Reduce Captchas for Agents ai to browse the web with Web BOT Author (preview) on Amazon Bedrock Agentcore Browser

AIDs need to search the web on your behalf. When your agent visits a website to collect information, fill out a form, or verify data, they encounter the same protections designed to stop unwanted bots: Captchas, rating restrictions, and transparent blocks.

Today, we're excited to share that AWS has a solution. Amazon Bedrock's Alentcore Browser, our secure, cloud-based browser for Agents ai to interact with websites, now supports Web BOT Author (in preview), a draft IETF rule that gives agents to authenticate cryptographic identities.

Captcha Fung

Customers tell us that the CAPTCHA requirement is one of the biggest hurdles in the browser-based agent-based agency. Your agent pauses a task, waiting for human intervention to solve a puzzle that proves you're not a bot – unless your agent is a bot, and that's the point. Captchas exist for a good reason. Websites are constantly facing challenges to protect content, innovation and updating. WEB application firewall (WAF) and BOT detection services protect these sites, but they treat almost all automated traffic as suspicious because they have no reliable way to distinguish legitimate agents.

Some automation providers are trying to solve Captchas systematically – using Computer Vision models to read reverse text or clicking through grids of images until the puzzle comes down. This method is brittle, expensive, and transfers the controls intended for domain owners to their content. Other methods depend on the assignment of IP permissions or user strings. IP Survists Break when you run agents in cloud environments where addresses look up frequently. User-agent threads can be tampered with by anyone, so they don't provide authentication, and it's dangerous for people who don't trust trusted threads. Both of these methods require linking the text to every website you want to access, no matter what.

Web Bot Author: A cryptographic identity that represents web browsing

Web BOT Author Draft IETF Protocol that provides authenticated agents with cryptographic identities. When you enable Web BOT Author in Agentcore Browser, we issue cryptographic credentials that websites can verify. The agent presents these guarantees with each request. A WAF can be added to check the signature, verify the match with a trusted directory, and allow the request if the bots are verified by the domain owner and other WAF checks are clear.

AgentCore works with Cloudflare, Human Security, and Akamai Technologies to support this authentication flow. These providers protect millions of websites. When you create an Agentcore browser with signing enabled in the configuration, we automatically register your Agent's Signature directory with these providers. Many domains have already configured their wafs to allow auto-verified bots, which means you can see Captcha reductions immediately without additional setup in cases where this happens.

Domain Ownership Access How Domain

Waf providers offer website owners three levels of control using Web BOT Author:

• Block all bots – Some sites choose to block automated traffic entirely. Web BOT Author does not override this – if the domain does not want to be accountable, that choice is respected.
• Allow verified bots – Most domains configure their waf to allow any bot that accepts a cryptographic signature. This is the default policy for a growing number of sites protected by Cloudflare, human security, and Akamai technology. When you enable signing, as a parameter in the Agentcore browser configuration, this policy will apply to your agents.
• Allow certain bots that are verified to perform only certain actions – For example, a financial services company that has automated portal veral access can share its unique directory with those vendors. A merchant can create rules such as “Allow FINCO agents for 100 requests per minute, do not allow them to create new accounts, and block all other signed agents.” This provides websites with portability while retaining the benefits of cryptographic authentication.

Today's preview release of Web Both Auth Support in Agentcore Brown helps reduce conflicts with Captchas on domains that allow authenticated bots, by making your agent appear as an authenticated bot. When the Web BOT Author Protocol is completed, Agentcore intends to change customer-specific keys, so Agentcore users can use a Tier of Control that only allows authenticated bots.

You use the Web BOT Author Protocol

To enable the browser to sign requests using the Web BOT Author Protocol, create a browser tool with browserSigning Configuration:

import boto3
cp_client = boto3.client('bedrock-agentcore-control')
response = cp_client.create_browser(
    name="signed_browser",
    description="Browser tool with Web Bot Auth enabled",
    networkConfiguration={
        "networkMode": "PUBLIC"
    },
    executionRoleArn="arn:aws:iam::123456789012:role/AgentCoreExecutionRole",
    browserSigning={
        "enabled": True
    }
)
browserId = response['browserId']

Pass the browser pointer to your agent directory. Here is an example using strands agents:

from strands import Agent
from strands_tools.browser import AgentCoreBrowser
agent_core_browser = AgentCoreBrowser(
    region="us-west-2",
    identifier=browserId
)
strands_agent = Agent(
    tools=[agent_core_browser.browser],
    model="anthropic.claude-4-5-haiku-20251001-v1:0",
    system_prompt="You are a website analyst. Use the browser tool efficiently."
)
result = strands_agent("Analyze the website at ")

The agent is now configured to use the new browser tool that signs the entire HTTP request. Websites protected by Cloudflare, human security, or Akamai technology can verify the signature and allow the request without presenting a Captcha, if the domain owner allows verified bots.

Protocol Development

The Web BOT Author Protocol is gaining industry momentum because it solves a real problem: Legal automation is immune to abuse without authentication without authentication. You can read the standard protocol specification, HTTP message signatures for commercial traffic. The architecture of that architecture describes how agents generate signatures, how Wufs verifies them, and how key indicators enable discovery. Amazon works with Cloudflefre and many preferred suppliers of WAF to help complete the special formation of customers and work on the finalization of the draft.

Lasting

Agentrore eBedrock Agentcore browser is usually available, with WOB BOT Author auth available in preview. Agentcore Browser Sighting applications are applications that use the Web BOT Author Protocol Help to reduce conflicts with CAPTCHA on all domains that allow authenticated bots. As the protocol finalizes, AgentCore Browser intends to issue customer-specific keys and directories, so you can prove your agent's identity to specific websites and establish trust relationships directly with the domains you need to access.

Web BOT Auth Enables agents to authenticate themselves when challenged, reduces operational conflicts in automated workflows, and gives website owners control over their resources. Amazon Bedrock Agentcore browser support for Web BOT Author (Preview) provides the infrastructure layer that makes this possible.

About the writers

Veda Raman Development of specialized solutions for manufacturing AI and machine learning on AWS. Veda works with clients to help Arcet Macege appropriate, secure, and machine learning applications. Veda is looking at generative ai services like Amazon Bedrock and Amazon SageMaker.

Kosti Vasilakakis AWS principal PM on the Agentic AI team, where he led the design and development of several alentrock alentcore services from the ground up, including runtime, browser, code translator, and code ownership. He previously worked at Amazon SageMaker from its early days, introducing AI / ML capabilities that are now used by thousands of companies around the world. Earlier in his career, Kosti was a data scientist. Outside of work, he builds personal dynamics, plays tennis, and enjoys life with his wife and children.

Joshua Samuel Building high-end AI / ML solutions on AWS that accelerate business transformation through AI / ML, and manufacturing AI solutions, based in Melbourne, Australia. A passionate distraction, he looks for agentic ai techniques and code – anything that makes builders faster and happier.