Anchor + Fingerprint.com : Authorized AI agent identity on the web

TL;DR

Today, Anchor Browser is joining Fingerprint’s new Authorized AI Agent Detection ecosystem, so websites can verify that requests are coming from an authorized Anchor agent using cryptographic identity, and distinguish trusted automation from malicious bots and scrapers. (Business Wire)

This builds on our earlier work with Cloudflare on signed, verified automation traffic. (anchorbrowser.io)

Why this matters now

The web is shifting from “block all bots” to “verify who is calling”. If your automation is legitimate and permissioned, it should not be forced to look like a human, route through questionable proxy setups, or fight endless anti bot heuristics.

At the same time, site operators need a reliable way to allow the good traffic without opening the door to scraping, account takeover attempts, or fraud. (Business Wire)

The missing primitive is simple: a cryptographic identity for agents.

What’s new

With Fingerprint’s Authorized AI Agent Detection, websites can verify authorized AI agents “with 100% certainty” (Fingerprint’s claim) and apply policy based on agent identity instead of generic bot heuristics. (Business Wire)

The ecosystem includes authorized agents from:

• OpenAI
• Amazon Web Services (AgentCore)
• Manus
• Anchor Browser

Under the hood, this uses Web Bot Auth and HTTP message signatures, the same direction supported by Cloudflare and Akamai, and progressing through IETF standardization. (Business Wire)

How it works

At a high level, the flow is:

1. Anchor signs outbound HTTP requests from your agent sessions using HTTP Message Signatures (RFC 9421). (IETF Datatracker)
2. Public keys are discoverable via a well known directory so verifiers can fetch and validate identity. (Cloudflare Docs)
3. Fingerprint (and participating verifiers) validate signatures and map the request to an authorized agent identity, enabling allow, rate limit, or block decisions based on who the agent is, not on guesswork.

If you want the longer view on why signed identity is the right end state for legitimate automation, our earlier Cloudflare verified agents post goes deeper. (anchorbrowser.io)

Who benefits

• Enterprises running real workflows
  Keep automation reliable across fraud defenses without getting lumped in with scrapers.
• Websites and platforms
  Permit specific agent operators, block the rest, and keep enforcement crisp and auditable.
• Builders on Anchor
  Fewer flaky sessions, fewer brittle workarounds, and a clearer path to “approved automation” for high trust targets.

Get started

If you are already building on Anchor and need signed agent identity for protected targets, enable Web Bot Auth signing in your Anchor environment and validate against your target’s verifier. (docs.anchorbrowser.io)

If you are a site operator who wants to allow trusted agents while blocking abuse, start by integrating Web Bot Auth verification and then layer policies per agent identity.

References

• Fingerprint Authorized AI Agent Detection announcement (Feb 3, 2026). (Business Wire)
• Web Bot Auth overview and integration details (Cloudflare docs).
• IETF Web Bot Auth working group. (IETF Datatracker)
• RFC 9421: HTTP Message Signatures. (IETF Datatracker)
• Anchor: Cloudflare verified browser agents (background and motivation). (anchorbrowser.io)