Pop Goes the Stack

A North Carolina musician was arrested after using AI to generate fake bands and bots to stream their songs—racking up over a billion plays and pocketing $10 million in fraudulent royalties. It’s the first U.S. case of AI-driven music streaming fraud, and it’s less about music than it is about bots exploiting business models. 

For enterprises, the lesson is simple: if you treat all traffic as legitimate, bots will eat your margins. With AI making bot behavior increasingly human-like, traditional defenses like packet filtering or basic behavior analysis are no longer enough.

In this episode, Lori MacVittie is joined by Principal Threat Researcher, Malcolm Heath, to dive into the challenges of defending against AI-driven bots, especially as tools and agentic AI make attacks more sophisticated. They uncover key strategies to identify and neutralize bots while exploring the evolving role of observability and behavioral detection in enterprise security.

Learn how you can stay ahead of the curve and keep your stack whole with additional insights on app security, multicloud, AI, and emerging tech:  https://www.f5.com/company/octo

Read more about the AI Music Fraud case: https://www.wired.com/story/ai-bots-streaming-music/?utm_source=chatgpt.com 

Creators and Guests

Host
Lori MacVittie
Distinguished Engineer and Chief Evangelist at F5, Lori has more than 25 years of industry experience spanning application development, IT architecture, and network and systems' operation. She co-authored the CADD profile for ANSI NCITS 320-1998 and is a prolific author with books spanning security, cloud, and enterprise architecture.
Guest
Malcolm Heath
Experienced information security professional who specializes in security operations, vulnerability and threat research, incident handling, security engineering, systems programming, secure coding, and secure architecture design, especially for very large scale infrastructures. Fluent in cloud. Skilled in offensive security techniques.
Producer
Tabitha R.R. Powell
Technical Thought Leadership Evangelist producing content that makes complex ideas clear and engaging.

What is Pop Goes the Stack?

Explore the evolving world of application delivery and security. Each episode will dive into technologies shaping the future of operations, analyze emerging trends, and discuss the impacts of innovations on the tech stack.

00:00:05:14 - 00:00:35:02
Lori MacVittie
Hi everyone. Welcome to Pop Goes the Stack, the podcast where shiny new tech meets the messy reality of production. I am Lori MacVittie part translator, part tour guide, and full time chaos wrangler. And yes, I am alone. I have been left unsupervised. So buckle up. We're going to have a great conversation about nothing other than bots. Yes, everybody's favorite topic bots,

00:00:35:02 - 00:01:06:13
Lori MacVittie
bots, bots. They're big news in AI land. And recently a North Carolina musician was actually arrested because they were using AI to not just generate fake bands, but also bots to stream their songs effectively gaming the system, as it were. They racked up over a billion plays and pocketed 10 million in fraudulent royalties. So it's just like, talk about an echo chamber, right?

00:01:06:14 - 00:01:42:16
Lori MacVittie
Created all the things necessary to basically exploit the system. So it's the first case, in the US of AI driven music streaming fraud, which is now a thing, I guess. And it's it's really less about the music than it is about the bots exploiting business models and technology. For enterprises, I think the lesson is simple: if you treat all traffic as legitimate, bots are going to eat your margins somehow because it's always comes back to performance, availability and reliability.

00:01:42:18 - 00:02:14:08
Lori MacVittie
And bots using your systems, accessing your system, scraping your sites, are going to affect those by polluting legitimate traffic, I'd say. So. To dig deeper into the whole, right, bot defense: how do you detect them? What are they doing? What's the real threat? Should we be worried? We brought Malcolm Heath on, who is a bot defense expert here. And I'm really excited to hear what he has to say about bots and how we deal with them.

00:02:14:08 - 00:02:16:15
Lori MacVittie
So welcome, Malcolm.

00:02:16:17 - 00:02:18:13
Malcolm Heath
Thanks very much, Lori. Happy to be here.

00:02:18:16 - 00:02:37:12
Lori MacVittie
Awesome. Well, let's dive right in. So you heard about this and you heard about what I said, and so why is this so hard? Why, why is detecting bots, right, it, good bot bad bot, why is this so hard?

00:02:37:15 - 00:03:00:02
Malcolm Heath
Well, I like to start a little bit by thinking really critically about the business logic that you mentioned already. I mean, the fraudulent activity that you mentioned would not have been an issue if the business model of Spotify, I think it was, was not one where you could upload your own music and then also it would you would get paid by how many times people stream, right?

