Ranking the most undetectable AI agents

We put the strongest commercial anti-detect and automation browsers through one task, signing up for a service protected by Foil, and measured what Foil saw.

Updated July 13, 2026

The leaderboard

Rank Engine Type Overall score Network Device Issues TLS score Cost / 100 runs
1 Bright Data Scraping 89 93 14 ±6 95 $0.40
Bright Data Visit ↗

Web-data platform; cloud Scraping Browser bundled with proxies.

Run spread
9–20 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
Residential proxies · 11 networks 93/100
Connection
Cloud browser · CDP
Profile
Default Scraping Browser
Pricing
Scraping Browser PAYG: $8/GB × 0.05 GB. Residential proxy bundled. ≈ $0.40 / 100 runs
2 Scrapeless Scraping 88 90 15.3 ±4 100 $0.14
Scrapeless Visit ↗

Scraping platform with a managed cloud browser.

Run spread
11–19 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Residential proxies · 8 networks, 6 countries 90/100
Connection
Cloud browser · CDP
Profile
DefaultA higher anti-detect tier wasn’t enabled.
Pricing
Growth $49/mo + $0.081/hr × 1.667 hr. Residential bundled. ≈ $0.14 / 100 runs
3 Browser Cash Cloud automation 84 89 16.4 ±6 94 $0.15
Browser Cash Visit ↗

Cloud browser service.

Run spread
9–21 signals · 20 runs
TLS
UA rotates across Chrome 148–149 on one frozen TLS stack 94/100
Network
Residential proxies · 7 networks, 4 countries 89/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Browser API: $0.09/hr × 1.667 hr per session. Residential bundled. ≈ $0.15 / 100 runs
4 ScrapFly Scraping 83 95 19.9 ±3 100 $0.90
ScrapFly Visit ↗

Web scraping API with a cloud browser.

Run spread
17–23 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Mobile + residential · 4 networks 95/100
Connection
Cloud browser · CDP
Profile
Cloud Browser API · ASP + public residential pool
Pricing
Discovery $30/mo: $0.15/1k credits × ~30+ credits/req (browser/ASP + residential) × 200 reqs. ≈ $0.90 / 100 runs
5 Scrape.do Scraping 81 91 18.2 ±7 89 $0.12
Scrape.do Visit ↗

Rotating-proxy web scraping API.

Run spread
12–25 signals · 20 runs
TLS
UA rotates across Chrome 147–148 on one frozen TLS stack 89/100
Network
Residential proxies · 9 networks 91/100
Connection
REST scraping API
Profile
Default
Pricing
Hobby $29/mo: $0.116/1k credits × ~5 credits/req (JS+residential) × 200 reqs. ≈ $0.12 / 100 runs
6 Driver.dev Cloud automation 81 89 19.6 ±2 95 $0.25
Driver.dev Visit ↗

Hosted & distributed browser automation.

Run spread
17–21 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
Residential proxies · 7 networks 89/100
Connection
Cloud browser · CDP
Profile
Hosted profileConsumer-distributed (residential) mode wasn’t enabled.
Pricing
Advanced $49/mo subscription floor + $5/GB × 0.05 GB. No per-hour meter. ≈ $0.25 / 100 runs
7 ZenRows Scraping 80 93 19.2 ±8 94 $0.43
ZenRows Visit ↗

Web-scraping API and Scraping Browser.

Run spread
14–29 signals · 20 runs
TLS
UA rotates across Chrome 140–146 on one frozen TLS stack 94/100
Network
Residential proxies · 11 networks, 8 countries 93/100
Connection
Cloud browser · CDP
Profile
Default Scraping Browser
Pricing
Developer $69/mo: ($0.09/hr × 1.667 hr) + ($5.50/GB × 0.05 GB). ≈ $0.43 / 100 runs
8 Notte Cloud automation 78 95 22.6 ±5 100 $0.58
Notte Visit ↗

Browser-using AI agent platform.

Run spread
19–28 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Mobile + residential · 10 networks 95/100
Connection
Cloud browser · CDP
Profile
Stealth profile
Pricing
$20/mo + ($0.05/hr × 1.667 hr) + ($10/GB × 0.05 GB). Mobile+residential. ≈ $0.58 / 100 runs
9 BotCloud Cloud automation 73 30 17.3 ±4 95 $1.12
BotCloud Visit ↗

Cloud browser driven over CDP.

