The future of business starts with developers

Learn more
Company The team behind better online experiences Network Map A new architecture for the modern internet Industry Analyst Relations See what industry analysts say about Fastly News Recent updates and announcements Platform The platform behind better, faster and more secure digital experiences Customer Stories See how the best of the web succeed Events Connect with Fastly at an event Careers Join the team that's building a better internet

The Fastly Edge Cloud Platform

See All Products
Content Delivery (CDN) Deliver fast, personalized experiences globally Live Streaming Deliver seamless live streaming experiences Streaming Video (VoD) Deliver exceptional on-demand video experiences Media Shield Optimize multi-CDN deployments On-the-Fly Packager Dynamically package on-demand video content in real time Image Optimization Rapid image processing at the edge Load Balancer Granular control over routing decisions TLS Encryption Reduce the complexity of TLS management Origin Connect Connect directly to Fastly IP Addresses Easily manage IP addresses HTTP/3 & QUIC Modern protocols Domain Research API Instant, accurate domain name discovery Object Storage Get direct access to large files at the edge with zero egress fees
Next-Gen WAF Modern web app and API security, anywhere Bot Management Detect and mitigate bot attacks DDoS Protection Automated mitigation of disruptive and distributed attacks API Security Secure your API endpoints Client-Side Protection Defend against client-side attacks AI Bot Management Stop AI bots from scraping website content
Edge Compute Take your apps to the edge — our instant platform helps you build amazing experiences for your users Key Value Store The fastest key value store you can get, but as easy to use as your familiar database tools Websockets & Fanout Real-time messaging, at global scale, with complete personalization and easy setup Developer SDKs Program the same services we use to build Fastly products Enterprise Serverless The most powerful serverless platform, built on open standards and integrated with Fastly’s full suite of products AI Accelerate your AI workloads and improve efficiency with semantic caching Object Storage Get direct access to large files at the edge with zero egress fees Programmable Cache Get full programmatic access to the same legendary caching that powers our CDN. MCP Server AI-powered control for your Fastly services.
Real-time Logging Stream and analyze logs in real-time Edge Observer Explore live and historical traffic data Domain Inspector Assess domain level insights Origin Inspector View complete origin to edge insights Alerts Create notifications for service-related metrics Log Explorer & Insights Interact with actionable insights

Extraordinary services for exceptional results

See All Services
Professional Services Expert help to migrate or optimize your delivery service Live Entertainment Services Live streaming experiences that scale with your audiences Support Plans World class support from start to finish Managed CDN Maximized control and flexibility Managed Security Expertly managed web application protection Customer Support Fastly Support helping you grow better, together

Innovative digital solutions

See all our solutions
Streaming Media Deliver stellar live and on-demand streaming Emerging Media High performance for emerging media brands Digital Publishing Real-time journalism with improved reader experiences eCommerce Fast, personalized experiences at scale Financial Services Integrated security to protect customer data High Tech Instantly scale your performance as you grow Travel & Hospitality Online tailored experiences for your guests and visitors Online Education Deliver secure learning experiences at scale Gaming Fuel your players’ next win with ultra-fast, secure game downloads
Infrastructure Savings Achieve lower, more predictable cloud spend Multi-cloud Optimization Reduce complexity and unify cloud resources Customer Trust Learn more about Fastly’s Customer Trust initiatives Privacy Enablement Learn how to protect your user's data Sustainability Dashboard See your electricity use and GHG emissions for the Fastly platform

Empowering every developer to build incredible experiences

Try Fastly Free
Developers Build something amazing today Fast Forward Creating a more trustworthy internet Dev Tools Dev tools built for teams - with an edge Developer SDKs Program the same services we use to build Fastly products Community Join developers around the world Sign up Create a free developer account

Help build a fast, safe, and engaging internet with Fastly

Why Partner with Fastly Help deliver safe, fast and engaging experiences Cloud Partners Learn about the benefits of combining Fastly with your cloud services Channel Partners Enhance your offerings & capabilities with Fastly products Technology & Integration Partners Explore our partner ecosystem
Partner Portal Login Access all your Fastly partner resources Become a Partner Enhance your business by reselling or referring Fastly products Find a Partner Let us help connect you with the right partner for your needs

