The economics of anti-bot vendors: how detection-as-a-service is priced and sold

A site owner who wants to keep bots off a login page has a strange purchasing decision in front of them. The thing they are buying is a verdict: human or machine, issued on every single request, in a few milliseconds, billions of times a month. There is no unit of that verdict you can hold, no per-seat license, no box. The vendor’s cost to produce one more verdict is close to zero once the detection model exists, and yet the contracts routinely start at five figures a month and climb into the millions a year. How does a market price a product whose marginal cost rounds to nothing and whose value is entirely in being right more often than the adversary expects?

That gap, between near-zero marginal cost and high contract value, is what this post is about. Not the byte layout of any one cookie or the math inside a fingerprint, but the business layer sitting on top of all of it: how detection-as-a-service is metered, what the meters actually count, why the published prices look the way they do, who the buyers and sellers are after a decade of consolidation, and how a competent engineering team should run the buy-versus-build calculation before signing.

The route below. First, what the meter counts, because the choice between per-request, per-domain, and per-property billing shapes everything downstream. Then the published price points from the handful of vendors who publish anything at all, and why most do not. Then the market size, with the wide spread between estimates explained rather than averaged away. Then the vendor map and the mergers that drew it. Then the buy-versus-build calculation, which is more interesting than the usual “it’s hard, just buy it” answer. Then a newer wrinkle: the same infrastructure being repurposed to charge AI crawlers rent rather than block them outright. A closing note on what the pricing model reveals about the product.

What the meter actually counts

Every pricing model in this market is a decision about what to count, and that decision leaks information about how the vendor thinks about its own cost and its own value.

The dominant meter is the request. DataDome, the most transparent of the major vendors on price, bills by monthly request volume across published tiers. Its Essentials plan lists at $3,830 per month and includes 100 million requests; Advanced lists at $8,670 for 200 million requests, and Premium at $10,160 for the same 200 million but with longer data retention and more integrations. Above that sits an Enterprise Plus tier that is not priced publicly at all. The shape here is worth noticing: you are not charged per blocked bot, you are charged per request examined, whether the verdict is human, bot, or unsure. The vendor inspects everything, so the vendor bills on everything.

Counting requests aligns the bill with the vendor’s real cost driver. Each request that hits the detection edge consumes a TLS handshake to fingerprint, an HTTP/2 frame ordering to hash, a header order to compare, possibly a JavaScript challenge to serve and a sensor payload to score. That work scales with request count, not with customer count or domain count. A request meter is the vendor charging for the thing that actually costs them money to do. It also means a customer under a credential-stuffing attack, whose request volume spikes by orders of magnitude precisely when they most need protection, can blow through a tier and trigger overage, which is a recurring source of friction in these contracts.

*The three common meters. Per-request tracks the vendor's true cost; per-domain trades predictability for fairness across uneven properties; the platform-plus-usage hybrid is where most enterprise contracts land.*

The second meter is the domain, or more precisely the protected property. Akamai’s Bot Manager, which grew out of the company’s CDN business, has historically leaned toward per-protected-domain pricing or a platform fee plus a usage component. Buyer-reported figures put Akamai contracts roughly in the $15,000 to $100,000-plus per year range depending on the number of applications and traffic, with a practical floor around $3,000 a month and enterprise deployments running into the low hundreds of thousands annually. A per-domain meter is predictable in a way a request meter is not. You know how many hostnames you are protecting, and the bill does not move when you get attacked. The cost is fairness: a company with one enormous property and a company with forty small ones pay very differently under per-domain pricing than they would under per-request, and the vendor’s sales motion has to handle that with custom quoting.

Cloudflare sits at the third position. Bot Management is an Enterprise-only add-on; there is no published price, and the documentation says plainly that it is “added to Enterprise plans by your account team.” In practice that means a platform-plus-usage shape negotiated per contract, sitting on top of an Enterprise base that industry reporting puts at a floor of roughly $3,000 to $5,000 a month before the bot add-on, with mid-market deployments that include Bot Management and multiple zones commonly landing somewhere between $8,000 and $25,000 a month. Cloudflare’s own scoring machinery, the 1-to-99 bot score that every request gets stapled to it, is the same regardless of what you pay; what the contract buys is access to the feature, the analytics, and the support, not a better model.

