There are three ways a script moves a mouse across a page: teleport the cursor straight to its target, bolt on a humanizer that draws a smooth curve, or pay for a commercial API that ships "humanlike" motion out of the box. cside's desktop cursor model, cursor_v2, catches all three from how the mouse moves. This post has the catch rates, on desktop, end to end.
None of it depends on the browser. Whether the automation runs on raw Playwright, a humanizer library like WindMouse or NaturalMouse, or browserless.io's BrowserQL API, the model scores the same thing: the motion a real hand leaves behind, which a script still cannot reproduce. This is the companion to an earlier post on catching bots by how they move; here the focus is Playwright and browserless.io specifically.
The short version:
- A Playwright script that teleports the cursor, with no humanization at all, is caught 98.2% of the time, cold.
- Bolt on an off-the-shelf humanizer (bezier curves) or a physics-based library like WindMouse or NaturalMouse, and the catch rate barely moves: 97% to 100%.
- browserless.io's BrowserQL API ships a "humanlike" mode with curved mouse paths and trusted click events, out of the box. About 70% of the browserless traffic we test against already runs with it on.
- Curving a path is not the same as moving like a person. cursor_v2 flags 100% of live humanlike browserless sessions, at a false-positive rate under 1% on real humans.
However you generate the path
Raw Playwright is often exactly what it sounds like: call mouse.move(x, y) and the cursor jumps straight to the target with no path in between. That is the cheapest case, and it is as easy to catch as it sounds.
A humanizer changes the shape. Instead of a jump, the cursor follows a smooth bezier curve. Physics-based libraries go further: WindMouse and NaturalMouse are built to mimic acceleration, overshoot, and the small corrections a real hand makes. Every one of them was scored on desktop, end to end, through the shipped model.
| Approach | n | AUC | Recall @ FPR ≤ 1% | Caught |
|---|---|---|---|---|
| Straight-line teleport (no humanizer) | 500 | 0.995 | 98.6% | 98.2% |
| Bezier-curve humanizer (held-out) | 500 | 0.999 | 99.6% | 99.6% |
| Quantized bezier humanizer (held-out) | 500 | 0.999 | 99.6% | 99.6% |
| WindMouse (physics-based) | 499 | 1.000 | 99.4% | 97.0% |
| NaturalMouse (physics-based) | 500 | 1.000 | 100.0% | 100.0% |
Control: 160 real, held-out human movements scored through the same pipeline. Zero flagged.
Curving the path changes how it looks, not what a hand actually leaves behind. Every approach here still lands north of 97% caught, on desktop, from motion alone.
Then browserless.io shows up
browserless.io sells remote headless Chromium as an API. You drive a real browser through a query language called BrowserQL without running Chromium yourself. It is a legitimate product with legitimate uses, and it is also a popular way to run bots.
BrowserQL ships a "humanlike" mode. Turn it on and clicks and scrolls fire as trusted events, and the mouse is routed through curved, human-shaped paths instead of teleporting from A to B. In the traffic we test against, about 70% already runs with humanlike mode on. People are already trying this.
Curved isn't human
The shape of a path is half of what a hand leaves behind, not all of it. cursor_v2, the same model that flagged an LLM agent driving the Camoufox stealth browser in an earlier test, does not grade a movement on shape alone. Whatever else it grades, humanlike mode did not touch. A curved path is a better-looking version of the same teleport.
Live, on real captured browserless.io traffic with humanlike mode on, cursor_v2 catches all of it. In a controlled side-by-side of 54 real captured browserless sessions against 529 real human ones, the combined system caught all 54 and flagged about 1% of the humans.
| Metric | Result |
|---|---|
| Live browserless "humanlike" sessions caught | 100% |
| In-distribution recall @ FPR ≤ 1% | 99.5% |
| Human false-positive rate at threshold | 0.6% |

browserless.io did the geometry well: curved paths, trusted click events. Caught anyway, because the shape of a path was never the whole story. The same independence runs through the two-stage stack in catching bots that don't want to be caught.
What this catches, regardless of the browser
None of this depends on how the browser was automated. Playwright, Puppeteer, a raw CDP session, browserless.io's API: the model never sees any of that. It sees whether a real hand was on the mouse, and a script, however well it fakes the shape of a path, still is not one.
If you are specifically trying to shut Playwright out, how to block Playwright covers the fingerprint side; motion is the layer that holds when the fingerprint is clean. For the broader signal set behind stealth automation, see how to detect AI agents and stealth browsers.
The limits, stated plainly
A security writeup is only worth reading if it is honest about its edges.
The false-positive rate is low, not zero. At the shipped threshold the human false-positive rate is 0.6%, and in the side-by-side about 1% of real humans were flagged. That is a real cost, and it is why production waits for several bot-scoring movements in a row before it acts rather than reacting to one odd gesture.
The browserless result is measured against a finite sample of real human sessions, not every cursor that will ever exist. Read the 100% as cleared for this capture and this control, and the open lever as breadth of real human motion to calibrate against.
These numbers are the per-movement view, before production debouncing. They also intentionally omit what the model actually looks at, its thresholds, and anything a bot author could use to tune around it.
How cside fits
cside gives you visibility into every script, request, and session touching your site, plus the behavioral signal to tell real users from the automation hiding among them. The cursor model is one layer in a detection stack that already separates humans, good bots, and malicious agents at the browser layer, after the static tells have been spoofed.
Explore cside AI agent detection





