Summarize this article with
A few months ago, we launched AI Agent Detection because the web was starting to look very different from the one most of our customers had built for. Autonomous agents — browsers driven by AI models rather than people — were starting to book flights, fill out forms, and make purchases on behalf of real users. We wanted teams to be able to see those agents clearly, decide what to do with them, and stop treating "traffic" as if it were all one thing.
That was the first piece of the picture. Today we're adding the next.
AI Assistant Detection is currently in beta. It identifies HTTP-level traffic from AI assistants — OpenAI's ChatGPT, Google's Gemini (including Gemini Deep Research), and Anthropic's Claude at launch — and hands your application a clean verdict about who's really on the other end of the request. Using Fingerprint’s recently released no-code deployment method for Cloudflare users, Cloudflare customers can deploy at the edge using their existing Cloudflare footprint, so you can use it to route, gate, or personalize before a single line of your application code executes.
If AI Agent Detection answered "is AI driving this browser right now?", AI Assistant Detection answers a different but equally important question: "is this request actually coming from the AI assistant it claims to be coming from?"
Assistants are the next layer of AI traffic
AI agents get most of the headlines, but AI assistants move a lot more traffic through the web today. Every time someone asks ChatGPT to summarize a page, Gemini to do deep research on a topic, or Claude to pull details from a product catalog, the assistant fans out into a set of HTTP requests that hit real websites. Those requests are the new referral traffic — and for a growing number of our customers, they're already a non-trivial share of what shows up in the logs.
The problem is that assistant traffic is surprisingly easy to fake, and attackers have noticed. Scrapers and low-quality bots have figured out that "user-agent: ChatGPT-User" is a fast pass through a lot of bot defenses, because operators don't want to block a legitimate assistant and accidentally cut themselves off from a new discovery channel. Radware's threat intelligence team recently warned that malicious actors are already deploying bots that impersonate legitimate AI agents from OpenAI, Google, Anthropic, and xAI - and rated several of today's top providers' identification methods as "trivial to spoof," because they rely on a user-agent string alone, with no published IP ranges to verify against. And Cloudflare publicly called out a case last year where a well-known AI company was observed routing through residential IPs and rotating user-agents to keep scraping sites that had asked it to stop.
In other words, the useful signal and the abusive signal are wearing the same clothes. When a spoofed assistant gets through, it inherits the trust you built for legitimate traffic and can scrape at scale, bypass rate limits, and abuse your systems without being detected. If your only tool is a user-agent header, you end up choosing between two bad options — let everyone through and inherit the abuse, or block everyone and lose the real assistant traffic you actually want.
That's the gap we built AI Assistant Detection to close.
What we built
Under the hood, AI Assistant Detection is an edge-level verification layer. For each incoming request, Fingerprint evaluates a combination of signals — the claimed identity in the user-agent, the originating IP, reverse DNS, and the provider's published ranges — and returns a verdict you can act on.
The output is straightforward. If the request is a verified AI assistant, you get back the provider, the specific assistant, and a confidence signal. If the request is claiming to be an assistant but can't be verified, you get that too. We've folded this into the same bot_info object our customers already use for AI Agent Detection, with a richer taxonomy — category, provider, name — so you can write policies at whatever granularity makes sense for your application. "Allow any verified assistant" is one line. "Allow ChatGPT and Gemini but not Claude" is another. "Challenge anything claiming to be an assistant that we can't verify" is another.
We currently support the three assistants that account for the overwhelming majority of assistant traffic today: ChatGPT (including ChatGPT-User and the OAI-SearchBot surface), Gemini for both user-initiated and Deep Research flows, and Claude (ClaudeBot and Claude-User). We're already adding Microsoft Copilot, xAI Grok, and a handful of others — including OpenClaw — over the next quarter. And because detection runs at the edge, there's nothing to install on the page. It works for your APIs, your marketing site, your checkout — anywhere a request comes in.
What this unlocks
We didn't build this just to block bad traffic, though it does that well. We built it to give our customers the ability to design for assistant traffic instead of just reacting to it.
A few of the patterns we're already seeing:
Answer Engine Optimization that actually works. If you want your content to show up well in ChatGPT and Gemini answers, step one is making sure verified assistants can actually reach it. Teams are using AI Assistant Detection to allow verified traffic through caching, paywalls, and bot challenges that would otherwise filter it out — without opening the same door to spoofers.
Cleaner analytics. Assistant traffic has very different intent from human traffic. When a product page gets 10,000 hits from a Deep Research crawl, that's interesting — but it's not ten thousand shoppers. Customers are splitting these streams in their analytics so conversion rates, A/B tests, and top-of-funnel metrics stop getting distorted.
Fraud and abuse prevention. The inverse is just as valuable. If something claims to be ChatGPT but our signals say it isn't, that's a strong abuse indicator on its own. Teams running account creation, checkout, and scraping-sensitive endpoints are using the "unverified assistant" verdict as a high-confidence block or step-up trigger.
Differentiated experiences. One pattern we expect to emerge is teams serving verified assistants structured summaries, machine-readable pricing, and citation-friendly markup — meeting each visitor in the format that works for them.
Agents plus assistants: the full picture of AI traffic
AI Agent Detection and AI Assistant Detection are designed to be used together. They solve adjacent problems, and together they give you a complete view of the AI traffic hitting your site.
AI Agent Detection is a browser-side signal — it tells you when a model is piloting a real browser session, typing, clicking, and navigating like a user. It's how you handle Operator, Anchor Browser, Browserbase, and the growing class of agentic products that act through the browser. AI Assistant Detection is an edge signal — it tells you when an assistant's backend is fetching your content directly, via HTTP. The first is about sessions; the second is about requests. One without the other leaves a blind spot.
Because both surfaces share the same bot_info schema and feed into the same Flow rules, writing a unified policy is simple. "Always allow verified assistants, challenge unverified ones, and require extra verification on agent-driven sessions at checkout" is a realistic rule set — and it took us about five minutes to write for our own demo environment.
The future is a hybrid web
When we started Fingerprint, identifying a visitor meant identifying a human sitting at a keyboard. That assumption is already outdated. The web your application serves in 2026 is a mix of humans, agents, and assistants, and the share of non-human-but-legitimate traffic is climbing fast.
That changes what "identify the visitor" has to mean. It is no longer enough to separate humans from bots. Developers need to know which non-human traffic is legitimate, which provider it belongs to, and what the right response is for each category. Block everything non-human and you cut yourself off from a real discovery channel. Let everything through and you inherit the abuse that rides in behind it.
AI Assistant Detection is the piece of that picture that works at the HTTP layer. AI Agent Detection is the piece that works at the browser layer. Together, they cover the two places AI traffic actually touches your application. That is the foundation we are building on, and we will keep extending it as more assistants and standards come online, including Web Bot Auth and authorized agent identity.
If you are already a Fingerprint customer with Bot Detection, AI Assistant Detection is included at no additional cost. Contact our support team to get started. If you are not yet a Fingerprint customer, you can start for free or talk to our team about how it fits into what you are building.