The pattern across all three is that the meter is never “bots blocked.” No major vendor bills on outcomes, because outcomes are unfalsifiable in the customer’s favor. If you billed per blocked bot, every vendor would have an incentive to over-block, and every customer would dispute the count. So the industry meters on inputs it can measure cleanly, requests, domains, bandwidth, and prices the verdict as a fixed cost of having the inspection running at all.

The published prices, and the silence around them

The striking thing about anti-bot pricing is how little of it is public. DataDome publishes three tiers. Almost nobody else publishes a number you can act on.

That silence is a deliberate sales strategy, and it is worth naming the reasons rather than treating it as mere coyness. First, value-based pricing only works when the price can be set per customer. A vendor protecting a top-ten retailer’s checkout flow during a product drop is preventing a different order of magnitude of loss than one protecting a hobbyist forum, and the vendor wants to capture a slice of that prevented loss. Publishing a price anchors the negotiation and caps the upside. Second, these contracts bundle services that are genuinely hard to commoditize: onboarding, tuning, a named support team, custom rules, incident response during an active attack. The published-price tiers tend to be the self-serve products; the real money is in the custom enterprise tier where the bundle is the product. DataDome’s own structure shows this, the three published tiers top out and then hand off to an unpriced Enterprise Plus.

There is a second-order effect of all this opacity that matters to anyone trying to compare vendors. Because almost nobody publishes, the comparison shops, the Capterra and Vendr and PriceLevel listings, are built from buyer-reported deal data rather than rate cards, and those numbers carry wide error bars. A figure like “DataDome Essentials, $3,830 a month, 100 million requests” is a real published list price you can verify on the vendor’s own page. A figure like “Akamai contracts run $15,000 to $100,000 a year” is an aggregate of what buyers said they paid, which depends on what they negotiated, what they bundled, and how good their procurement team was. The two kinds of number should not be read with the same confidence, and most listicles that average them together are averaging apples and rumors.

When a vendor does publish, read the fine print on what the request count includes. A tier that covers 100 million requests a month sounds generous until you realize a mid-traffic e-commerce site can do that in well under a week during a sale, and that the meter counts every request to a protected path, not just the suspicious ones. The published number is a starting anchor for the self-serve buyer, not a ceiling, and the jump from the top published tier to “call us” is where the pricing model stops being a list and becomes a negotiation.

Sizing a market that can’t agree on its own size

If you search for the size of the bot management market you will get numbers that disagree by more than an order of magnitude, and the disagreement is itself informative.

At the low end, one research firm put the bot mitigation market at roughly $779 million in 2025, growing at better than 23% a year toward $6.5 billion by 2035. In the middle, others land around $2.5 billion in 2025 heading toward $7.4 billion by 2034 at about 14% compound growth, or roughly $3.9 billion in 2025 on other methodologies. The spread is not sloppiness so much as a definitional fight. A narrow definition counts only dedicated bot-mitigation products sold as a line item. A broad one folds in the bot-management features bundled inside web application firewalls, CDN security add-ons, fraud platforms, and API security tools, where the bot function is real but not separately invoiced. The same dollar of a Cloudflare or Akamai contract can sit inside the bot-management market or the CDN-security market depending on whose report you are reading.

The growth rate is the part the estimates roughly agree on, and the reason is in the traffic data. Imperva’s annual Bad Bot Report, drawn from the company’s own network telemetry, found that automated traffic crossed a threshold that had been approaching for years: bots made up 49.6% of all internet traffic in 2023, with bad bots at 32%, and the following year’s report had automated traffic surpassing human traffic for the first time in a decade at 51% of the total, with bad bots at 37%. When more than a third of every request hitting a public endpoint is hostile automation, and that share rises every year, the demand curve for detection does not need a marketing department to explain it. The buyers are responding to a measurable change in what is on the wire.

