From AI-powered insights and streamlined policy tools to expanded ad protection and deeper compliance controls, Q2 was all about empowering customers to act faster, smarter, and with greater clarity. Last quarter, we introduced powerful new capabilities across Account Defender, Bot Defender, Client-side Defense, and Advertising Protection — each designed to drive efficiency, reduce risk, and help you stay ahead of evolving threats.
If you’d like to learn more about any of these features, please contact your account representative or fill out this form to connect with us.
Customers can create centralized lists of identifiers (such as IPs or paths) and use each list as a condition in policy rules. Instead of manually entering the same identifiers and values across multiple rules, users can now trigger rules for policy lists. For example, if you have a large number of specific IPs you want to allow, you can create a list of IPs from Lists Management, then add this list as a single condition into a policy rule. Lists can be updated in the console, over API, or by uploading a CSV. Read the technical documentation.
Customers can now integrate HUMAN’s mobile SDK into a React Native project. The new npm package for React Native enables easy and seamless integration, replacing the previously manual, error-prone, and complex setup process. Read the technical documentation.
AI-generated Account Insights
Customers can now view LLM-powered incident summaries for account takeover incidents. This enables customers to quickly understand the key details of each case and save time on analysis of ATO events.
Customers can now create response actions to account takeover policies using pre-built templates. These include mitigation actions, alerts and notifications, data export, and more. Read the technical documentation.
New Model Anomaly Risk Trigger
A star icon has been introduced to indicate risk at both the activity and account levels. This icon will be displayed for any activity flagged as risky by our internal model deviation model, providing customers with more context for risk triggers.
Self-service Slack Notification Action Configuration
Users can now easily configure Slack notifications by channel and select the specific Slack channels they want to be notified on when a particular policy is triggered. This streamlines internal workflows and collaboration.
Two-person Script Authorization
Enterprises can now create separate roles for “Authorizer” and “Justifier.” The Authorizer is typically a security team member who reviews scripts’ security risks before authorizing them. The “Justifier” is typically a member of the development team who provides the business justification for the script being on the payment page. The roles are available in the “Users” section of the Platform
Solutions: Ad Fraud Sensor, Ad Fraud Defense, Ad Click Defense
- Pre-bid Domain mismatch marker: The release went live on April 30 and completed a series of 2024 enhancements to domain mismatch detection. This release included subdomain support, classification of material vs. non-material mismatches, and improved post-bid IVT detection. These enhancements now also power MediaGuard’s pre-bid capabilities, helping clients catch potential SIVT earlier.
- Made for Advertising: We extended our detection coverage and made it easier to quickly identify MFA domains.
- New Standalone Detection:
- Templated MFA Sites: Identification of domains using low-quality or duplicate content
- New Automatic Detections:
- Inflated Page Count: Detection of slideshows and quizzes that artificially boost page count
- High MFA SChain: A significant portion of the shared supply chain’s traffic have elevated MFA rates elsewhere. This indicates the domain or site shares infrastructure with other entities experiencing high MFA rates.
- New Dashboard Widget: Quickly see top MFA domains flagged by volume — now available on the Insights page.
- MFA Detection Product Guides:
- Compliance Enhancements: New fields have been released in our compliance insights expansion. By validating every hop — from app-ads.txt through SCO nodes to sellers.json — you catch domain spoofing and unauthorized resellers before they enter your auctions.
- New fields added:
- Inventory Partner Domain
- Owner Domain
- Seller Relationship
- First Ad System
- First Seller ID
- First Seller Name
- First Seller Domain
- First Seller Type
- First Seller Relationship
- Ad Click Defense: Development will continue into Q3 to further enhance flexibility and ease of deployment. Additionally, our product documentation has been finalized and is now available on docs.humansecurity.com, providing clear guidance on how to navigate the Ad Click Defense dashboard for customers. Throughout May, we continued to build robust client-facing resources. These materials included comprehensive detection logic, dashboard functionality, and integration guidance tailored for both existing and new customers. We built this solution to help advertising platforms, including retail media networks (RMNs), demand-side platforms (DSPs), and walled gardens to protect revenue and preserve advertiser trust by detecting and filtering invalid clicks that can compromise campaign performance and measurement. We’re proud to share that LinkedIn is the first platform to integrate HUMAN’s Ad Click Defense solution, enhancing advertiser protection. As LinkedIn noted in their press release:
“Embracing new solutions that help validate results is essential for advertisers to prove ROI. Our continued work with HUMAN reinforces our commitment to providing our customers with reliable metrics to help them reach and engage decision makers with confidence and drive meaningful business results.”
Solutions: Malvertising & Ad Quality
- Unified Platform Experience: Launched the consolidated Malvertising and Ad Quality Defense dashboard for platform clients that provides a comprehensive, intuitive view of creative analysis, centralizing key data to empower enhanced control. Platform clients now have access to:
- Advanced threat metrics: Detailed insights into malvertising protections.
- Creative libraries: Streamlined ad creative management and analysis.
- Comprehensive reporting: Integrated Malvertising and Ad Quality analytics in one accessible view.
- Threat Research: Launched the Malvertising Threat Research Team who will uncover various malvertising and ad quality related threat insights.
- Election Report: The team released its inaugural report, The Impact of Elections on Malvertising Patterns, where they share threat findings surrounding the Malvertising and AQ surges leading up to and following the 2024 US election. In the course of this investigation, HUMAN researchers observed:
- Detected a 30,000% spike in political ads which created openings for opportunistic malvertising campaigns, attempting to hide in the sheer volume of advertising leading up to and following the election.
- Malicious landing pages (MLPs): These pages are purpose-built to exploit the increased volume of ads and ensnare users.
- Targeted MLP attacks against major news websites: Knowing that key news websites are crucial channels of public information, threat actors targeted these outlets.
- March Madness: Observed and mitigated threats during expected surge in page views protected and threat levels for our sports clients during the NCAA March Madness basketball tournament.
