Jan 19, 2026
AI Club
F1 ARL is pleased to formally announce the initiation of a Self-Hosted Anti-Bot System — a privacy-first reCAPTCHA alternative designed specifically for banking and fintech environments.
This system addresses a long-standing and critical requirement across our digital ecosystem, including F1Soft Mobile Banking, eSewa, Fonepay, FoneNXT, and other current and future financial platforms.
The solution has been architected, prototyped, and validated for real-world deployment. While the current version is production-ready, it is intentionally designed to be continuously enhanced based on deployment feedback, regulatory needs, and evolving threat landscapes.
https://bot.m.f1arl.com/ : This link will provide an in-depth, hands-on view of the actual engineering mechanisms operating behind the scenes of the SDK-based reCAPTCHA, bot-detection framework, and the backend anti-bot ecosystem. Participants will be able to observe how real-time signals are collected, evaluated, and correlated across the client's SDK, backend services, and anti-automation engines. The session will also demonstrate how mutual TLS (mTLS) is enforced end-to-end to ensure strong service identity, secure channel establishment, and zero-trust communication between SDKs, APIs, and backend components.
Further technical deep-dives, demos, and integration guidelines are shared below:
https://antibot.m.f1arl.com/sdk/technical-docs.html
https://antibot.m.f1arl.com/sdk/sdk-downloads.html
https://antibot.m.f1arl.com/sdk/cert-generator.html
https://antibot.m.f1arl.com/sdk/demo.html
https://antibot.m.f1arl.com/ui/
What This System Solves
Eliminates dependency on third-party CAPTCHA services
Preserves user privacy and data sovereignty
Protects critical actions such as login, OTP, transactions, and APIs
Provides fintech-grade security controls suitable for regulated environments
Privacy-First by Design
No collection of keystroke content, personal data, cookies, GPS, or identifiers
All signals are anonymized, hashed, and encrypted before transmission
Multi-Layer Anti-Bot Protection
Behavioral analysis (mouse, touch, typing rhythm, gestures)
Environment and headless browser detection
Network intelligence (ASN, datacenter, VPN/proxy detection)
Rate limiting with reputation decay
Hybrid Risk Engine
7-factor deterministic scoring combined with ML-based anomaly detection
22-dimensional behavioral feature vector
Real-time risk scoring (0–100) with adaptive decisioning
Adaptive Challenges
Invisible Proof-of-Work (PoW)
Interactive puzzles and gesture challenges
Automatically scaled based on risk level
Mobile-Grade Security
Android: Google Play Integrity API
iOS: Apple App Attest (hardware-backed)
Emulator, rooted, and compromised device detection
Strong Cryptographic Controls
SDK request signing (HMAC-SHA256)
AES-GCM encrypted signal transport
One-time, device-bound trust tokens
Mutual TLS (mTLS) for server-to-server validation
Enterprise-Ready Architecture
Golang core services
Redis for sessions and rate limiting
MySQL for audit and persistence
HashiCorp Vault for secrets, PKI, and key management
Full audit logging and forensic traceability
On-Premise / Private Cloud Deployment
No external data sharing
Fully deployable within F1Soft infrastructure
<50ms average latency
The system follows a defense-in-depth model — no single control is trusted alone.
An attacker must bypass behavioral analysis, cryptography, device integrity, network validation, rate limits, and mTLS simultaneously, making large-scale abuse economically and technically impractical.
Admin dashboard for real-time telemetry
Risk analytics and traffic insights
Full audit trail for compliance and investigations
Debug and observability support for controlled environments
Aligns with regulatory, privacy, and data-residency expectations
Reduces external dependency risk
Strengthens protection for high-value digital financial workflows
Establishes in-house intellectual property in a critical security domain
ARL will continue to collaborate with product, security, platform, and business teams to integrate, refine, and operationalize this system across our ecosystem.