Cloudflare announced an initiative to create a privacy-preserving protocol called PACT that aims to standardize the management of agentic AI, with the end goal of reducing friction for users and websites. The new protocol will make it easier for AI bots to interact with websites by proving there’s a human in the loop, thereby enabling AI agent functionality while locking out the bad bots websites don’t want.
Cloudflare underlies a major part of the Internet’s infrastructure and increasingly provides infrastructure for AI agents, including systems that can host and block AI bots.
For example, Cloudflare has launched Cloudflare Agents, a framework that enables developers to deploy AI agents. Its infrastructure interacts with local LLMs through Cloudflare Tunnels, OpenClaw features native integration with Cloudflare AI Gateway, and Chinese LLMs can also be routed through Cloudflare’s gateway. Many of its services, like Temporary Cloudflare Accounts, are free.
It makes strategic sense that Cloudflare is taking a leading role in advancing PACT because the protocols and systems will manage the agentic AI bots that its systems increasingly host.
Browsers And Shopify Are On Board
Browser makers Google Chrome, Microsoft Edge, and Mozilla Firefox have signed on to help develop the new open protocol. Shopify was also mentioned in the announcement as a participant.
Ilya Grigorik, formerly an engineer and developer advocate at Google, led the Chrome User Experience Report (CrUX) launch and is now a Distinguished Engineer and Technical Advisor at Shopify. He explained that PACT is a way to help merchants increase sales while protecting ecommerce stores from abusive bots. He said that users will be able to take advantage of agentic AI features without sacrificing privacy control.
Grigorik explained:
“In commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart. Merchants need effective protections against automated abuse, but buyers shouldn’t have to pay for them with unnecessary friction or invasive tracking. Shopify is proud to help develop PACT as an open, privacy-preserving standard that can help the millions of businesses on our platform distinguish legitimate shoppers and authorized agents from abusive traffic while preserving buyer privacy.”
Private Access Control Tokens (PACT)
Cloudflare’s announcement was opaque about how the new system works, using jargon “like sites with strong knowledge of ‘personhood’” to describe how the system works.
Cloudflare explained:
“Private Access Control Tokens (PACT) are designed to allow sites with strong knowledge of “personhood” to issue anonymous tokens. A user’s browser can then provide these tokens to other sites to prove that a human is in the loop, reducing the need for annoying and clunky captchas or invasive tracking. PACT is designed so that sites cannot leverage it to track or identify users or their browsing history.”
PACT is backed by many of the major browser makers and Shopify is already on board with it. It’s not currently rolling out, and no timeframe has been announced for the new protocol, but Cloudflare sees PACT as another way to tie the world’s agentic AI to its infrastructure:
“Using PACT on Cloudflare’s network raises the bar for trustworthiness and integrity online without the traditional costs.”
Unanswered Questions
PACT is not a product or service, it’s a protocol for managing AI agent trust across the entire Internet. Cloudflare positions its infrastructure at the center of it: “PACT on Cloudflare’s network raises the bar for trustworthiness and integrity online without the traditional costs.”
Major browser makers Google Chrome, Microsoft Edge, and Mozilla Firefox are participating in the development of PACT, positioning it as a protocol that could become part of the web’s underlying trust infrastructure in relation to AI agents. This is important because protocols dictate the borders, rules, and control of an entire ecosystem.
The goal of this new protocol is to foster trust while ensuring user privacy. Cloudflare benefits by gaining more control over the AI agent infrastructure.
PACT Leads To A Post-CAPTCHA Internet
An inherent quality of PACT is that it leads the web beyond traditional anti-bot defenses like CAPTCHAs, forced logins, browser fingerprinting, and invasive tracking. Those approaches were designed for a human web where links are clicked. Agentic AI with humans in the loop changes what’s going on because now bots are anticipated to take on the roles that web was built for. That is the problem that the PACT standard is meant to solve, a new way to propagate trust on the agentic web.
Who Defines Personhood?
Cloudflare says sites with strong knowledge of “personhood” will issue anonymous trust tokens, but it does not explain who those issuers will be. Will that be the ecommerce sites? Will that be Cloudflare issuing the trust tokens? That important detail was left out of Cloudflare’s announcement. It sounds like a third-party trust signal which means that the gatekeeping could be shifting away from individual websites and toward the platforms, browsers, and infrastructure providers that decide which humans, bots, and AI agents are recognized as trustworthy.
Featured Image by Shutterstock/selinofoto