00:03:00:02 - 00:03:24:28
Malcolm Heath
I mean, that's a fine business model, but it is clearly vulnerable to this kind of gaming. So, one of the things that you have to think about here, at least the way that I look at it, is, is that, bots are essentially really just automation. This person could have spent the time to create a song manually, uploading it manually, told all their friends right.

00:03:24:29 - 00:03:46:26
Malcolm Heath
You know, and that would have been legitimate activity. The thing here that really makes it interesting is that they were able to use AI to do that at a massive scale and then also do the streaming that they actually get paid, you know, paid for the streams also on a massive scale all by themselves with just their computer.

00:03:46:28 - 00:04:05:20
Malcolm Heath
That kind of automation is absolutely central to the way that computers in the internet work. I mean, the whole everything end-to-end is automated these days, as well it should be. It's efficient, gives you economies of scale, it's wonderful. But it can also obviously be turned to nefarious purposes. So to get to your question, how do you determine what's a good bot,

00:04:05:20 - 00:04:25:27
Malcolm Heath
what's a bad bot, I think it starts with really thinking very deeply about what your business logic looks like. And, what what you're trying to monetize or what you're trying to sell, or what data you want to protect and what data you want to share and how much. So start there, because all of that can be automated.

00:04:26:00 - 00:04:49:23
Malcolm Heath
Now, once we get into the technical details of like, how do you block stuff? Well, we often think about it in terms of levels of sophistication. Basic intermediate advanced is is a pretty easy way to think about it. Your basic bots are literally just somebody, usually with a command line, running cURL in a loop. It's not, it's

Lori MacVittie
Just a bash script.

00:04:49:24 - 00:04:51:15
Lori MacVittie
That is bash,

Malcolm Heath
Exactly, it's a bash script,

Lori MacVittie
I can do that.

00:04:51:15 - 00:04:53:11
Malcolm Heath
yeah. No problem at all, right.

00:04:53:11 - 00:04:53:26
Lori MacVittie
Alright.

00:04:54:00 - 00:05:19:01
Malcolm Heath
They're not they're not changing their user agent header. They're not attempting to, you know, be able to parse JavaScript from the server. They're, it's very simplistic, very easy to block. Now, for some bot operators that's, their business model also comes into play. If they're just trying to say scrape a site to get, I don't know, competitive pricing information,

00:05:19:04 - 00:05:42:04
Malcolm Heath
and it's a relatively large market, maybe your company is not amenable to be scraped that way, so they're just going to move on to one of your one of your other competitors. Maybe that's good enough for them. They're not going to put in the energy to develop a more sophisticated solution. The intermediate ones do. They start modifying the user agent string.

00:05:42:04 - 00:06:11:28
Malcolm Heath
They start being able to maybe parse some JavaScript. They start, you know, really trying to pretend to be a real user, to behave in sort of more human-like ways that are a little bit harder to detect. But even then, there's plenty of things that you can do. JavaScript again comes into play here because you can actually measure mouse movements and window sizes and a whole bunch of other things like that to determine, like, whether or not this is this a real user with a real browser who's moving your mouse like a human would or not?

00:06:12:00 - 00:06:36:09
Malcolm Heath
The intermediate bots can do some of that, but not all of it. And, you can usually get those blocked too. Again, you're raising the costs for the operator at this point. And at some point it's going to be cost effective or not for them to continue. If they want, if they're really dedicated and for some reason, they really, really need to get to your stuff,

00:06:36:11 - 00:07:20:09
Malcolm Heath
there's a third tier too. I mean, there are libraries that will move your mouse around in a nonrandom, but more mapped to human typed movement that was done via machine learning, right? So we're escalating, escalating and escalating. Right. And, and at this point, you know, it actually does start to become pretty difficult to detect them. But at some point, the goal of the bot defense, I think, is to try to either make it so expensive for them to continue their activity or make it, force them into a position where they have to behave just like a normal user

00:07:20:12 - 00:07:41:05
Malcolm Heath
that removes the efficiency, it removes the reason why you want to use automation in the first place. So if I can identify you, even if you're an advanced bot, and I can figure out, I don't even actually need to figure out if you're advanced or not, but basically I can I can say, traffic coming from your IP

00:07:41:07 - 00:08:06:28
Malcolm Heath
is going too fast. Humans don't go that fast, right? Or humans don't navigate our web page this way. And I can start forcing you into a position where you have to behave like a human. Well, maybe this means that the use of automation here is not going to be effective for anybody, right? So that's just kind of like the two end states that maybe you want to achieve.