Run spread
13–21 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
Datacenter · Vultr, 7 countries 30/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Starter $20/mo for 30 hr → $0.67/hr × 1.667 hr. Datacenter only. ≈ $1.12 / 100 runs
10 Browser Use LLM agent 73 93 26.1 ±3 95 $0.35
Browser Use Visit ↗

Cloud platform for LLM browser agents.

Run spread
23–28 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
Residential proxies · 14 networks (12/20 residential-proxy exits; 7 hosted/datacenter; 1 unclassified) 93/100
Connection
LLM browser agent
Profile
Cloud default
Pricing
Dev $29/mo: ($0.06/hr × 1.667 hr) + ($5/GB × 0.05 GB). Excludes LLM tokens (deterministic signup ≈ 0). ≈ $0.35 / 100 runs
11 Rebrowser Cloud automation 72 55 21.5 ±2 95 $0.33
Rebrowser Visit ↗

Undetectable cloud browsers on real Windows and mobile devices.

Run spread
20–23 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
VPN/tunnel exits · 1 network (20/20 same Fast Servers exit) 55/100
Connection
Cloud browser · patched Playwright CDP
Profile
Undetectable Cloud Browser profile 140594
Pricing
Shared Windows PC: $0.20/hr × 1.667 hr. Optional proxy data is priced separately. ≈ $0.33 / 100 runs
12 Anchor Cloud automation 70 100 28.7 ±3 95 $0.48
Anchor Visit ↗

Cloud browser for AI agents.

Run spread
26–32 signals · 20 runs
TLS
Presents two different TLS extension profiles under one identity 95/100
Network
Mobile network · T-Mobile 100/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Starter $50/mo: ($0.05/hr × 1.667 hr) + ($8/GB mobile × 0.05 GB). ≈ $0.48 / 100 runs
13 Kernel Cloud automation 62 55 26.8 ±3 88 $0.10
Kernel Visit ↗

Cloud browser infrastructure for agents.

Run spread
25–30 signals · 20 runs
TLS
Injects a non-standard HTTP/2 setting 88/100
Network
VPN/tunnel exits · 3 networks (20/20 VPN-associated; consumer ISP ASNs) 55/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Hobbyist $30/mo: $0.06/hr headless × 1.667 hr. Datacenter only. ≈ $0.10 / 100 runs
14 Steel Cloud automation 59 30 27.1 ±3 100 $0.17
Steel Visit ↗

Browser API built for AI agents.

Run spread
24–30 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Datacenter · Latitude.sh 30/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Starter $29/mo: $0.10/hr × 1.667 hr. Datacenter only (drops to $0.08/100 runs at Pro $499). ≈ $0.17 / 100 runs
15 Browserbase Cloud automation 59 30 27.5 ±2 100 $0.20
Browserbase Visit ↗

Headless browser infra for agents & automation.

Run spread
25–29 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Datacenter · Amazon AWS 30/100
Connection
Cloud browser · CDP
Profile
DefaultAdvanced Stealth (paid) wasn’t enabled.
Pricing
Developer $20/mo: $0.12/hr overage × 1.667 hr. Datacenter only. Advanced Stealth = sales-only. ≈ $0.20 / 100 runs
16 Oxylabs Scraping 52 30 24.9 ±10 63 $0.26
Oxylabs Visit ↗

Web Scraper API with Realtime rendering.

Run spread
18–38 signals · 20 runs
TLS
UA claims Chrome 117 — older than its own handshake 63/100
Network
Datacenter · 16/20 hosted VPN/tunnel exits, 15 ASNs 30/100
Connection
REST scraping API
Profile
Universal source · JS render
Pricing
Web Scraper API Micro $49/mo: 37,692 JS-rendered results included → about $0.0013/result × 200 benchmark requests. ≈ $0.26 / 100 runs
17 Hyperbrowser Cloud automation 51 30 31.2 ±1 88 $0.17
Hyperbrowser Visit ↗

Cloud browsers for agents & scraping.

