DNS Just Became Your AI Agent Bouncer: Why Identity Verification for Bots Matters Now

The Silent Invasion Nobody Talks About

Your website is being visited right now by AI agents you'll never meet. An OpenAI crawler might be extracting your content for training data. An Anthropic bot could be analyzing your product descriptions. A scrapy script from an unknown company might be probing your infrastructure for weaknesses.

And here's the kicker: you have absolutely no way to know who they are, what they're authorized to do, or whether they're legitimate.

This isn't paranoia—it's the current state of the web. Unlike human visitors who leave a digital footprint (browser type, referrer data, session cookies), AI agents operate in a grey zone. They don't identify themselves. They don't ask permission. They don't send traffic back to publishers. They just consume.

The numbers tell the story. Cloudflare reports that its customers are blocking over one billion HTTP 402 "payment required" responses per day to AI crawlers. That's not a server misconfiguration problem. That's the market screaming that something needs to change.

Meet Agent Name Service: Your AI Bouncer at the DNS Level

Instead of building another authentication layer on top of the web, GoDaddy decided to solve this problem at the foundation—DNS itself.

The solution is called Agent Name Service (ANS), and it's elegantly simple: give every AI agent a verifiable identity tied to a domain, using the exact same mechanism that websites use to prove who they are.

Think about how trust works online today. When you visit your bank's website, your browser checks an SSL certificate that proves the domain is genuine. That certificate is cryptographically linked to the domain owner's identity. It's trustworthy because there's a chain of verification.

ANS applies the same principle to AI agents. Each agent gets:

• A unique, human-readable name
• A DNS record that proves ownership
• A verifiable digital certificate
• Accountability tied to a real organization

LegalZoom made history by registering the first agent on ANS in April 2026—a legal services bot designed to connect users with attorneys. The agent's identity can be verified. If something goes wrong, there's someone to hold accountable.

The Real Shift: Infrastructure Companies Taking the Lead

What's interesting here is that the infrastructure companies—the registrars, CDN providers, and hosting platforms—are moving faster than regulators or standards bodies.

GoDaddy didn't wait for a committee to approve ANS. The company deployed it to production in November 2025 and started signing up agents. Then, in April 2026, GoDaddy partnered with Cloudflare to combine ANS with AI Crawl Control, a tool that gives website owners three options for each crawler:

1. Allow it – Unrestricted access
2. Block it – No access at all
3. Monetize it – Require payment via HTTP 402 status code

That last option is crucial. We don't yet have a robust billing system for AI content consumption. But we're laying the groundwork. The HTTP 402 response has been in the spec since 1997 and was basically never used. Now it's getting a second life as the internet's way of saying "this content has a price."

Why DNS Is the Right Foundation

You might wonder: why not build this in a new application layer? Why not create an entirely separate system?

The answer is both practical and philosophical. DNS already exists. It's already verified. It already connects agents to identities.

By anchoring AI agent identity to DNS, these standards solve a critical problem: spoofing becomes nearly impossible. An AI agent can't claim to be from OpenAI unless it has a DNS record under a domain controlled by OpenAI. The identity check happens at the infrastructure level, before the agent ever touches your website.

This is similar to how DMARC and SPF use DNS to prevent email spoofing. We're applying the same principle to the web's newest challenge.

What This Means for Your Business

If you run a website or API, here's what's changing:

For content creators and publishers: You're about to get real control over how AI uses your work. Instead of a binary choice (allow or block), you'll be able to verify who's accessing your content and potentially charge for premium access.

For API builders: AI agents will soon come with verifiable credentials. You can make smarter decisions about rate limiting, access control, and monetization based on actual identity rather than guessing.

For startups building AI agents: Your agent will need a verifiable identity to operate at scale. Think of it like getting an EIN for your bot. You'll register it on ANS, prove you control the domain, and operate with full accountability.

For enterprises: You can finally see what's hitting your infrastructure and why. That mysterious crawl pattern? Now traceable. That data extraction attempt? Now attributable.

The Broader Pattern

What GoDaddy and its consortium partners are doing isn't just about AI agents. It's about making the infrastructure layer smarter and more accountable. DNS, SSL certificates, and HTTP status codes are getting upgraded to handle problems that didn't exist when they were designed.

This is infrastructure evolution in real time. The companies that control the pipes—registrars, CDN providers, hosting platforms—are filling a gap that nobody else was moving fast enough to address.

The question isn't whether AI agents will need verified identity. That's already happening. The question is whether you'll be ready when it does.