Cloudflare is introducing two proposals for bots and agents to authenticate themselves: HTTP Message Signatures and request mTLS. These mechanisms aim to provide a tamper-proof way for bot owners and developers of AI agents to identify themselves, allowing site owners to control the traffic they allow. HTTP Message Signatures rely on a standard that defines the cryptographic authentication of a request sender, while request mTLS uses the TLS Flags extension to convey signatures between clients and servers. Both approaches aim to address the limitations of existing bot verification mechanisms, such as user agent headers and IP addresses, which are easily spoofable or prone to change. By adopting these standards-based approaches, developers can ensure that their bots and agents are authenticated in a reliable manner, empowering site owners to monitor automated requests and improve the overall security of the Internet.