00:08:07:00 - 00:08:16:08
Malcolm Heath
I'm going to take a just a breath here. I've been talking a lot, if you want to, if you want to respond at all, but I, I have a bunch more to say about AI and,

00:08:16:10 - 00:08:36:28
Lori MacVittie
Well, that is why we brought you on. Because you could literally talk for hours. You know,

Malcolm Heath
Sadly.

Lori MacVittie
given enough coffee, yes. I don't know about sadly, that's, you know, we wanted to explore this stuff and really understand it. Right. And I, I always love the reference to the Dragon security strategy, right, is make it too expensive so that they go bother someone else.

00:08:36:28 - 00:09:07:19
Lori MacVittie
It's,

Malcolm Heath
Yeah.

Lori MacVittie
you know, you don't have to outrun the dragon, just outrun somebody else. And that actually became very popular, you know, more than ten years ago. But with AI, it seems to be even more so, because it really is about, you know, driving the cost of using even AI to do that. And one of the things I heard you say, right, it always comes back to behavior. Whether that's how you navigate, how fast you click, how fast you load pages, how fast you fill out fields.

00:09:07:19 - 00:09:37:20
Lori MacVittie
It's it's more about behavior and how you go through systems, which is good because today we're seeing, you know, even your your basic chatbots able to use tools, right. So hey the machines are evolving, they can use tools, if they were squirrels, we'd be terrified. But right now we're all going, hey, this is cool. What do you think of the ability to use tools and further kind of obfuscate that identification process?

00:09:37:23 - 00:10:10:14
Malcolm Heath
I think that's a really interesting field of research, and I've done a little bit of work with agentic AI and doing some things of trying to iteratively train a large language model to learn how to hack systems, some other things like that. It's a really interesting field to dig into. At a minimum, I would say that generative AI gives less sophisticated actors the ability to create more sophisticated code and deploy it more easily.

00:10:10:16 - 00:10:24:12
Malcolm Heath
Just as an example, I wanted to see what I would get, I vibe coded some Python to retrieve an HTTP URL. I'm a serious person, so I said please add all of the error checking that you know

00:10:24:12 - 00:10:25:18
Lori MacVittie
Oh, okay, alright alright.

00:10:25:21 - 00:10:45:28
Malcolm Heath
that, so yeah it, and it actually did a pretty decent job. But of course, like, you know some, this isn't going to handle JavaScript. This is really just using a basic library in Python to do HTTP requests. Okay. I know from experience that that that will work on some sites, but it won't work on others. Some of them are going to have some kind of a defense set up

00:10:45:28 - 00:11:08:11
Malcolm Heath
and I'm not going to be able to run the JavaScript that they send, they're going to block me. So I said, write a wrapper around the function that you already did, specifically a decorator function, but but we'll, you know, ignore that fancy parlance, to, if it doesn't work, instantiate an instance of selenium, which is a headless browser,

00:11:08:12 - 00:11:12:26
Malcolm Heath
right, and then make the request again.

00:11:12:28 - 00:11:40:11
Malcolm Heath
This actually worked great. I was able to go fetch some data that was protected with some basic kind of bot defense stuff without any problem. And I did this in maybe ten minutes, right?

Lori MacVittie
Yeah.

Malcolm Heath
So that's that's pretty great. I mean and I was really trying to not be at all sophisticated about it. I was really just curious to see if this AI could just spit out some code that would run, that would do what I wanted.

00:11:40:11 - 00:11:42:06
Malcolm Heath
And it did. It does a really good job at that, often.

00:11:42:07 - 00:11:45:04
Lori MacVittie
That's terrifying. I mean,

00:11:45:04 - 00:11:49:15
Malcolm Heath
It is.

00:11:49:18 - 00:12:14:03
Lori MacVittie
You know that's, well and that's where I go back and go, okay, how do we identify that? I mean that's a lot of the discussions around agentic and agent specifically, which is just advanced automation and then orchestration, right, of different processes, right, gets into this. I need to use tools. I need to make calls in new and different ways.

