Today, we’re excited to announce the addition of Web Bot Auth (WBA) support in AWS WAF, providing a secure and standardized way to authenticate legitimate AI agents and automated tools accessing web applications. This new capability helps distinguish trusted bot traffic from potentially harmful automated access attempts.
Web Bot Auth is an authentication method that leverages cryptographic signatures in HTTP messages to verifythat a request comes from an automated bot. Web Bot Auth is used as a verification method for verified bots and signed agents. It relies on two active IETF drafts: a directory draft allowing the crawler to share their public keys, and a protocol draft defining how these keys should be used to attach crawler’s identity to HTTP requests.
AWS WAF now automatically allows verified AI agent traffic Verified WBA bots will now be automatically allowed by default, previously Category AI blocked unverified bots, this behavior is now refined to respect WBA verification.
To learn more, please review the documentation.
Categories: marketing:marchitecture/security-identity-and-compliance,general:products/aws-waf
Source: Amazon Web Services
Latest Posts
- GCP Release Notes: March 06, 2026
- (Updated) Microsoft 365: Modern Access Request and Access Denied web page [MC1188599]
- (Updated) Introducing Surveys Agent and Copilot Chat in Microsoft Forms [MC1229954]
- (Updated) Upcoming change: disabling Teams meeting recording expiration notification emails [MC1245635]
