In recent years, well-intentioned companies have provided free services such as CAPTCHA solutions and content delivery networks. However, this has inadvertently aided threat actors. For example, Cloudflare’s Turnstile Services and similar CAPTCHA solutions are often exploited as obfuscation techniques. CAPTCHAs are used to block the crawlers employed by security services from accessing and analyzing phishing sites.

Project Phantom is a stealth mode browser designed to emulate the behavior of regular browsers on physical machines, with a virtual user seamlessly browsing the web. It can bypass the obfuscation techniques employed by CAPTCHA services from Cloudflare, Google, and others to spot the phishing sites they may be hiding. Moreover, the browser can uncover advanced threats hosted on trusted services like SharePoint, Google, Microsoft, and Adobe. These services make up 50 percent of the threats that SlashNext detects daily.

The company has seen a 10x increase in threat detections using the stealth browser. Patrick Harr, CEO of SlashNext, stated, “Over 60 percent of malicious URLs delivered via email are protected by CAPTCHA, which is why we developed this unique technology to detect these threats before they compromise users.” According to Harr, SlashNext’s patented Zero-Trust Stealth Mode Browsers behave exactly like a human user, interacting with CAPTCHAs to access phishing and other malicious content that are hidden behind these barriers for AI analysis.