*The demand driver in one chart. Bad-bot share kept climbing and human traffic dropped below half in 2024, per Imperva's network telemetry. Orange bars are bad bots; the white line is human traffic.*

So the honest summary is that the market is somewhere in the low single-digit billions of dollars depending on how you draw the boundary, growing at a mid-teens to low-twenties percentage a year, and that the boundary you draw matters more than the precision of any single estimate. For a buyer this matters because it tells you the market is large enough to have real competition and specialization, but not so large that the vendors can ignore a serious customer. You have more bargaining room in these negotiations than the published opacity is designed to make you feel.

The vendor map, drawn by a decade of mergers

The current set of major vendors is the product of consolidation, and you cannot understand the pricing without understanding who bought whom.

The independent specialists who still sell bot mitigation as their main product are a short list. DataDome is the most prominent pure-play, a French company that raised a $42 million Series C in 2023 and reports on the order of 10,000 customers and detection across hundreds of billions of attacks a year. Kasada, Australian in origin, raised a $23 million Series C in late 2021 and built its reputation on a proof-of-work and anti-instrumentation approach aimed at the most sophisticated automation. Arkose Labs sells a challenge-centric model. These are the companies for whom the verdict is the entire business, and they tend to be the most willing to price aggressively and publish at least something, because they are competing against bundled features from much larger platforms.

Then there are the platforms that absorbed bot mitigation into a larger stack. Akamai bought Cyberfend, a bot-detection startup founded in 2014, in an all-cash deal that closed in December 2016, and folded its technology into Bot Manager. F5 acquired Shape Security in a $1 billion all-cash deal that closed in January 2020, the largest acquisition in F5’s history at the time, which became F5’s bot defense line. PerimeterX merged with HUMAN Security in July 2022 in an all-stock deal that valued the combined company around $1.5 billion, with more than $100 million in annual recurring revenue between them; that rebrand is the reason the PerimeterX cookie names live on under the HUMAN brand. And Imperva, which publishes the Bad Bot Report that half the industry cites, was itself acquired: Thales bought it from Thoma Bravo for $3.6 billion in a deal that closed in December 2023, putting one of the most-cited bot data sources inside a French defense conglomerate.

*Consolidation in the bot-mitigation market. The detection technology a buyer signs for in 2026 frequently originated in a startup that a CDN, a hardware vendor, or a defense conglomerate has since absorbed.*

This history has direct pricing consequences. When bot mitigation lives inside a CDN (Akamai, Cloudflare) or an application-delivery vendor (F5), it is sold as an add-on to an existing platform relationship, which is why it shows up as an Enterprise-tier upsell with no public price, priced against the value of the whole account rather than the bot feature alone. When it lives in a pure-play (DataDome, Kasada), it has to stand on its own and justify a separate line item against the bundled alternative, which pushes those vendors toward clearer tiers and sharper feature differentiation. The buyer’s first real decision is often not which vendor but which kind of vendor: a feature inside a platform you may already pay for, or a specialist you bolt on. The cookie and challenge mechanics differ too, which is why a buyer comparing, say, DataDome’s first-request signals against Akamai’s _abck sensor flow is really comparing two different engineering philosophies that the merger map helps explain.

The independent analysts have tried to impose order on this. Forrester’s Wave for Bot Management Software in the third quarter of 2024 evaluated 11 vendors against two dozen criteria and named DataDome and HUMAN as Leaders, with F5, Cloudflare, and Kasada among the Strong Performers. That report is itself a pricing input: a Leader placement is a negotiating chip the vendor uses to hold the line on price, and a Strong Performer placement is a chip the buyer uses to push back. The Wave does not publish prices, but it shapes them.

The buy-versus-build calculation, done honestly

The default advice is that you should never build your own bot detection, that it is too hard and the adversary too fast. That advice is mostly right and is also a slogan, and a senior engineer deserves the actual decomposition rather than the slogan.

