Cloudflare partners with Visa and Mastercard to secure AI agent shopping

Cloudflare announced on October 24, 2025, a collaboration with Visa and Mastercard to develop security protocols for automated commerce as artificial intelligence agents begin purchasing products on behalf of consumers. The infrastructure company revealed that Visa developed the Trusted Agent Protocol while Mastercard created Agent Pay, both leveraging Web Bot Auth as the foundation for agent authentication.

"Merchants are beginning to see the promise of agentic commerce but face significant challenges," according to Rohin Lohe and Will Allen from Cloudflare. The primary concerns include distinguishing approved AI shopping agents from malicious bots, identifying whether agents represent known customers, and understanding specific instructions consumers gave to their agents.

The protocols aim to address persistent challenges in agentic commerce, where merchants struggle to control customer relationships and protect their first-party data. Amazon and Shopify collectively control more than 50% of the U.S. ecommerce market and currently block AI agents to maintain discovery ownership and protect retail media businesses racing toward $300 billion by 2030.

The Trusted Agent Protocol and Agent Pay rely on Web Bot Auth, a proposal Cloudflare shared in May 2025. Historically, agent traffic has been classified using user agent strings and IP addresses. However, these fields can be spoofed, leading to inaccurate classifications. Web Bot Auth allows agents to provide stable identifiers using HTTP Message Signatures with public key cryptography.

Both protocols present three core solutions for merchants managing agentic commerce transactions. Merchants can identify registered agents, distinguish whether interactions are intended for browsing or payment, and indicate to agents how payments are expected—whether through network tokens, browser-based guest checkout, or micropayments.

The system operates across an ecosystem of participants. Agent developers build agents to shop on behalf of consumers. These agents interact with merchants who need reliable methods to assess whether requests are made on behalf of legitimate consumers. Merchants rely on networks like Cloudflare to verify cryptographic signatures and ensure interactions are legitimate. Payment networks like Visa and Mastercard link cardholder identity to agentic commerce transactions, helping ensure transactions are verifiable and accountable.

Both Visa and Mastercard protocols require agents to register and have their public keys in well-known directories. Visa and Mastercard will host their own directories for registered agents. The newly created agents then communicate their registration, identity, and payment details with merchants using HTTP Message Signatures.

Both protocols build on Web Bot Auth by introducing a new tag that agents must supply in the Signature-Input header, indicating whether the agent is browsing or purchasing. Merchants can use this tag to determine whether to interact with the agent. Agents must also include the nonce field, a unique sequence included in the signature, providing protection against replay attacks.

An agent visiting a merchant's website to browse a catalog would include an HTTP Message Signature in their request to verify the agent is authorized to browse the merchant's storefront on behalf of a specific Visa cardholder. The signature includes components such as authority, path, creation timestamp, expiration timestamp, key identifier, algorithm specification, nonce, and tag indicating the transaction type.

Cloudflare will run validation checks for these requests. The system confirms the presence of Signature-Input and Signature headers, pulls the keyid from the Signature-Input, confirms the current time falls between created and expires timestamps, checks nonce uniqueness in the cache, validates the tag as defined by the protocol, reconstructs the canonical signature base using components from the Signature-Input header, and performs cryptographic ed25519 signature verification using the supplied key.

By checking if a nonce has been recently used, Cloudflare can reject reused or expired signatures, ensuring requests are not malicious copies of prior legitimate interactions. If the agent is browsing, the tag should be agent-browser-auth. If the agent is paying, the tag should be agent-payer-auth.

Trusted Agent Protocol and Agent Pay are designed for merchants to benefit from validation mechanisms without changing their infrastructure. Instead, merchants can set rules for agent interactions on their site and rely upon Cloudflare as the validator.

Cloudflare recently introduced support for x402 transactions into its Agent SDK, allowing anyone building an agent to easily transact using the new x402 protocol. The company will work with Visa and Mastercard over the coming months to bring support for their protocols directly to the Agents SDK. This will allow developers to manage their registered agent's private keys and easily create the correct HTTP message signatures to authorize their agent to browse and transact on merchant websites.

The implementation involves loading the final API endpoint and private signing credentials, generating required signature headers using helper functions, attaching newly created signature headers to requests for authentication, and forwarding fully signed requests to protected APIs.

Cloudflare will create new managed rulesets for customers that make it easy to allow agents using the Trusted Agent Protocol or Agent Pay. Merchants might want to disallow most automated traffic to their storefront but not miss revenue opportunities from agents authorized to make purchases on behalf of cardholders. A managed rule would make this straightforward to implement.

Website owners could enable a managed rule that automatically allows all trusted agents registered with Visa or Mastercard to access their site, passing other bot protection and WAF rules. American Express will also leverage Web Bot Auth as the foundation for their agentic commerce offering.

