Skip to content
Tech News
← Back to articles

Cloudflare teams up with Chrome, Edge, and Firefox to tackle bot traffic without CAPTCHAs

2026-06-23 | original
read original more articles
Why This Matters

The collaboration between Cloudflare and major browser vendors to develop PACT represents a significant advancement in online security and privacy. By enabling websites to distinguish legitimate users from bots without compromising user anonymity, this initiative addresses the growing challenge of sophisticated AI-driven automated traffic, enhancing both user experience and security for consumers and the industry alike.

Key Takeaways

In brief: Cloudflare is working with the makers of Chrome, Edge, and Firefox on a new way for websites to tell whether incoming traffic is legitimate – without resorting to the usual mix of CAPTCHAs, logins, and extra tracking. The system is called Private Access Control Tokens, or PACT, and it arrives at a time when bots have surpassed human traffic online.

Cloudflare says it's developing the protocol with Mozilla, Google, Microsoft, and Shopify, with the group planning to submit it for standardization.

The basic idea is that sites with strong knowledge of "personhood" can issue anonymous tokens. A user's browser can then present those tokens elsewhere as proof that a human is involved, or that an automated agent is acting on behalf of one, without revealing the person's identity or browsing history.

As The Register notes, PACT can be thought of as something like a reusable, privacy-preserving CAPTCHA result, except the question is not simply whether the visitor is human. It is whether the traffic should be welcomed.

In theory, that means a website gets a useful signal without learning who the user is, which other sites they have visited, or who has already vouched for them.

Earlier this month, Cloudflare CEO Matthew Prince said bots now make up around 56% of all internet traffic, with the figure reaching as high as 62% during one week. He previously expected bots to overtake humans near the end of 2027, only for the crossover to arrive sooner.

– Matthew Prince 🌥 (@eastdakota) June 3, 2026

The rise of AI agents is a big part of the problem. Traditional bot defenses were built for search crawlers, spam networks, credential stuffing, and other obvious automated abuse. But newer agents can browse pages, compare products, fill out forms, and carry out tasks on behalf of real users, making them harder to classify with older tools.

"As AI-powered traffic becomes widespread, existing tools to support its use are too generic and coarse," said Dane Knecht, CTO of Cloudflare. "Now this collaboration lets us eliminate the friction caused by security protocols for every visitor – whether they are human or agent – without sacrificing privacy."

PACT is meant to offer something more nuanced than blocking anything that looks automated. The GitHub proposal describes use cases such as frictionless challenges, private access control, and local browser AI agents operating under a user's supervision. It also stresses that the system should not exclude particular devices or browsers, nor reveal information about the user.

... continue reading

Explore topics: cloudflare chrome firefox private access control tokens bots
Related:
Chrome autofill has some new tricks to save you from re-entering data on your phone
Taika Waititi brings more dramatic tone to Klara and the Sun trailer
Build a smarter home security setup this Prime Day with Botslab
New Paper Proposes What Really Causes AI Psychosis
GM Installs Robots At Flagship EV Factory After Laying Off 1,300 Workers

© 2026 GoKawiil

About | Editorial Policy | Contact