PACT: a privacy-first anti-bot protocol under development by Cloudflare and major browsers

Cloudflare, Mozilla, Google, Microsoft, and Shopify are building a privacy-first alternative to CAPTCHAs and browser fingerprinting called Private Access Control Tokens (PACT). The protocol lets websites verify that a visitor is human or an authorised bot using anonymous cryptographic tokens, without collecting device characteristics or tracking browsing behavior. For AI builders shipping products that depend on reliable web access, PACT could reshape how legitimate automated traffic is authenticated  if the standards process moves quickly enough.

What happened

Cloudflare announced on June 22 that it is teaming up with Mozilla Firefox, Google Chrome, and Microsoft Edge to develop PACT. Shopify co-developed the technology, and the group plans to submit the protocol for formal standardisation. The protocol issues anonymous tokens stored in the browser that prove a visitor is human or an authorised bot, reducing repeated identity checks while preserving privacy. It builds on Applebcs Privacy Pass and IETF RFC 9576, extending broader browser support to address the shift toward agentic AI traffic.

Cloudflare Radar data shows automated systems now account for roughly 58 percent of HTTP requests to web content worldwide, against 42 percent from humans. Cloudflare CEO Matthew Prince noted on June 3 that agentic AI programs browsing on behalf of assistants like ChatGPT and Gemini accelerated that crossover by about 18 months ahead of his earlier predictions.

Why AI builders should care

If you build AI agents, scrapers, or any automated system that makes HTTP requests to third-party websites, PACT directly affects your access model. The protocol is designed to distinguish authorised agents from malicious scrapers. That means website operators could eventually use PACT to grant frictionless access to compliant bots without requiring CAPTCHAs, login walls, or invasive device fingerprinting.

Currently, many sites defend against bot traffic by resorting to paywalls, identity checks, or covert browser fingerprinting and extension scanning, practices that privacy advocates and regulators have pushed back against. PACT offers a standardised alternative that gives websites less data about their visitors, which could reduce false positives for legitimate agents.

Mozilla CTO Bobby Holley said an b8avalanche of automated trafficba was pushing sites toward blunt defences. Microsoft Edgebcs Erik Anderson called effective privacy-preserving tools critical to combating abuse without unnecessary user friction. For AI builders, the takeaway is clear: the industry is actively seeking a way to authenticate agents without breaking privacy, and PACT could become the standard way to prove you are a good bot.

Practical implications

PACT replaces the challenge-response loop of CAPTCHAs with cryptographic tokens issued by sites that already have strong knowledge of a visitorbcs identity. A userbcs browser stores the token and presents it to other websites as proof of human or authorised-bot status. The protocol is designed so that the token cannot be used to track users or reconstruct their browsing history.

For AI builders running automated agents, the practical shift is that you would need to work with PACT-compliant browsers or embed PACT attestation into your agentbcs HTTP stack. But no deployment timeline has been announced, and the protocol still needs standardisation and widespread adoption.

Caveats

No deployment timeline has been announced. The partners have committed to developing PACT and submitting it for formal standardisation, but turning a specification into something that works across billions of browser sessions will take time. Success depends on how quickly the standards process moves and whether websites are willing to adopt a system that gives them less data about their visitors, not more.

Additionally, PACT is designed to distinguish authorised bots from malicious ones, not to block all automation. Cloudflare itself has embraced agentic AI and cut jobs after declaring that AI agents perform work previously done by humans. Builders should not assume PACT will automatically whitelist every agent; you will likely need to meet criteria defined by token-issuing platforms.

FAQs

What is PACT and how does it work?

PACT (Private Access Control Tokens) is a proposed protocol that lets websites issue anonymous cryptographic tokens to verified visitors. The browser stores the token and presents it to other sites as proof that the visitor is human or an authorised bot, eliminating repeated CAPTCHAs or logins.

Which companies are involved in the PACT initiative?

Cloudflare, Mozilla (Firefox), Google (Chrome), Microsoft (Edge), and Shopify are collaborating on PACT. Apple already uses a related system called Privacy Pass.

How does PACT differ from traditional CAPTCHA and fingerprinting?

CAPTCHAs and fingerprinting collect user behavior or device characteristics. PACT uses cryptographic tokens that do not require harvesting device characteristics or tracking browsing behaviour.

Is PACT privacy-preserving and what data is collected?

Yes. PACT is designed to be privacy-first. The tokens are anonymous and cannot be used to reconstruct browsing history or track users across sites.

What is the status of PACT standardisation and deployment?

The partners plan to submit PACT for formal standardisation. No deployment timeline has been announced; progress depends on standards process speed and website adoption.

How might PACT affect website friction and bot verification in practice?

If widely adopted, PACT could reduce friction for legitimate traffic by replacing CAPTCHAs with silent token verification. For AI builders, this means authorised agents could access web content without being challenged, provided they carry valid tokens from recognised issuers.