Start with what you are actually buying when you buy. You are not buying a list of bad IPs; those are commodity and decay in hours. You are buying three things that are genuinely hard to reproduce in-house. The first is a network effect: a vendor that sees a botnet hit one customer can inoculate every other customer in the same minute, which is the whole pitch behind HUMAN’s collective signal network and the equivalent cross-customer telemetry every major vendor runs. You cannot replicate that with one site’s traffic, full stop, because the signal you need is the traffic you do not see. The second is the research treadmill: keeping JavaScript-runtime fingerprinting and TLS and HTTP/2 fingerprinting current against headless-browser frameworks that patch their tells every few weeks is a full-time team’s job, and it never finishes. The third is the obfuscated client payload, the part that makes the collected sensor data hard to forge, which is its own specialty.

Now the other side, which the slogan ignores. A large amount of bot defense is buildable and cheap, and building the cheap parts changes which tier of the expensive part you need. Rate limiting per route and per token is yours to own. So are honeypot form fields and timing traps, which catch a surprising fraction of unsophisticated automation for the cost of a hidden input and a server-side check. Blocking datacenter ASNs outright, before any vendor sees the request, removes a large slice of the crude traffic that would otherwise count against your metered request volume, which is the kind of ASN-reputation reasoning you can do with public data and a maintained list. The decision is not binary. The competent move is to build the cheap server-side layer that stops the unsophisticated 80%, then buy a vendor for the sophisticated 20% that needs the network effect and the research treadmill, and let the cheap layer hold your metered volume down so the bought layer costs less.

The cost that buyers consistently underestimate is not the license. It is integration and false positives. Every vendor in this market has a false-positive rate, and a false positive on a checkout page is a lost sale and a support ticket, which means the real cost of the contract includes the engineering time to tune thresholds, maintain allowlists for your legitimate partners and your own monitoring, and the revenue lost to the humans the model gets wrong. A vendor that quotes you $10,000 a month and costs you another $10,000 a month in tuning and lost conversions is a $20,000-a-month vendor. That total cost is the number the buy-versus-build calculation should run on, and it is the number the published list price is specifically designed not to show you.

There is one more honest point. Where the decision actually gets made, server-side versus client-side, determines how much of the system you can even inspect, let alone build. A vendor whose verdict is computed entirely server-side from signals you cannot see is a deeper lock-in than one that exposes a score you can reason about and override. The lock-in is part of the price, and it does not appear on any invoice.

When the meter flips: charging bots instead of blocking them

There is a development that changes the economics in a direction the whole industry assumed was impossible: selling access to bots rather than denying it.

In mid-2025 Cloudflare launched a private beta of “pay per crawl,” which inverts the usual model. Instead of a binary block-or-allow verdict on an automated crawler, a publisher can set a flat per-request price and let AI crawlers pay to scrape. The mechanism reaches back to a status code that had been dormant for most of the web’s history: HTTP 402, Payment Required. A crawler that requests a protected page without payment intent gets a 402 with a crawler-price header stating the cost; a crawler that wants the content sends a crawler-max-price or crawler-exact-price request header, and on success receives a 200 with a crawler-charged header confirming the amount billed. Cloudflare sits in the middle as the recorded entity that reconciles the payments. The pricing is publisher-set and flat per request across a site, with per-crawler overrides, and a December 2025 update added a discovery API so verified crawlers can find participating domains programmatically.

*The same detection edge that blocks a bot can instead meter it. The 402 handshake turns the human-or-machine verdict into a paywall with a price tag, which is a different product built on identical infrastructure.*

The economic significance is larger than the feature. For a decade the entire industry sold one thing: a verdict that ended in block or allow. Pay per crawl uses the exact same identification machinery, the same need to reliably distinguish a known AI crawler from a human or a disguised scraper, but routes the verdict into a billing decision instead of a security one. The detection is the asset; block and bill are just two outputs from it. That reframes what these vendors are really selling. They are selling reliable identity at the edge, and identity can gate a door or ring up a register with equal ease. A market that grew on fear of fraud now has a second revenue surface in monetizing access, and the same companies own both because they own the identification layer underneath.

