Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

As the distinction between malicious and beneficial bots becomes blurred due to increased AI traffic, Cloudflare proposes using cryptographic methods to authenticate bots. This approach includes HTTP message signatures and request mTLS to verify bot identity. These methods aim to replace outdated IP address validation, providing a reliable way for bots to declare their identity. Both mechanisms are explored, with the potential to integrate them into broader bot management and AI audit systems, aimed at enhancing both security and traffic control for websites.

Forget IPs: using cryptography to verify bot and agent traffic

Existing bot verification mechanisms are broken