Web browsers and Cloudflare team up to authenticate human traffic to combat the growing malicious bot hordes and keep…

Cloudflare and web browsers to develop new internet protocol

PACT protocol will help to verify legitimate web access from human and bots

Users will be given an anonymized "personhood" token to show they have a real reason to access a website

Now that bot traffic on the internet has officially surpassed human HTTP requests, both web browsers and web infrastructure providers agree something needs to be done, especially as AI agents enter the fray.

Today, Cloudflare has announced a joint initiative with Mozilla Firefox, Google Chrome, and Microsoft Edge to launch a new internet protocol designed to verify if web access is legitimate or malicious - without intruding on user privacy.

Private Access Control Tokens (PACT) will act as anonymous tokens that verify legitimate access by both humans and authorized agents without the need for user logins or CAPTCHAs that cause friction and harm the browsing experience.

Cloudflare establishes PACT with web browsers

To start, PACT won’t deny access to automated traffic completely. According to Cloudflare, the protocol is designed to recognize legitimate access from certain bots. As consumers and businesses turn to new automations provided by AI agents, there is still a legitimate case for allowing certain bots to access websites.

For many AI agents, there is still a human at some point in the loop with a real reason for accessing a website. PACT offers an anonymous “personhood” token that is attached to the user’s browser. This token uses “trusted information from contexts that have authentic relationships with people” to verify legitimate access “while keeping that information private.”

StatCounter places the combined market share of Chrome, Firefox, and Edge at around 77%, meaning that the PACT protocol will likely roll out to the majority of internet users.

“PACT will further empower businesses to identify genuine visitors, ensuring they can focus their resources on the traffic that matters to them,” CloudFlare said in the announcement. “Using PACT on Cloudflare’s network raises the bar for trustworthiness and integrity online without the traditional costs.”

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“In commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart. Merchants need effective protections against automated abuse, but buyers shouldn’t have to pay for them with unnecessary friction or invasive tracking,” said Ilya Grigorik, Distinguished Engineer at Shopify.

“Shopify is proud to help develop PACT as an open, privacy-preserving standard that can help the millions of businesses on our platform distinguish legitimate shoppers and authorized agents from abusive traffic while preserving buyer privacy."

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.