What is Web Bot Auth?
Web Bot Auth is an emerging open standard, backed by active IETF drafts, that lets AI agents cryptographically sign their HTTP requests so receiving websites can verify their identity. Think of it as a passport system for agents: when an agent is provisioned by its provider, it carries a credential that sites verify in real time, replacing the fingerprint heuristics that today treat all automation as suspicious.
What is Web Bot Auth?
The web has spent two decades operating on a single rule: if it isn't human, it's a threat. That was a defensible assumption when automation mostly meant scrapers and fraud. It isn't anymore. Nearly half of web traffic in 2024 was non-human, and a growing share of that traffic is doing work someone explicitly authorized — checking inventory, pulling invoices, syncing CRMs. The problem is that websites have no native way to distinguish those agents from credential-stuffing bots: same fingerprint, same behavioral pattern, same anonymous HTTP request. Web Bot Auth is the standard being built to fix that.
How Web Bot Auth works
Web Bot Auth is an emerging open standard, backed by active IETF drafts, that lets AI agents cryptographically sign their HTTP requests using HTTP Message Signatures. Every outgoing request from a verified agent carries a signature linked back to the agent provider's public key. The receiving site — or a security layer in front of it — verifies that signature in real time, the same way TLS verifies a server's identity.
The mental model is a passport system. When an agent is provisioned by its provider (Notte, an enterprise's internal platform, another origin), it's issued a cryptographic credential that travels with every request. Sites no longer guess whether a session is "probably real" based on heuristics; they verify it the way they'd verify any other signed exchange. Either the identity is valid or it isn't.
Identity, not intent
Web Bot Auth solves who. It doesn't solve what.
| Web Bot Auth covers | Out of scope | |
|---|---|---|
| Who is this agent | ✓ cryptographic identity | |
| Which provider issued it | ✓ verifiable signature | |
| What the agent is authorized to do | scope / permissions | |
| Audit trail of agent actions | governance layer | |
| Per-action rate limits | enterprise policy |
Knowing an agent is "Acme Corp's procurement bot" tells the receiving site it's a legitimate actor; it doesn't tell the site whether the action it's about to take is one Acme actually approved. Enterprises deploying verified agents will still need a governance layer on top — access policies, audit trails, scoped rate limits — none of which Web Bot Auth itself provides.
The adoption problem (and why it's converging)
Adoption follows the same chicken-and-egg curve every prior internet primitive has: sites won't verify until enough agents sign, and providers won't sign until enough sites verify. Three signals suggest the loop is starting to close:
- Major infrastructure providers — companies that sit in front of a significant share of the web — have shipped verification on the receiving side. Any site behind them can already distinguish verified agents from anonymous traffic.
- Browser automation providers, including Notte, are integrating signing on the agent side. Enterprises deploying agents on these platforms operate as verified traffic without setting up keys themselves.
- The IETF working drafts have stabilized to a shape implementations are converging on.
The historical analogy from our Forbes piece earlier this year is the same architectural pattern as past shifts: SSL when e-commerce went mainstream, OAuth when federated identity went mainstream, token-based auth when mobile apps went mainstream. Early movers tend to capture disproportionate value when the standard becomes the default.
Common pitfalls
- Treating Web Bot Auth as a substitute for governance. It tells the receiving site who's at the door; it doesn't enforce what they can do once inside.
- Assuming verification means trusted. A signed request from a misconfigured agent is still misconfigured. Enterprises need their own access controls.
- Skipping it entirely. As more sites verify, unsigned agent traffic increasingly defaults to "treat as bot" — rate limits, CAPTCHA challenges, outright blocks.
Key takeaways
- Web Bot Auth is an emerging IETF-backed standard for cryptographically identifying AI agents to websites via signed HTTP requests.
- It's the closest thing to a passport for agents: verifiable provider-issued credentials replacing fingerprint-based heuristics.
- It addresses identity, not intent. Enterprises still need a governance layer on top.
- Adoption is early but converging on both sides. Notte ships agent-side signing natively, so workflows on Notte are verified traffic by default once enough sites verify.