00:12:14:03 - 00:12:39:23
Lori MacVittie
And one of the scariest things to me, both from a traffic management and a security perspective, is that these traffic patterns are going to change dramatically. We can't count on well, this goes north-south, these are east-west, here's where we put, right, it could be going kitty corner, catty wampus, whatever, you know, colloquialism you want to use for "just calls whatever it wants."

00:12:39:26 - 00:12:56:09
Lori MacVittie
So, you know, how do we understand, you know, things like behavior in that context? Like what is the right behavior in a system that could potentially call anything? What do we do?

00:12:56:12 - 00:13:26:15
Malcolm Heath
Well, I mean, the behavior of these systems, like let's, if we propose the idea that there is that there's an AI out there that has agentic capabilities that could call a number of different tools to make requests, ranging from simple web requests to headless browsers to sophisticated automation of some kind or another, okay. We should expect, I think, to be able to observe signals from that that would be distinguishable from human traffic.

00:13:26:18 - 00:13:52:21
Malcolm Heath
Like it, it may not be the signals that we're used to, but we should be able to identify a new set of signals that are indicative of somebody using an agentic system to be able to do this. I think that behavioral detection still remains the kind of key piece here. Because once again, if it is indistinguishable from human traffic.

00:13:52:24 - 00:13:54:02
Lori MacVittie
That that is the thing.

00:13:54:07 - 00:14:12:17
Malcolm Heath
then maybe I don't care. I mean, like, you know, obviously, you know, right now you can go, I think, to most of the AI, big AI providers and they have some means for you to essentially use a chat interface to have it go and make requests and do searches and, you know, be agentic in that sense.

00:14:12:17 - 00:14:17:26
Malcolm Heath
And, that's just sort of a new way of doing search.

00:14:17:29 - 00:14:19:05
Lori MacVittie
Yes.

00:14:19:07 - 00:14:51:19
Malcolm Heath
So, but it's still really just doing search. I mean, it's just going to make a bunch of requests to some websites and bring you bring back some information. Maybe saves me some time by summarizing it a bit.

Lori MacVittie
Yeah.

Malcolm Heath
I don't have to read every single one.

Lori MacVittie
Yeah.

Malcolm Heath
So, you know, love that or hate that, I'm not going to make any distinctions. But, you know, I think in terms in terms of agentic AI being used to sort of generate bot traffic, I still think it's going to be distinguishable in some means or by some means or another.

00:14:51:21 - 00:15:16:10
Lori MacVittie
Yeah. And I like that you mentioned the signals, because that always points us back to observability. And previously it's just been about, oh, collect some logs and some metrics so we can make reports and have dashboards and if something goes wrong we'll know. But increasingly observability is a strong pillar for just about everything in an enterprise, right, architecture.

00:15:16:10 - 00:15:42:22
Lori MacVittie
It helps us with security, with with bot detection, with traffic management, for understanding, you know, just what's going on. And you're right, different signals will help you determine behavior, right. But the calling graph patterns, that's something that usually we only worry about if you're a developer. But suddenly that's going to be very important to both security and to the network folks, right?

00:15:42:22 - 00:16:02:22
Lori MacVittie
To understand how it's impacting things like: how much traffic is flowing, what kind of throughput, are we are we over volume, why is it congested, you know, all sorts of traditional network things. So observability, I love that. The data is so important to understanding and recognizing badness, right.

00:16:02:25 - 00:16:11:20
Malcolm Heath
Absolutely. And if you scale this up into an enterprise context, you're going to have more signals than you can possibly handle, right?

00:16:11:23 - 00:16:12:12
Lori MacVittie
Yeah.

00:16:12:15 - 00:16:36:09
Malcolm Heath
Kind of, if you do it right, if every single thing that you're running is instrumented, if you get, you know, if you really got very close to full visibility into what's going on in your network and with all your apps, that's a huge amount of data. So I expect to see a lot of solutions probably coming out in this space that are, if if they're not already there, that are, that are trying to use, you know, machine learning models or other things like that to try to filter the wheat from the chaff.

00:16:36:09 - 00:16:47:27
Malcolm Heath
Right. But but even having said that, I think, it's it's important to note that I think all of this cost money.

00:16:48:00 - 00:16:51:28
Lori MacVittie
What? No.

