Last October I started thinking about how bots and agents could authenticate to apps at scale without legacy mechanisms like hard-coded IP addresses. We started shipping an early prototype based simple public key cryptography. As we were talking to industry partners about actually shipping such a system we found out that @thibmeu was working on something very similar for Cloudflare research. This led to Web Both Auth as a new IETF proposal and today we are shipping support on Vercel's firewall and our BotID product. Back then I started writing a blog post and I feel it still does a good job explaining why such new tech is needed and so I attached it here as an image
Vercel's bot verification now supports Web Bot Auth, a new cryptographic protocol that helps prove a bot’s authenticity. vercel.com/changelog/verc…