Browserbase has announced a partnership with Cloudflare to bring identity to AI agents through a new framework called Web Bot Auth. The initiative aims to solve a growing problem where websites struggle to distinguish between helpful AI agents and malicious bots reliably.
The companies describe Web Bot Auth as a kind of “passport” for AI agents. Instead of relying on IP addresses or user-agent strings, Browserbase can cryptographically verify that an agent is legitimate. When an agent visits a site, its digital passport is checked and the website can decide whether to grant access.
The rise of autonomous agents has made the issue of identity more pressing. Once limited to large-scale crawlers, bots are now being deployed widely for tasks such as automating compliance, improving AI outputs with real-time data and using enterprise applications. Browserbase argues that identity is the missing layer holding back more complex AI workflows.
Reacting to the announcement, Garry Tan, CEO of Y Combinator, wrote on X, “Cloudflare-Browserbase axis of evil was not in my bingo card for 2025. Legalise AI agents.”
Dane Knecht, CTO at Cloudflare, responded that the standard is meant to keep the internet open, and put out a question, “Would you have the same position for Reddit?”.
“This pushes forward a transparent, open standard where we help our customers verify the signatures and give website owners full control,” he further said. “We welcome conversation and debate for how to make it work for all sides.”
Browserbase says it is already working with pilot customers and other anti-bot providers to broaden adoption. The company hopes that when websites see an AI agent with a Browserbase identity, it will signal trustworthiness and a legitimate human intention behind the interaction.
Cloudflare recently decided to block AI crawlers by default, which has invited some criticism. Now with a new partnership, there seems to be more to discuss.
