DataDome Bot Protect now supports Web Bot Auth, an emerging IETF authentication standard that enables AI agents to prove their identity with cryptographic verification. This advancement allows DataDome customers to authenticate legitimate AI agents with unforgeable signatures while maintaining robust protection against impersonation and fraud—eliminating the lose-lose choice between blocking potential business or accepting fraud risk.

What is Web Bot Auth & why is it important?

Consumer adoption of AI agents for e-commerce is still relatively small today, but it is growing rapidly. Security teams currently face a tough choice in how to respond to this new traffic type: block suspicious or unknown AI agents and risk losing legitimate business, or trust existing identifiers in user agent strings that fraudsters can easily forge and risk higher fraud costs. This lose-lose proposition exists because the identity of an AI agent is uncertain and imprecise.

For example, an agent can claim “I am ChatGPT” by simply adding the following text to its User-Agent header: GPTBot/1.3; +https://openai.com/gptbot. That’s it. No verification, no authentication: just a text string.

Attackers know this. They impersonate search engines to scrape pricing data, pretend to be monitoring tools while probing for vulnerabilities, and masquerade as legitimate AI agents to bypass defenses. 

An emerging IETF standard, Web Bot Auth, is a new authentication method for AI agents that addresses this problem by allowing AI agents to prove their identity with high confidence when interacting with web resources. 

Web Bot Auth uses unique cryptographic signatures, like digital passports, that can’t be forged in e-commerce interactions. As a de facto solution, Web Bot Auth has already been widely adopted by payment companies, AI platforms, and major cloud providers like Amazon Bedrock AgentCore.

Amazon Bedrock AgentCore now supports Web Bot Auth (in preview), providing AI agents with verifiable cryptographic identities. DataDome backs AgentCore to validate this verification process and minimize friction for verified AI agents across authorized domains. With DataDome and AgentCore, customers can establish continuous agent trust relationships for domains that require agentic AI access to meet business needs.

Unforgeable cryptographic proof

Web Bot Auth requires AI agents to attach a cryptographic signature to every HTTP request validated by DataDome.

Each signature proves two critical things:

• AI agent identity: Identify which AI platform is making the request (e.g., OpenAI, AWS) and consequently apply appropriate business policies
• Request integrity: Ensure requests remain unaltered, removing speculation and preventing fraudulent behavior

1. The AI agent includes its signed data, as well as some metadata (validity, key ID, tag, etc.) inside the Signature and Signature-input request headers.
2. DataDome analyzes 100% of the requests by the AI agent and verifies the signature using the public key from the provider platform, which is available at a well-known location, continuously.
3. With agent authentication established, guesswork and impersonation are eliminated. In DataDome’s dashboard, customers can then enforce granular traffic policies tailored to specific endpoints. For example, they can allow access to product pages while rate limiting login attempts for a particular agent.

Example using Amazon Bedrock AgentCore:

GET /products/xba456 HTTP/1.1

Host: yourdomain.com

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Amazon-Bedrock-AgentCore-Browser/1.0 (Chromium; +https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html)

Signature-Agent:"https://zxy...5abc.keydirectory.signer.us-east-1.on.aws"

Signature-Input: sig1=("@authority" "signature-agent");created=176762217;alg="ed25519";keyid="WNTmN5bl8...PcD476nwN";tag="web-bot-auth";expires=1767625817;nonce="YkfwQ...X_DvyHAbIRmsdnyjI"

Signature:sig1=:K+XW0IAT2yCK...aFCG7kZSEER8tgAQ==:

Accept: application/json

Web Bot Auth is a key enabler of DataDome’s Bot Protect with Agent Trust. It works by authenticating every digital interaction from an AI agent that follows this protocol, constantly verifying its identity. These verified identities enable organizations to set granular access policies per AI agent. Decide which parts of your site they can access: welcome them on product pages and public content, while protecting login flows, checkout processes, or sensitive customer data. 

Instead of blocking AI agents entirely or leaving your site exposed, you set guardrails that align with your business strategy to ensure controlled growth.

What Web Bot Auth means for your security posture

• Eliminate false identity risks and manual allow-list overhead with cryptographically verified agentic authentication. Distinguish legitimate search crawlers, partner APIs, and AI agents from sophisticated impersonators. Your security team stops managing allow lists manually, reducing operational burden while closing impersonation attack vectors.
• Guarantee business continuity for critical automated traffic. Authenticated bots and AI agents pass through instantly with cryptographic verification. No manual security reviews delaying partner integrations. No false positives damaging SEO rankings or blocking essential services. Protection with zero friction.
• Reduced operational overhead. Stop investigating “is this really ChatGPT?” tickets. Stop maintaining brittle IP allowlists that break when services change infrastructure.
• Zero setup for existing customers and fast onboarding for new customers.
  DataDome manages public keys, validates signatures, handles caching, and protects the verification pipeline. Your team deploys nothing.

The agentic AI era needs Agent Trust

AI agents are multiplying fast. Some play by the rules and identify themselves properly. Many don’t. As agentic traffic grows in the following months, cryptographic authentication will become the baseline expectation, not a nice-to-have capability.

But Web Bot Auth only solves half the problem. It tells you which agentic platform the request is coming from, but doesn’t tell you what the AI agents are trying to do.

That’s where intent-based detection matters. DataDome validates legitimate users and AI agents with continuous identity verification and intent-based detection. Our Cyberfraud Protection Platform analyzes behavior in real-time by examining every click, request pattern, and interaction throughout the customer journey to determine whether an agent’s actions align with legitimate use.

For example, a verified agent could technically follow the Web Bot Auth protocol while hoarding inventory to block human customers, proving that cryptographic identity alone is insufficient. A cryptographically verified—authenticated and known—agent can still abuse the service without pre-established and enforceable guardrails.

This abuse is significant, including inventory hoarding in e-commerce, which prevents legitimate purchases, degrades user experience, and bypasses traditional detection. Authenticated AI agents and bots can also be used for data scraping, credential stuffing, or DDoS attacks, exploiting verified trust to mask malicious intent.

DataDome implements Agent Trust as a crucial defense layer that moves beyond “who are you?” to intensely focus on “what is your intent and behavior?” Every digital interaction with an AI agent is authenticated, accountable, and aligned with legitimate business value and terms of service.

Agent Trust continuously assesses what the AI agent is doing, why it’s doing it, and whether it continues to deserve trust as it acts. This enables frictionless interactions for verified and trusted AI agents within defined guardrails, while automatically blocking malicious AI and limiting untrusted agents before they can cause damage.

Web Bot Auth signature verification is live now for all DataDome customers. No setup required.

Need verification for your AI agent? Pre-verify your AI agent with DataDome to guarantee uninterrupted access across your protected sites while ensuring legitimate automation operates without friction and automated threats are blocked.