Cloudflare Expands AI Bot Verification, Web Bot Auth and x402 Payments

The Internet is learning to recognize AI agents
Until recently, websites had to answer a relatively simple question: is this visitor a human or a bot? That distinction is no longer enough.
Today, automated web traffic includes search crawlers, model-training bots, user-directed AI assistants, payment agents and software that performs specific tasks on a person’s behalf. Their HTTP requests may look similar, but their purposes can be completely different.
On July 1, 2026, Cloudflare introduced a more detailed approach to managing this traffic. Its new model separates three major use cases:
- Search — indexing content for search and answer systems;
- Agent — an AI agent acting on behalf of a user;
- Training — collecting content to train or fine-tune models.
Instead of treating every AI-related request in the same way, website owners can create more precise rules. A site may allow search indexing, prohibit model training and apply a separate policy to user-directed agents. (blog.cloudflare.com)
Who is actually visiting the website?
Cloudflare also introduced BotBase, a database of known bots and agents. Its purpose is to give website owners more information about automated visitors and the activities associated with them.
Under the updated model, a Verified label does not mean that a bot must always be allowed. It means that its operator identifies it transparently, describes what it does and follows the website owner’s rules. One of the supported verification methods is a cryptographic Web Bot Auth signature. (blog.cloudflare.com)
This is an important change. The industry is moving beyond the basic “bot or not” decision and starting to ask more useful questions:
- Who sent the request?
- On whose behalf is the agent acting?
- What is it trying to do?
- Is it allowed to access this particular resource?
- Can it store or reuse the content?
- Should access be free or paid?
This is also the direction in which AgentBouncer is being built.
Where AgentBouncer fits
Cloudflare is developing traffic classification and enforcement within its global network. AgentBouncer solves a related, but different, problem.
AgentBouncer verifies cryptographically signed AI-agent requests using Web Bot Auth and HTTP Message Signatures. It identifies the claimed agent, retrieves the provider’s public key and returns a verification result to the application.
Cryptographic identity, however, is only the first step.
A passport may prove who a person is, but it does not automatically give them access to every building. In the same way, an AI agent’s signature primarily answers one question:
Who sent this request?
AgentBouncer adds the next decision:
Can this agent be trusted, and should it be allowed to access this specific API, MCP tool or dataset?
That decision can include endpoint-specific policies, scopes, reputation signals, request velocity, behavioral anomalies and rules defined by the resource owner. AgentBouncer is also CDN-independent: it can protect a backend, API or MCP server without requiring the application to use a particular edge network. (agentbouncer.io)
From identity to payment
Alongside the new bot-management options, Cloudflare announced its Monetization Gateway for paid access to web pages, datasets, APIs and MCP tools.
The proposed system uses the open x402 protocol and the HTTP status code 402 Payment Required. When an agent requests a paid resource, the server returns the price and payment requirements. The agent pays, repeats the request with proof of payment and receives the resource after the payment has been verified. (blog.cloudflare.com)
In this model, identity and payment become parts of the same request flow:
- The agent signs its request.
- The server verifies the agent’s identity.
- An access policy determines what the agent may do.
- The server requests payment when necessary.
- The resource is returned after identity and payment checks succeed.
Cloudflare explicitly describes Web Bot Auth as an authentication option that can be combined with usage-based x402 payments. Some resources may require only payment. Others may require both payment and verified agent identity. (blog.cloudflare.com)
This is particularly relevant to AgentBouncer. Our focus is closer to the application layer: protecting APIs and MCP tools, supporting resource-owner policies, custom keys, scopes, delegated permissions and infrastructure-independent verification.
These are complementary ideas
We welcome Cloudflare’s initiatives.
When a major Internet infrastructure company invests in agent directories, cryptographic verification, configurable access policies and machine-native payments, it is a strong signal that this is no longer an isolated experiment.
Cloudflare and AgentBouncer operate at different layers:
- Cloudflare detects traffic and applies rules across its network;
- AgentBouncer helps an application make its own decision at the API, backend or MCP layer;
- Web Bot Auth and HTTP Message Signatures provide a shared cryptographic foundation;
- x402 can provide a payment layer for machine access.
These components can work together.
A website could use Cloudflare for initial traffic filtering, AgentBouncer for signature verification and application-specific authorization, and x402 for paid requests. Another service could deploy AgentBouncer directly in front of its backend without using Cloudflare at all.
The rules of the next Internet
AI agents are becoming active participants in the web. They search for information, call tools, compare products, interact with APIs and complete transactions.
This new Internet needs clear answers to three questions:
- Who are you?
- What are you allowed to do?
- Who pays for the request?
Cloudflare is developing the infrastructure layer of this model. AgentBouncer is building an independent trust and policy layer for AI agents, APIs and MCP tools.
We are glad to see the broader industry moving in the same direction: away from anonymous automated traffic and toward verifiable agents, transparent policies and controlled access.
The future of the web is not about blocking every bot. It is about knowing who is at the door, why they are there and under what conditions they should be allowed in.