Run spread
30–32 signals · 20 runs
TLS
Injects a non-standard HTTP/2 setting 88/100
Network
Datacenter · Google Cloud 30/100
Connection
Cloud browser · CDP
Profile
DefaultStealth mode (paid) wasn’t enabled.
Pricing
Startup $30/mo: $0.10/hr × 1.667 hr. Datacenter only. Advanced Stealth gated to Scale $100/mo. ≈ $0.17 / 100 runs
18 Cloudflare Cloud automation 50 55 35 ±1 82 $0.15
Cloudflare Visit ↗

Remote browser sessions on Cloudflare's network.

Run spread
34–36 signals · 20 runs
TLS
User-Agent self-identifies as HeadlessChrome 82/100
Network
VPN/tunnel exits · Cloudflare WARP (17/17 anonymous hosting; Spur: 17/17 VPN) 55/100
Connection
Cloud browser · CDP
Profile
DefaultDefault image self-identified as HeadlessChrome 128.
Pricing
Normalized marginal rate: Workers Paid is $5/mo with 10 browser-hours included, then $0.09/hr × 1.667 hr = $0.15. The modeled first 600 60-second runs have no browser-hour usage charge; monthly hours are rounded, and average concurrency above 10 is $2/browser. ≈ $0.15 / 100 runs
19 ScrapingBee Scraping 48 30 34 ±5 100 $0.10
ScrapingBee Visit ↗

Web-scraping API that renders pages.

Run spread
32–41 signals · 20 runs
TLS
Authentic Chrome handshake; UA matches the wire 100/100
Network
Datacenter · Datacamp, 10 countries 30/100
Connection
REST scraping API
Profile
Default (JS render)
Pricing
Startup $99/mo (first tier with JS): $0.099/1k × ~5 credits/JS req × 200 reqs. Datacenter. ≈ $0.10 / 100 runs
20 Browserless Cloud automation 41 30 36.9 ±2 82 $0.25
Browserless Visit ↗

Headless browser automation service.

Run spread
35–38 signals · 20 runs
TLS
User-Agent self-identifies as HeadlessChrome 82/100
Network
Datacenter · DigitalOcean 30/100
Connection
Cloud browser · CDP
Profile
Default
Pricing
Prototyping $25/mo (annual): $0.15/hr × 1.667 hr. Datacenter only. ≈ $0.25 / 100 runs
21 Apify Scraping 24 30 47.2 ±5 79 $1.33
Apify Visit ↗

Actor platform; ran the Playwright Scraper.

Run spread
42–51 signals · 20 runs
TLS
UA claims Chrome 101 — older than its own handshake 79/100
Network
Datacenter · HostPapa 30/100
Connection
REST scraping API
Profile
Playwright Scraper actor
Pricing
Starter $29/mo: $0.20/CU × 4 CU/hr (Playwright Scraper) × 1.667 hr. Datacenter only. ≈ $1.33 / 100 runs
Figure 1: Every ranked engine, sorted by overall stealth score. Click a column header to re-sort; click any row for the per-engine breakdown.

Engines are ranked by their overall stealth score1 A 0–100 composite of device-integrity issues, network reputation, and TLS authenticity, weighted 0.6 / 0.2 / 0.2 toward behavior. Higher is stealthier; this is the value the board sorts on.: higher means fewer tells. The table is sortable, and each row expands to the full per-engine breakdown.

The full board, lowest score to highest. The leaders on the right are bunched within a few points of each other, and every engine was still detected on every run.

Overall stealth score by engine

24 41 48 50 51 52 59 59 62 70 72 73 73 78 80 81 81 83 84 88 89
Figure 2: Overall stealth score for all 21 ranked engines, lowest to highest. Higher is stealthier; every engine was still detected on every run.

Disagree with a ranking, or want to see a service on the board? Get in touch, we’ll run it through the harness.

Cost vs. stealth

Stealth is only half the decision; the other half is what it costs to run2 Cost is what you’d pay at each vendor’s entry paid tier to execute 100 benchmark signup runs, each modeled as a ~60-second session, ~0.5 MB of egress, and ~2 billable API calls. Per-hour, per-GB, per-credit, and per-CU pricing is normalized to that fixed workload so the column compares like-for-like. Residential and mobile engines include that bandwidth; datacenter engines don’t, and would cost more once you add a proxy.. Plotting the two against each other, up and to the right is the better corner: cheap and stealthy.

