TL;DR: Agents need to be recognized on the web. We’re introducing agent identity, powered by Web Bot Auth and partners like Cloudflare, Fingerprint, and 1Password, with Verified as the first step.
Over the past nine months, we’ve been building toward something that doesn’t look new at first glance. The underlying capabilities are familiar, but their meaning has changed. What we previously framed as stealth is more accurately described as identity.
Agents without identity
If you’ve worked with browser agents, you’ve likely run into the same limitation. Things work in controlled environments, but break down on the real web. Sessions fail, access becomes inconsistent, and entire flows stop working once bot protection systems get involved. Your agent isn’t necessarily doing anything wrong … it just doesn’t look like anything at all. 😬
From the perspective of most websites, your agent is a new user every time. The browser environment changes, device characteristics shift, the network origin rotates, and there is no continuity across sessions. Without consistency, there is no identity. And without identity, everything is treated as unknown.
Historically, this problem was approached through stealth. The goal was to make each session look realistic enough to pass. This meant generating believable fingerprints, handling CAPTCHAs, and aligning signals so the browser didn’t immediately stand out. At a deeper level, it meant replicating environmental signals through a controlled browser environment so the system behaved like a human-operated one.
But framing this as stealth implies something adversarial, as if the goal is to sneak through systems undetected. It feels shady. In practice, most browsers agents (or agents) aren’t trying to do that. Developers are building legitimate workflows across testing, data extraction, content aggregation, and increasingly, agents that need to interact with real interfaces. These systems aren’t malicious, but the web has no way to distinguish them from ones that are.
So, for the sake of safety, everything gets treated the same.
Identity, not evasion
What we’ve built is better understood as identity. Instead of optimizing for passing individual checks, the system focuses on consistency over time. The browser environment remains coherent across sessions, and the agent behaves like the same user returning rather than a new one appearing each time. The goal is not to look human once, but to be recognizable across interactions.
We’ve been developing this approach in collaboration with partners across the anti-bot and identity ecosystem, including Cloudflare, Fingerprint, and 1Password.
Through our partnership with Cloudflare, we’ve helped pioneer Web Bot Auth, a new identity layer that allows agents to present a cryptographically signed proof of who they are. Instead of relying on weak signals like IPs or user agents, an agent can now arrive at a site with something closer to a passport that can be verified by the site and its anti-bot providers.
With Fingerprint, we’re extending this into authorized agent detection, where agents can be recognized and verified across hundreds of browser, device, and network signals. This allows platforms to move beyond blanket blocking and toward identity-based access control, where trusted browser agents can be distinguished from abuse.
And with 1Password, we’re connecting identity to real user credentials by allowing agents to securely access the same systems humans do, and using the same vaults people already trust.
Together, these partnerships form the foundation of agent identity as a shared system.
As part of this shift, we’re introducing Verified as an early step toward making agent identity usable in practice. It allows agents to run with a stable, reproducible presence and ties that identity into Web Bot Auth that can actually interpret and validate it.
The web is moving from a human-only environment to one where agents are also participants. Without identity, agents remain transient and untrusted. But with it, a different model becomes possible where legitimate browser agents can operate within the same systems rather than against them.
Get verified browsers from our team → Contact us
