Verifying Bots and Agents with Cryptography in the Age of AI

#ThisWeekinNET — Episode 95

In this episode, host João Tomé is joined in Cloudflare’s Lisbon office by our Senior Research Engineer Thibault Meunier to explore a new proposal that could reshape how bots interact with the web in the age of AI.

⏱️ Timestamps:

02:19 Thibault’s role at Cloudflare in the Research team

02:50 Why Cloudflare is proposing that bots use cryptographic signatures

04:20 How content creators can benefit from this protocol in the AI age

07:00 Feedback from AI companies like OpenAI

09:40 Changes in the type of crawling happening online

11:00 Feedback from content creators

15:30 Why these changes are happening now

20:00 How user agents can be spoofed: current trust assumptions about bots

21:48 Comparison with post-quantum cryptography protocols and adoption

24:00 How long it may take for the protocol to start making a difference

25:27 Can this proposal help prevent abuse and attacks

27:13 Use cases and the culture of the Research team at Cloudflare

29:30 An underrated protocol

32:00 MCP protocol

We go into Cloudflare’s proposal of using cryptographic signatures for bots, enabling websites to verify their identity. Why is this important? As AI systems rely increasingly on online content, this standard could help build a better relationship between content creators and AI platforms.

To wrap up, Principal Engineer Kevin Guthrie walks us through the blog post “Performance measurements… and the people who love them”, which explores how teams can better measure, visualize, and communicate web performance, beyond raw metrics.

🔗 Watch more episodes on our show page: cloudflare.tv/ThisWeekInNET

#ThisWeekInNET