Get Help with Fastly

Documentation Get the most out of Fastly Resource Library Explore data sheets, reports, and more Fastly Academy Hands on learning with Fastly products Learning Center Learn about Internet technology Blog Our latest thoughts and ideas Security Research Stronger security through research Fastly's POV Explore expert and industry insights
Support Center How can we help? Contact Us Get in touch today
Back to blog

Follow and Subscribe

Fastly at RSAC 2026: New Advances in AppSec, Bot Management, and Deception

Lorraine Bellon

Senior Product Marketing Manager, Security

David King

Senior Product Marketing Manager, Security

EventsSecurity

Application security (AppSec) has long been a core part of what we do at Fastly, and over the past year (especially the last six months), we’ve accelerated that work. Our security research makes it clear: attackers are getting faster, more automated, and more persistent. This year at RSAC, you’ll hear more about two technology investments as a result:

  • Strengthening the core of modern AppSec

  • Leveraging purpose-built solutions for bots

What We’re Seeing in the AppSec Landscape

Our recent research, along with findings from our From Code to Production benchmarking report with IDC, highlights a few consistent patterns across organizations.

High-performing (“Exceptional”) security teams stand out in a few ways:

  • They connect security to business impact: 44% reported more than a 20% improvement in reducing negative user experiences over the past year

  • They prefer platforms over point solutions: 81% say security works better in platforms vs. silos (compared to 17% of Emerging organizations)

  • They share a common foundation: more than half of organizations across all maturity levels have adopted three core AppSec controls: DDoS protection, WAF, and API security

These trends reinforce something we’ve believed for a while: modern AppSec is enabling businesses to move faster, confidently.

More bots, more scrutiny

At the same time, bot traffic continues to rise – and get more sophisticated.

From our latest research:

  • We observed billions more bots quarter-over-quarter, a 2% increase – most of it “unwanted”

  • 89% of headless bot traffic targeted transaction-heavy industries like financial services and commerce

  • Organizations are responding by tightening controls, blocking billions of “wanted” bot requests

Bots today aren’t just crawling pages; they’re attempting logins, scraping data, and exploiting workflows. That shift is pushing defenders to rethink how they manage automated traffic altogether.

Bolstering your AppSec foundation

In response, we’ve continued to invest in the three core areas to keep customers ahead of these threats:

  • DDoS Protection, now enhanced with our Adaptive Threat Engine that further reduced time to mitigation while increasing accuracy

  • Fastly’s Next-Gen WAF (Web Application Firewall), with ongoing UX improvements

  • API Security, including API Discovery and Inventory to review all incoming API traffic

A Different Way to Handle Attackers: Deception

As bots and botnets give attackers more scale, we’re also exploring a different approach: not just blocking attacks, but misleading attackers altogether. To combat malicious bots, organizations must go beyond blocking – and they can do it withMeet Deception for Account Takeover (ATO).

Instead of returning a standard success or failure response, this capability returns an invalid login response every time – regardless of whether the credentials are correct.

That means:

  • Attackers get no signal to refine their approach

  • They can’t confirm valid credentials

  • They’re more likely to abandon the attack

At the same time, defenders avoid repeated attack cycles and reduce the time spent responding. Deception for ATO is the first use case for our patent-pending capability, but we’re working on even more, with the next coming to beta just in time for RSAC.

New: Deception for CVEs

We’re also introducing a new Deception capability focused on common vulnerabilities and exposures (CVEs) that is now in BETA.

Inspired in part by the industry response to high-severity events like React2Shell, this feature allows defenders to present false indicators of exploitable vulnerabilities.

The goal is simple:

  • Increase attacker dwell time

  • Consume attacker resources

  • Redirect effort away from real systems

By making environments appear less predictable, defenders gain an advantage – without adding operational overhead.

See the Team at RSAC 2026

Attackers are evolving quickly – and we think defense should too, not just by getting stronger, but by getting smarter too.

Fastly's application security portfolio will be showcased at RSAC, March 23-26, and you can find us at South Expo Booth 1049 if you’d like to chat. If you won’t make it this year, you can contact us.

Ready to get started?

Get in touch with us today
Talk to an expert