The protocols will continue to evolve, and Cloudflare will incorporate feedback to ensure that agent registration and validation works seamlessly across all networks and aligns with the Web Bot Auth proposal. Developers can start building with Cloudflare's Agent SDK today, view a sample implementation of the Trusted Agent Protocol, and access the Trusted Agent Protocol and Agent Pay documentation.

The announcements follow Microsoft's discontinuation of Microsoft Invest effective February 28, 2026, citing incompatibility between traditional DSP models and their vision for "conversational, personalized, and agentic" advertising futures. Independent analysis published in October 2025 questioned the commercial viability of AI shopping agents, examining eight structural challenges facing autonomous shopping systems.

The infrastructure supports merchants concerned about bot detection failures, which cost advertisers billions according to March 2025 investigations. Research analyzed over a petabyte of web traffic data across more than two million websites over seven years, finding that at least 40% of web traffic consists of fake users or computerized bots.

Cloudflare processes over one billion 402 response codes daily. This scale demonstrates existing demand for payment-required responses among content creators seeking compensation for AI training data usage. The company previously announced AI Crawl Control expansion on August 28, 2025, enabling customizable HTTP 402 "Payment Required" responses for AI crawler monetization.

For marketing professionals, these developments matter because agentic AI threatens traditional advertising models. Industry expert Ari Paparo argued in July 2025 that agentic AI could fundamentally disrupt the traditional programmatic advertising technology stack by automating campaign setup, targeting, and optimization functions currently handled by demand-side platforms.

Amazon introduced agentic AI capabilities across its seller platform on September 17, 2025, transforming Seller Assistant from a question-answering tool into an autonomous agent that monitors accounts, optimizes inventory, and manages advertising campaigns around the clock. The platform simultaneously blocks AI bots from major tech companies, explicitly disallowing OpenAI's crawler and blocking other AI bots from Anthropic, Meta, and similar companies.

The shift toward AI-mediated commerce could reshape advertising strategies across the industry. Advertising technology expert Karsten Weide suggested that "direct response advertising will fade. Brand advertising will gain in importance as we want to influence consumers before they tell their agent what to do." This transformation would prioritize brand awareness campaigns over direct response formats currently dominating digital marketing.

Research indicates training-related crawling now drives nearly 80% of all AI bot activity, representing an increase from 72% documented one year earlier. According to Cloudflare's data, this fundamental shift demonstrates how AI companies prioritize data collection over providing referral value to content creators.

Timeline

• May 2025: Cloudflare shares Web Bot Auth proposal for cryptographic authentication of agent traffic
• July 21, 2025: Industry expert warns agentic AI threatens traditional DSP business models
• August 28, 2025: Cloudflare expands AI Crawl Control with customizable HTTP 402 responses
• August 30, 2025: Amazon blocks AI bots from major tech companies amid commerce battle
• September 1, 2025: AI crawling data reveals massive imbalance in training versus referral patterns
• September 17, 2025: Amazon introduces agentic AI across seller platform
• October 6, 2025: Skepticism grows over AI shopping agents despite ChatGPT checkout launch
• October 24, 2025: Cloudflare announces partnerships with Visa and Mastercard for Trusted Agent Protocol and Agent Pay

Summary

Who: Cloudflare partnered with Visa and Mastercard to develop security protocols for agentic commerce, with American Express also adopting the framework. Agent developers build agents to shop on behalf of consumers, merchants need reliable ways to assess requests, and payment networks link cardholder identity to transactions.

What: Visa developed the Trusted Agent Protocol and Mastercard created Agent Pay, both leveraging Web Bot Auth as the foundation for agent authentication. The protocols use HTTP Message Signatures with public key cryptography to allow merchants to distinguish legitimate AI shopping agents from malicious bots, identify whether agents represent known customers, and understand specific consumer instructions.

When: Cloudflare announced the collaboration on October 24, 2025. The company shared the Web Bot Auth proposal in May 2025. Cloudflare will work with Visa and Mastercard over the coming months to integrate support into the Agents SDK.

Where: The protocols operate across Cloudflare's global network infrastructure, which processes over one billion 402 response codes daily. Developers can access Cloudflare's Agent SDK today, view sample implementations, and access documentation. Visa and Mastercard will host their own directories for registered agents.

Why: Merchants face significant challenges in agentic commerce, including distinguishing approved AI shopping agents from malicious bots and protecting customer relationships. Historically, agent traffic has been classified using user agent strings and IP addresses that can be spoofed, leading to inaccurate classifications. The protocols provide merchants with tools to verify cryptographic signatures, identify trusted interactions, and securely manage how agents interact with their sites without changing infrastructure.