Bolster AI + Akamai: Innovation to Counter the Fastest Growing Attack Surface

Bolster AI
Bolster AI
bs-single-container
Contents hide
1 The problem: phishing has become conditional
2 Why this matters: your customers are the new attack surface
3 What we’re building together
4 Why now: AI is accelerating fraud at industrial scale
5 Join us at RSA

A joint perspective on geo-fenced fraud, adaptive capture, and campaign disruption

Fraud is the fastest growing attack surface, and it’s targeting your customers.

At Bolster AI, we’ve seen a clear shift in how phishing and impersonation campaigns operate: attackers are increasingly using geo-fencing and conditional delivery to ensure real victims (your customers) see convincing malicious experiences, while traditional automated scanners see something very different, or more often than not, nothing at all.

This innovation in fraud, driven by AI generated and managed assets,  is one of the reasons fraud is harder to detect, harder to triage, and harder to disrupt than it was even a year ago. It also sets the stage for why we’re excited to be partnering with Akamai and why we’re joining them at RSA this month to share what we’re building together.

Our shared view is simple: if the attacker controls what you can see, you need a better way to observe the threat: globally, adaptively, and at scale.

The problem: phishing has become conditional

For years, phishing defense relied on a straightforward workflow: detect a suspicious URL, visit it in a controlled environment, capture what it shows, classify it, and then take it down. That approach assumes a scanner sees what the victim sees.

In today’s threat landscape, that assumption increasingly breaks down. Many phishing and impersonation pages now behave differently based on context, including:

  • Geo-fencing and language targeting: only serving the malicious experience to specific countries, regions, or language settings
  • Data center / proxy blocking: returning blank pages or harmless decoys when requests come from infrastructure that looks like automated scanning
  • ASN filtering: denying access from networks commonly associated with cloud providers or security tools
  • Behavior-based gating: redirect chains, delayed loading, CAPTCHA walls, or human-verification steps designed to frustrate automated capture

To a victim in the targeted region, the fraud flow looks complete and persuasive. To a scanner operating from the wrong vantage point, it can appear blank, incomplete, or benign. This innovation in fraud leads to false clean or unknown outcomes that slow response and leave users exposed.

Why this matters: your customers are the new attack surface

This evolution aligns with a broader shift: customers are now a primary attack surface. Attackers build on systems people already trust: search results, paid ads, familiar brands, and everyday business workflows — and then tailor fraud to the user’s context so it feels legitimate.

The ultimate goal of these attacks isn’t just to evade detection. It’s to create a high-conversion experience for real people, while systematically degrading a defender’s visibility. Think geo specific marketing campaigns that are designed to prevent outsiders from blowing the whistle on an attack. 

What we’re building together

Conditional phishing is, at its core, a vantage-point problem. If content changes based on geography, network type, and request characteristics, then detecting it reliably requires the ability to observe it under the same conditions victims experience.

Akamai operates one of the most widely distributed global networks in the world. Bolster brings world class  detection, campaign analysis, and advanced takedown capabilities focused on brand impersonation and consumer-facing fraud. Securing the ‘Human Edge’ (protecting the moment a user decides to click, trust, log in, approve, pay, or respond in the digital world) has never been more critical. Together, we’re exploring four capabilities that we believe can improve how the industry handles this quickly growing attack surface:

1) Higher-fidelity capture: seeing what targets see

A globally distributed network creates the possibility of testing “what does the victim see?” across multiple geographies and languages quickly — rather than relying on a single region-based scanner and hoping it matches the attacker’s targeting profile.

Our aim is to make capture more victim-true, improving confidence in downstream classification, escalation, and takedown.

2) Lower false clean/unknown rates: treating evasions as signals

When a scan to detect phishing and fraud returns a blank page, that shouldn’t be a dead end. Increasingly, it’s a signal.

One of the technical directions we’re exploring is adaptive recapture: if content appears incomplete, decoyed, or gated, the system can treat that as a behavioral indicator and automatically retry from an alternative vantage point and configuration, informed by historical success patterns.

We aren’t just scanning more, we are scanning more intelligently, with evasions feeding a learning loop that improves future capture. As the fraud evolves, our intelligence and AI models will evolve with it. 

3) Faster disruption: shifting from page-level triage to campaign-level response

Attackers rotate URLs constantly, but they often reuse underlying components: kits, scripts, credential endpoints, redirect logic, and infrastructure patterns.

Once a single confirmed asset is identified, the next step is not just takedown — it’s expansion: clustering related pages by fingerprints, correlating shared infrastructure, and mapping the broader campaign surface so response can address the threat systemically.

4) Understanding blast radius: estimating potential exposure

Security leaders increasingly need more than binary answers like “is it up or down?” They need to understand impact: how widely a campaign propagated, how long it was exposed, where it was targeted, and how many users may have encountered it. This is something we hear all the time at Bolster: “How many of my customers do you think have interacted with this phishing page?”. 

As part of the partnership, we’re exploring ways to use global resolution and related infrastructure signals to estimate potential exposure windows and audience size for specific fraud assets — turning takedown from a purely operational activity into something leadership can understand and measure.

Why now: AI is accelerating fraud at industrial scale

Generative AI is reducing the time and cost required to build convincing fraud flows, localize language and branding, test variations, and run campaigns continuously. That doesn’t just increase volume — it increases speed, iteration, and sophistication.

As fraud becomes more automated, defensive systems need to become more automated as well — with global observation, adaptive behavior, and intelligence-driven disruption built in from the start.

Join us at RSA

We’re excited to be working with Akamai on these challenges and to share more at RSA. While this is an evolving effort and there’s meaningful engineering ahead, we believe the direction is clear: phishing is conditional, fraud is globally targeted, and defenders need a global, adaptive, campaign-aware approach to keep pace.

If you’re at RSA, schedule time with Bolster or visit the Akamai booth to meet the teams and learn how we’re approaching conditional phishing — and what it looks like to build defense that helps teams see what victims see.