AgentBouncer launches its public beta and AI agent verification SDK

AgentBouncer launches its public beta
We are launching the public beta of AgentBouncer, a service for verifying signed requests from AI agents and controlling their access to APIs and MCP tools.
The beta includes the first release of our JavaScript and TypeScript SDK, integration documentation, and access to the AgentBouncer verification API.
Anyone can apply to participate. For now, registration is available through invitation links and access requests. We are onboarding users gradually so that we can manage the initial load, help with early integrations, and investigate unexpected verification cases as they appear.
There is no paid plan or artificial participation limit during this stage. If you do not have an invitation link, submit a request through the website and we will get in touch.
- Website: agentbouncer.io
- npm: @agentbouncer/sdk
- GitHub: agentbouncer-js
- Contact: hello@agentbouncer.io
Why we built AgentBouncer
AI agents are moving beyond web browsing. They are calling APIs, using MCP tools, accessing databases, interacting with payment systems, and triggering actions in external applications.
A plain User-Agent header is not enough to establish trust. Anyone can copy it. A backend needs a reliable way to answer a different set of questions:
- Did the claimed AI agent actually send this request?
- Was the request modified after it was signed?
- Has the signature expired?
- Is someone trying to replay an earlier request?
- Is this agent allowed to use a particular endpoint or tool?
- Should the request be accepted, rejected, or observed without blocking?
AgentBouncer was created to handle this verification layer.
The service validates the cryptographic signature of an incoming request and returns a structured decision that can be used by the application. This can be a simple signature check or a policy-aware decision based on the project, key, provider, endpoint, and configured access rules.
More than signature verification
A valid cryptographic signature answers one question: who sent the request?
Production systems also need to decide what that identity is allowed to do.
AgentBouncer adds an access-policy layer on top of signature verification. Applications can define rules for individual projects and endpoints, allow particular providers or project keys, monitor traffic before enforcing restrictions, and review verification events in one place.
The MONITOR_ONLY mode is useful during the initial rollout. AgentBouncer still verifies incoming traffic and records requests that would normally be blocked, but the application can continue serving them. Once the integration has been tested against real traffic, stricter enforcement can be enabled.
Built around open standards
AgentBouncer works with signed HTTP requests and is built around modern HTTP Message Signatures mechanisms, including RFC 9421 and Web Bot Auth.
We did not want to introduce another proprietary identity format for AI agents. The goal is to make existing open standards practical for everyday backend development, without requiring every team to implement cryptographic verification, public-key discovery, timestamp validation, and replay protection on its own.
AgentBouncer verifies the signature and its time constraints, resolves the signer’s public key, and applies the project’s access policy. The resulting decision can be used in Next.js, Express, MCP servers, or other JavaScript and TypeScript backends.
Get started
Install the SDK from npm:
npm install @agentbouncer/sdk
A basic Express integration looks like this:
import { verifyAgent } from "@agentbouncer/sdk";
app.use(
verifyAgent({
apiKey: process.env.AGENTBOUNCER_KEY,
})
);
app.get("/api/products", (req, res) => {
if (!req.agent?.verified) {
return res.status(403).end();
}
res.json({
price: 100,
});
});
The SDK sends the request for verification and returns a structured result. Applications can inspect that result through verify() or use require() to reject requests whenever the final allowed decision is false.
Cryptographic verification and access-policy enforcement are intentionally treated as separate signals.
For example, a request in monitoring mode may fail signature verification but still be allowed:
{
"verified": false,
"allowed": true,
"wouldBlockReason": "bad_signature"
}
This makes it possible to introduce AI agent verification gradually instead of turning on strict blocking before the integration has been tested with real traffic.
Designed for MCP and agent-to-agent communication
Protecting Model Context Protocol servers is one of the main use cases for AgentBouncer.
MCP provides a standard way for AI agents to discover and call external tools. That also creates an immediate security question: which agents should be allowed to use each tool?
A public MCP endpoint may expose search, internal data, document creation, messaging, database access, or paid operations. In these cases, an API key alone may not provide enough context. The server also needs a way to verify the agent making the request and apply rules to its identity.
AgentBouncer can sit in front of an MCP tool as a verification layer:
- An agent sends a signed request.
- AgentBouncer resolves the public key and verifies the signature.
- The request time window and replay protection are checked.
- The project’s access policy is evaluated.
- The MCP server receives a final allow or deny decision.
We expect this model to become increasingly important as AI-to-AI and agent-to-agent communication grows.
When software agents communicate and execute actions without constant human supervision, trust cannot depend on a name or a self-declared HTTP header. Systems need verifiable identity, limited permissions, explicit policies, and an audit trail.
What is available in the open beta
The first public release includes:
- signed HTTP request verification;
- support for Web Bot Auth and RFC 9421;
- provider public keys and project-specific keys;
- signature timestamp validation;
- replay-attack protection;
- configurable project access policies;
- monitoring without immediate request blocking;
- verification events and diagnostic information;
- a JavaScript and TypeScript SDK;
- a REST API for other languages and platforms;
- integration patterns for APIs and MCP servers.
This is an open beta, so some API details and interfaces may still change. At this stage, real-world integrations matter more than polished demos.
We want to test AgentBouncer with serverless platforms, reverse proxies, custom MCP clients, different hosting environments, and signed requests from a growing range of AI agents.
How to get access
Registration during the public beta is available through invitation links and access requests.
If you already have an invitation, you can use it to create an account and set up your first project. Otherwise, submit the application form on the AgentBouncer website.
We are onboarding users in stages. This helps us manage the initial service load, support early integrations, and investigate less predictable environments such as reverse proxies, CDNs, serverless platforms, and custom MCP clients.
Participation is currently free. We do not plan to impose an artificial limit on applications, although response times may depend on the number of requests we receive.
Feedback is welcome
At this stage, real integrations are more useful to us than polished demos.
If you are building an MCP server, an AI tool, an agentic application, or an API for autonomous agents, apply for access and try connecting AgentBouncer to your project.
We are particularly interested in:
- SDK integration issues;
- signed requests generated by different AI agents;
- MCP server security use cases;
- access-policy requirements;
- deployments behind CDNs and reverse proxies;
- serverless and edge environments;
- ideas for improving the API, event logs, and analytics.
You can reach us in several ways:
- email us at hello@agentbouncer.io;
- use the contact form on the website;
- join the Discord community;
- open an issue or discussion on GitHub.
AgentBouncer is still in beta, so some interfaces and API details may change. On the other hand, this is a good time to influence the product and tell us what developers of MCP servers and AI agent infrastructure actually need.
This is the first public release. Next, we plan to expand provider support, introduce more flexible access policies, and build additional tools for secure AI-to-AI communication.
Welcome to the AgentBouncer public beta.