The web has spent thirty years answering every knock at the door, while we teach kids never to talk to strangers. With bots and AI agents now dominating internet traffic, the CAPTCHA and fingerprinting arms race is a losing game. Cloudflare’s new Private Access Control Tokens, built with major browser vendors, point at a different model. Trusted organizations can issue anonymous cryptographic proof that a browser or AI agent has cleared a defined trust bar, without revealing identity. Like a concert wristband instead of a passport. The next version of the web starts with one rule. Don’t talk to strangers. Talk to the people, and the agents, who can prove they’re welcome.
When I was a kid, the message came from everywhere. My parents drilled it into me before I could walk to the corner alone. School reinforced it with assemblies and worksheets. Even Sesame Street had a song about it. Don’t talk to strangers. By the time I was six I could have recited it in my sleep.
It’s one of the first rules we hand to children about how the world works.
The web has spent thirty years doing the opposite.
Every second, millions of websites accept requests from anyone who knocks. They have no idea whether the visitor is a customer, a competitor, a search crawler, an AI assistant, a criminal botnet, or malware scanning for a way in. Every request gets treated as a conversation worth having until something proves otherwise.
That made sense when most traffic came from people sitting at browsers. It makes a lot less sense now.
Bots already account for a large share of internet traffic, and AI agents are piling in behind them. Some are useful. Some are hostile. Most are impossible to tell apart without expensive analysis you have to run on every single request.
So we got an arms race. Sites deploy CAPTCHAs, attackers build better bots. Sites fingerprint browsers, privacy advocates ship tools to defeat fingerprinting. Defenders block suspicious IP ranges, attackers rotate through residential proxies. Every move gets answered. Nobody ever wins.
Maybe we’ve been asking the wrong question the whole time.
We keep asking whether a visitor is behaving like a human. The better question might be whether we should be talking to this visitor at all.
Trust before conversation
Cloudflare’s recently announced Private Access Control Tokens (PACT), built with several major browser vendors, point at a different model.
Instead of forcing every website to judge each visitor on the spot, trusted organizations can issue anonymous cryptographic proof that a browser, or eventually an AI agent, has already cleared a defined bar of trust. The site doesn’t learn who you are. It learns that someone it trusts has already vouched for you.
That sounds like a small distinction. It isn’t. It changes where trust gets established and who has to do the work.
Identity without surveillance
For years we’ve tried to identify visitors by inference. Cookies, browser fingerprints, mouse movement, typing cadence, IP reputation. All of it is an attempt to guess identity from behaviour, and all of it is getting less reliable, more invasive, and easier to fake.
PACT flips that around. Rather than guessing who you are, the site receives proof that you meet a stated level of trust, and learns nothing about your identity in the process.
Think of a wristband at a concert instead of a passport at the door. The bouncer knows you belong. He doesn’t need your name.
What AI agents change
This gets more important as AI agents become real internet users rather than a novelty.
Soon your personal AI won’t just answer questions. It’ll browse, book travel, buy things, manage your calendar, cancel subscriptions you forgot about, read contracts, research competitors. Should a website treat all of that exactly like anonymous traffic from an unknown botnet?
I don’t think so. An agent could instead show up carrying proof that it’s authorized, acting for a real person, working inside defined permissions, and credentialed by a provider the site already trusts. The site still doesn’t know your identity. It just no longer has to assume every knock at the door is a stranger.
Trust becomes infrastructure
This reminds me of HTTPS in its early years. At first it looked like a slightly better way to encrypt a website. Over time it became something almost every secure interaction quietly sits on top of.
PACT and protocols like it may go the same way. Today they replace CAPTCHAs. Tomorrow they could be the layer underneath trusted AI agents, automated commerce, delegated browsing, and enterprise automation. Identity moves out of application code and into the infrastructure itself.
A better web starts with one rule
For decades we’ve built sites that answer every knock and only afterward decide whether the visitor should have been let in. That approach has gotten expensive, frustrating, and insecure.
Maybe the next version of the web starts with the advice we give our kids. Don’t talk to strangers. Talk to the people, and the agents, who can prove they’re welcome, without making them tell you who they are.
Frequently Asked Questions
What are Private Access Control Tokens (PACT)?
PACT is an emerging web standard that lets trusted organizations issue anonymous cryptographic proof that a browser, or eventually an AI agent, has cleared a defined level of trust. The website receives the proof, not your identity. Cloudflare announced it together with several major browser vendors as a foundation for trust on the web.
How is this different from CAPTCHAs or fingerprinting?
CAPTCHAs and fingerprinting try to guess whether a visitor is a real person by looking at their behaviour. Both are getting easier to fake and harder on real users. PACT skips the guessing game and accepts a cryptographic vouch from a trusted issuer, which moves the work away from your browser and away from the site.
Does PACT reveal who I am to the website?
No. The whole point is anonymous attestation. The site learns that someone it trusts has vouched for you. It does not learn your name, your account, or anything else about you. Think wristband at a concert, not passport at the door.
Why does this matter more as AI agents take over browsing?
Personal AI agents will soon browse, book travel, buy things, manage calendars, and read contracts on your behalf. Websites need a way to tell an authorized agent from an unknown bot without treating every request like a stranger at the door. PACT gives agents a way to prove they are credentialed and acting for a real person, without exposing that person’s identity.
Could PACT become as foundational as HTTPS?
It could. HTTPS started as a slightly better way to encrypt a website and ended up as the invisible layer underneath almost every secure interaction. PACT and protocols like it could play a similar role for identity and trust, sitting underneath trusted AI agents, automated commerce, delegated browsing, and enterprise automation.
