For bot-defense vendors
Your detection engine is excellent at telling humans from bots. It struggles to tell *good* bots from *bad* bots — because by behavior alone, they look the same. Customers complain when their shopping assistants get blocked. Scalpers get through eventually anyway. The structural limit isn't the engine; it's the input signal.
AgentPKI is the positive signal you don't have today. Bots that bothered to identify themselves arrive with cryptographic passports + declared intent. Your engine gains a new high-precision class: "verified bot, intent matches site policy → allow." Heuristics still catch the rest.
Not "ask your customer to deploy our protocol." This is "ingest one more signal in your existing product."
"Customer's shopping assistant got blocked" is the #1 enterprise support ticket in bot management. A verified positive signal lets you allow these without lowering protection against unknown bots.
First major vendor to integrate verified-bot identity is the one that gets the press cycle, the analyst report, the case studies. Three of the top six aren't shipping anything in this category yet.
Claude Computer Use, OpenAI Operator, Microsoft Copilot Agents are mass-launching in 2026. Their traffic to your customers' sites will explode. You're either the vendor that handles it well or the one that gets replaced.
Lightweight. We're a vendor-neutral protocol; your detection engine remains your IP. The integration adds one feature to the request analysis pipeline.
Look for an Agentpki-Token request header or query parameter. Most agents will adopt one of these conventions; the protocol is header-agnostic.
Call verify.agentpki.dev/v1/verify with the passport + the site as intent_check.site. p50 ~50ms. Or run your own verifier on the protocol open spec — we provide the reference impl.
Verdict allow + intent matches site policy → promote to your verified class. Verdict deny or no passport → continue through your existing detection logic.
The partnership shape
