Modern web abuse rarely looks like a traditional attack. Bots scrape content slowly, spam blends in with real users, and malicious clients often behave just well enough to avoid static rules. Many Python web applications rely on rate limiting, IP blocking, or simple pattern matching, which can miss these kinds of threats or create unnecessary false positives.
This talk explores a behavior-based approach to securing Python web applications using lightweight AI techniques that run directly inside application middleware. Rather than focusing on heavy models or external security services, the session looks at how Python developers can use signals they already have, request timing, headers, paths, and error patterns, to detect abuse more reliably.
The ideas in this talk are drawn from building and testing adaptive security middleware across multiple Python web frameworks, including Django, Flask, and FastAPI. Attendees will learn what signals are useful, where AI helps, where it doesn’t, and how to design security systems that fail safely and respect user privacy.