$1.50$1.00$0.50$0.20$0.10 20406080100 Cost per 100 runs ($, log scale, cheaper to the right) Stealth score Bright Data Scrapeless Browser Cash ScrapFly Scrape.do Driver.dev ZenRows Notte BotCloud Browser Use Rebrowser Anchor Kernel Steel Browserbase Oxylabs Hyperbrowser Cloudflare ScrapingBee Browserless Apify
Figure 3: Cost per 100 runs against stealth score (cost axis is log-scaled, cheaper to the right). The dashed line is the Pareto frontier; no engine is both cheaper and stealthier than a point on it.

Frontier: Kernel → Scrape.do → Scrapeless → Bright Data. Engines off the frontier are dominated: you can pay less for equal stealth, or get more stealth for equal spend, by moving to a frontier point.

Where engines trip up

No single tell gives an engine away. Detection is spread across fingerprint inconsistencies, the runtime environment, automation markers, timing, and input behavior, so closing one gap just exposes the next. Here is how the signals that did fire break down by category.

  • Fingerprint 50%
  • Automation markers 22%
  • Environment 16%
  • Timing 7%
  • Input behavior 5%
Figure 4: Share of all detection signals fired across the test, by category.

Each category is a different question Foil asks about a session. Here is what they look at, and the kind of tell that lands an engine in each bucket.

CategoryWhat it looks atExample tells
Fingerprint The hardware and rendering identity a browser presents: graphics, audio, fonts, screen, and the device it claims to be. Values that don’t cohere with one another, or that match a known spoofing toolkit instead of a real device.
Environment The browser’s runtime: which capabilities are present, and how the underlying engine actually behaves. Surfaces a genuine install would expose that are missing, or behaviour that doesn’t match the browser being claimed.
Automation markers Traces left by the protocols and drivers used to control a browser remotely. Side effects of being driven by software that a human-operated browser never produces.
Timing How long operations take, and the rhythm of events through a session. Patterns that are too uniform, too fast, or sequenced in an order people don’t manage.
Input behavior Mouse, keyboard, scroll, and touch dynamics during the flow. Motion that’s too clean, missing the small corrections and variance of a real hand.
Figure 5: What each detection category looks at.

How we tested

We took the strongest commercial anti-detect and automation browsers and ran each one through the same task: create a new account on a site protected by Foil. Signup is the sharp end of the bot problem, the moment a fake identity is minted, so it is where detection matters most. The numbers above are what Foil saw, averaged per engine across many runs collected from May 25, 2026 to July 13, 20263 Scored end-to-end by the production API at api.usefoil.com, the same path that scores live customer traffic, not a research fork..

Every session is graded end to end by the same production API that scores live customer traffic, not a research fork. The overall stealth score is a 0 to 100 composite of three things: how many device-integrity issues a session trips, weighted most heavily (0.6); the reputation of the network it arrives on, mobile over residential over datacenter (0.2); and whether its TLS handshake is authentic and matches the User-Agent it claims on the wire (0.2). Higher means fewer tells.

Underneath that score, Foil watches dozens of independent signals across five families: fingerprint coherence, the runtime environment, automation-protocol markers, timing, and input behavior. Across the whole test, 150 distinct signals fired. No engine avoided all of them, and not one session ever scored as a genuine human.

Each engine ran at least 20 runs to average out luck; this snapshot spans May 25, 2026 to July 13, 2026 after fresh Browser Use, Kernel, Oxylabs, Rebrowser, and ScrapFly Cloud Browser API runs. We ranked only services we could drive through the complete signup flow; a handful refused the task outright and were left off the board. These tools ship updates constantly, and so do we, so positions will shift over time.

What is Foil?

Foil specializes in catching AI-driven fraud. Agents have popularized tampered browser distributions (AKA stealth browsers) because they help evade bot defenses, but the same browsers are increasingly in the hands of fraudsters. That is exactly why we run this benchmark.

Foil catches them. First it detects when someone is spoofing a device or browser. Then it builds a stable, unique fingerprint for every one of your real users. And finally it analyzes their behavior, every swipe, tap, and form fill, to seal the deal. It is the same engine that scored every run on this page.

You really have to try it yourself to believe it. Or get in touch if you have questions.