00:16:52:00 - 00:17:12:16
Malcolm Heath
So, I mean, once again, we back we get back to business models, like who's who's being charged the most. Are you incurring so much cost to a bot operator that they're going to go away or maybe stop? How much money are you spending to do that, versus how much money are they costing you? You know, and how much money are you going to spend on visibility?

00:17:12:22 - 00:17:26:12
Malcolm Heath
It's going to yield huge benefits, but also, what's your what's your threat model, essentially, that you're trying to defend against? And these are very complex questions, especially for larger networks.

00:17:26:14 - 00:17:56:02
Lori MacVittie
They really they really are. The good news, and yeah, you didn't say the B word, but I will, right, budgets. Right, budgets is where that that strategy hits. And I don't have the exact number in front of me, but our most recent research showed that organizations are absolutely putting money where their strategy is. And when they say they need to worry about different security, new security models, they are allocating a significant amount of budget, sometimes

00:17:56:02 - 00:18:19:11
Lori MacVittie
new budget above what was already allocated to that. So I think that's a good sign. They know that this is important and they're actually willing to designate budget and pay for it. Right. So it's that's a it's a good sign. It's a good sign. And you know, we've we've just kind of hit the hit the almost end of the, the show here,

00:18:19:18 - 00:18:41:03
Lori MacVittie
so we like to think about the takeaways. Like, what do you want people to remember about what we talked about? Like, you know, one of mine is, you know, behavior is still a valid way to identify bot behavior, whether it's good or bad. So behavior, the techniques we've relied on for quite a few years, is still valid.

00:18:41:05 - 00:19:03:09
Lori MacVittie
It's just that the signals we use are going to evolve because, well, technology evolves and changes. That it's not just a matter of, you know, technology here, it's also about economics and it's about, you know, you know, making the make the bad guys have to, yeah, work for it instead of just, you know, letting things wide open.

00:19:03:15 - 00:19:21:02
Lori MacVittie
And then it really is an issue for for infrastructure. This affects availability, security, reliability, performance. All of those things can be negatively impacted if you don't have a solid bot defense strategy in place. So that's what what I would take away from this. What would you want people to take away?

00:19:21:04 - 00:19:42:19
Malcolm Heath
I would say I think you hit the nail on the head. I would just reiterate, perhaps, that the, I think we get excited and also scared when anybody says AI, because we don't really know what it's capable of yet, right. But I think, I think from at least from what we've seen so far, this is not a magic bullet to get around everybody's defenses.

00:19:42:21 - 00:20:16:05
Malcolm Heath
It is not going to be violating the protocols of the internet in some new and novel way, right? It's it's really it's it's it's a, it's a, it's a force multiplier, perhaps if used well it can, you know, it can advance the capabilities of a less sophisticated actor. But it can also be applied on the, on the other side to process lots of signals and to help separate the wheat from the chaff and to find dynamically out what's going on in your network that you might want to respond to.

00:20:16:07 - 00:20:37:27
Malcolm Heath
And the only other thing that I would add is just, you really, and I and I know everybody in business knows this, it's more of a blind spot to technologists like me. But you have to look at your business model and your information architecture to know what you should be defending and where you should allocate that budget.

00:20:37:29 - 00:20:48:10
Malcolm Heath
People like me tend to just be like, oh, just patch everything. Oh, just put up a bot defense, whatever. Yeah, we know it's difficult, right? It has to be tied to what your business model is.

00:20:48:12 - 00:21:13:17
Lori MacVittie
I love that reminder. I think Grace Hopper in a like a 1972 lecture really hammered that point home, right? All information has value, but some has more value than others. And you need to identify the really valuable information and protect it. And, you know, stop worrying about protecting every little, you know, I and T when you start these programs.

00:21:13:17 - 00:21:37:25
Lori MacVittie
So, great advice. Right. Recognizing what you're defending, why you're defending it and then doing something about it. AI is going to make it harder, but it's not going to make it impossible. We've overcome every other technology evolution challenge so far. I have confidence we'll be able to do that again.

Malcolm Heath
I agree.

Lori MacVittie
So awesome. Well, that's a wrap for Pop Goes the Stack.

00:21:38:02 - 00:21:46:28
Lori MacVittie
If your system is still passing its health checks, subscribe before the next incident report. I'll bring sarcasm and you can bring the coffee.