{"data":{"id":"72eff57c-faf3-437f-96a1-a50978d31fe5","title":"Authenticate legitimate AI agent traffic with AWS WAF Bot Control","summary":"AWS WAF Bot Control now includes Web Bot Authentication (WBA), a security feature that uses cryptographic signatures (mathematical verification codes created with public and private keys) to confirm that automated bot traffic comes from legitimate sources. Traditional methods like IP-based filtering fail in multi-tenant systems (shared environments where many different services use the same IP address) where attackers can easily fake their identity, but WBA solves this by having bot operators sign their requests with cryptographic keys that AWS WAF can verify at the edge.","solution":"AWS WAF Bot Control implements Web Bot Authentication (WBA) using asymmetric cryptography and HTTP Message Signatures (RFC 9421). The solution works through: (1) Bot registration, where bot operators publish their public keys in a signature directory that AWS WAF regularly polls; (2) Request signing, where each bot request is signed using the operator's private key following IETF standards; (3) Verification, where AWS WAF verifies signatures against known public keys and appends labels (verified, invalid, expired, or unknown_bot) to allow granular control through WAF rules. AWS WAF Bot Control respects WBA verification status by default, automatically allowing verified AI agent traffic.","labels":["security"],"sourceUrl":"https://aws.amazon.com/blogs/security/authenticate-legitimate-ai-agent-traffic-with-aws-waf-bot-control/","publishedAt":"2026-07-14T15:18:42.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","Amazon Bedrock","AWS WAF Bot Control"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-14T15:18:42.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}