AWS has published a technical guide explaining how Web Bot Authentication (WBA) in AWS WAF Bot Control authenticates legitimate AI agent traffic using cryptographic signatures.
Instead of relying on IP addresses or user-agent strings, WBA verifies bot identities through open IETF standards, making it harder for attackers to spoof trusted AI agents. Verified requests are automatically recognized by AWS WAF, while security teams gain granular control through WAF labels to monitor and manage automated traffic.
The guide also includes implementation steps for signing requests, enabling organizations to secure AI-powered applications without disrupting trusted agent access.