It is too early to know whether pay per crawl becomes a real revenue line or stays a beta curiosity, and an honest post should not pretend otherwise. What is not too early to observe is the structural point: the value was never in the blocking. The blocking was one way to cash in an accurate verdict, and the moment a second way appeared, the same infrastructure pivoted to serve it without changing the detection underneath.

What the price tag tells you about the product

Run back through the pricing decisions and a single fact keeps surfacing: nobody in this market sells the bot block, and everybody sells the verdict. The meter counts requests because requests are what the inspection costs. The published price stops at the self-serve tier because the verdict’s value is per-customer and the vendor wants to capture it. The market’s size estimates disagree because the verdict hides inside CDNs and WAFs and fraud tools, billed under other names. The mergers consolidated the verdict-makers into the platforms that already had the customer relationship. And pay per crawl proved the verdict was the product all along, because the instant a non-security use for an accurate verdict appeared, the same machinery served it.

For the engineer holding the purchasing decision, that shift in how you read the bill is the useful one. You are not buying protection, which is unmeasurable and unfalsifiable. You are renting a continuously-updated ability to tell a machine from a person on your own traffic, an ability that depends on signal you structurally cannot generate from one site and on a research cadence you cannot match part-time. Price the contract against that specific capability, build the cheap server-side layers that shrink how much of it you need, and treat the false-positive cost as part of the bill rather than a footnote. The vendors have organized their entire pricing model around making the verdict feel like a fixed cost of doing business. It is a fixed cost of having the inspection running. Whether it is worth your money is a question about how much of your traffic is hostile, how much of the cheap layer you are willing to build yourself, and how much you trust a number you did not compute and usually cannot see.

The most concrete thing to take away is the asymmetry the whole industry runs on. The vendor’s marginal cost to issue one more verdict is effectively zero, and yet the verdict is priced as though it were scarce, because being right about it is scarce. You are paying for the rightness, not the verdict, and the rightness has a maintenance cost that never reaches zero on either side of the fight.

---

Sources & further reading

• DataDome (2026), DataDome pricing — published Essentials/Advanced/Premium tiers at $3,830 / $8,670 / $10,160 per month with request-volume inclusions, mirrored from DataDome’s own pricing page on Capterra.
• Cloudflare (2026), Plans — Bot Management for Enterprise — confirms Bot Management is an Enterprise-only add-on enabled by the account team, with no public price, and lists the included detection features.
• Imperva / Thales (2024), 2024 Bad Bot Report — source for bots at 49.6% of traffic in 2023 and bad bots at 32%, the demand-side data the market cites.
• Imperva (2025), Bots now make up the majority of internet traffic — automated traffic surpassing human traffic at 51% in 2024, bad bots at 37%.
• Forrester via DataDome (2024), The Forrester Wave: Bot Management Software, Q3 2024 — 11 vendors evaluated; DataDome and HUMAN named Leaders, others Strong Performers.
• F5 (2020), F5 completes acquisition of Shape Security — the $1 billion all-cash deal that became F5’s bot-defense line, closed January 2020.
• TechCrunch (2022), HUMAN Security merges with PerimeterX — all-stock merger, ~$1.5B combined valuation, $100M+ combined ARR.
• Thoma Bravo (2023), Thoma Bravo completes sale of Imperva to Thales — the $3.6 billion acquisition, closed December 2023.
• Akamai (2016), Akamai acquires Cyberfend — the bot-detection startup folded into Akamai Bot Manager, closed December 2016.
• Kasada (2021), Kasada secures $23 million in Series C funding — funding, retention, and customer-growth figures for one of the independent specialists.
• Cloudflare (2025), Introducing pay per crawl — the HTTP 402 mechanism, the crawler-price / crawler-exact-price / crawler-charged headers, and the flat per-request publisher-set pricing model.
• ResearchNester / DataIntelo (2025), Bot mitigation market size & forecast — one end of the wide market-size range, useful read against other firms’ estimates to see how definitions move the number.