  • Drift detection prevents model decay
  • No retraining required

Lightning Fast

Sub-millisecond detection doesn't slow your site. AI inference in <1ms. No noticeable latency.

Heuristic AI
<1ms
Fast Detectors
<1ms

Stealth Defense

Bots can't detect they're being detected. Stealth throttling, silent redirects, and invisible challenges.

Bots keep trying, you stay protected

Self-Hosted & Private

Everything runs in your infrastructure. No data leaves your servers. No third-party dependencies. GDPR friendly.

No external API calls
All ML runs in-process
SQLite for storage (optional)

Flexible Policies

Different rules for different endpoints. Strict for checkout, relaxed for content. Path-based, risk-based, fully customizable. 

"PathPolicies": {
  "/api/login": "strict",
  "/api/checkout": "strict",
  "/sitemap.xml": "allowBots"
}

Adaptive Scaling

Built on the powerful StyloFlow workflow engine. Runs anywhere from a Raspberry Pi to massive server clusters. Dynamically optimizes resource usage based on load.

  • Bounded concurrency prevents overload
  • Auto memory cleanup prevents leaks
  • Signal-based coordination
  • Observable async operations
Learn about StyloFlow

Deploy Anywhere

Raspberry Pi for hobbyists. Cloud VMs for startups. Kubernetes clusters for enterprises. Same code, scales automatically.

Minimum
Pi Zero
512MB RAM
Maximum
Unlimited
Horizontal scaling
The Paradox

Zero Config. Infinite Control.

Set it and forget it, or become a bot-hunting surgeon. Your choice.

Install & Ignore

Two lines of code. That's it. The system immediately starts learning your traffic patterns and protecting your endpoints.

Auto-Discovery

Every endpoint in your app is automatically tracked and protected

Per-Endpoint Learning

/login gets stricter, /sitemap.xml stays open—no config needed

Traffic Profiling

Learns "normal" behavior unique to YOUR application

Adaptive Thresholds

Detection sensitivity adjusts automatically based on outcomes

builder.Services.AddBotDetection();
app.UseBotDetection();

// Done. Protected. Learning.

Surgical Precision

Want control? You've got it. Override anything, tune everything, customize any behavior.

Per-Path Policies

/api/checkout: "nuclear", /blog/*: "relaxed"

Risk-Based Actions

0.3-0.5: throttle, 0.5-0.8: challenge, 0.8+: block

Custom Detectors

Write your own detection logic, plug it into the pipeline

Learning Rate Tuning

Conservative or aggressive—dial in the exact adaptation speed

"PathPolicies": {
  "/api/admin/*": "paranoid",
  "/api/checkout": "strict",
  "/health": "allowAll"
}

The Best Part?

You can switch between these modes instantly. Start with zero config, add overrides only where you need them. The automatic learning never stops—even your custom rules benefit from adaptive intelligence.

The Intelligence Behind It

Multi-layered AI that adapts to your traffic

Adaptive Machine Learning

Learns Your Traffic Patterns

The heuristic AI model doesn't just detect bots—it learns what "normal" looks like for YOUR application. Every request refines the model. Every blocked bot makes it smarter. Every false positive teaches it to be more precise.

  • Exponential Moving Average Learning

    Pattern reputations evolve smoothly. Not too reactive, not too slow.

  • Time Decay & Forgiveness

    Old patterns fade. Infrastructure changes don't haunt you forever.

  • Concept Drift Detection

    Alerts when bot behavior shifts. Automatic adaptation to new threats.

Learning Feedback Loop

1
Detection Occurs
Multi-signal analysis produces confidence score
2
Action Taken
Block, throttle, challenge, or allow
3
Patterns Updated
Reputation scores and weights adjust
4
Next Request Smarter
Improved accuracy on future detections

Instant Abort for Known Threats

Confirmed bad patterns trigger instant 403s before any analysis. Sub-microsecond lookups in memory cache.

Latency Impact
<0.1ms
Hash table lookup
Known Bad Patterns
Instant
No analysis required
Performance Optimization

Fast-Path Reputation Cache

Once a pattern is confirmed bad (high confidence over multiple requests), it gets promoted to the fast-path cache. Future requests from that pattern get blocked instantly—no detection pipeline, no AI inference, just instant rejection.

Why this matters

Under heavy bot attack, 90%+ of requests hit the fast-path cache. Your server barely notices.

Flexible Response Actions

Not all bots deserve the same treatment

Stealth Throttle

Slow bots down without them knowing. Variable delays with jitter. Risk-scaled timing.

Default

Hard Block

Instant 403. For confirmed malicious traffic and security scanners.

Strict

Challenge

Proof-of-work, CAPTCHA, or JavaScript tests. Verify humanity before allowing access.

Moderate

Honeypot Redirect

Silent redirect to study bot behavior. Learn new attack patterns automatically.

Intel

Shadow Mode

Log detections without blocking. Test rules in production safely.

Testing

Custom Policies

Write your own action policies. Webhook alerts, custom logging, anything.

Extensible

Enterprise-Grade Architecture

Without the enterprise complexity

Production-Ready Features

  • OpenTelemetry integration - Full observability out of the box
  • Health checks & diagnostics - Standard ASP.NET Core health endpoints
  • Graceful degradation - Never blocks your pipeline, even on failure
  • Docker & Kubernetes ready - Stateless design, volume mounts for persistence
  • Multi-instance safe - SQLite WAL mode or Redis for shared state

Developer Experience

  • Rich IntelliSense - Fully documented APIs with XML comments
  • Fluent configuration - JSON or code, your choice
  • Extension points everywhere - Custom detectors, policies, storage
  • Test mode support - Simulate any bot type in dev
  • Comprehensive docs - Real examples, not just API references

Fits Your Stack

Works with what you already have

ASP.NET Core

Middleware, MVC attributes, endpoint filters. Use what feels natural.

Docker/K8s

Stateless design. Volume mounts for learned weights. Horizontal scaling ready.

Stop Configuring. Start Protecting.

Bot protection that just works, learns automatically, and improves continuously.

View on GitHub Install from NuGet

Open source • MIT License • .NET 8/9