> ## Documentation Index > Fetch the complete documentation index at: https://docs.fingerprint.com/llms.txt > Use this file to discover all available pages before exploring further. # AI agent detection > Detect and verify AI agents visiting your web properties, and distinguish them from malicious bots. AI agent detection lets you identify authorized AI agents visiting your website and distinguish them from malicious bots. It uses [Web Bot Auth](/docs/bot-detection/web-bot-auth-implementation), a cryptographic signing protocol, to verify agent identity. When Fingerprint detects an agent, it returns structured metadata, including the agent's provider, name, and the identity verification status in the `bot_info` field of the Server API response. This lets you make precise access decisions: allow authorized agents, block unverified automation, or apply different logic based on agent category and provider. ## How verification works 1. The agent signs its HTTP requests using a private key. 2. Fingerprint retrieves the agent's public key from a directory hosted at a known URL. 3. Fingerprint verifies the signature and returns an `identity` value in `bot_info`. The `identity` value reflects the outcome of the verification: | Value | Meaning | | ---------- | -------------------------------------------------------------------------------------------------------------- | | `signed` | Signature verified against the agent's public key directory | | `verified` | Signature verified, and the agent is operated exclusively by its vendor (not configurable by vendor customers) | | `unknown` | Agent recognized, but no verifiable identity was presented | | `spoofed` | Agent presented an identity that failed verification | ## API response When Fingerprint detects a bot or agent, the [Server API](/reference/server-api-v4-get-event) response includes the following fields: | Field | Type | Description | | ---------- | ------ | ------------------------------------------------ | | `bot` | string | `good`, `bad`, or `not_detected` | | `bot_type` | string | Additional classification, e.g. `ai_agent` | | `bot_info` | object | Extended metadata for recognized agents and bots | The `bot_info` object contains: | Field | Description | | ---------- | -------------------------------------------------------------------------------------------------------------------------------------- | | `category` | Agent category, e.g. `ai_agent`, `ai_browser`, `browser_automation` ([full list](/docs/bot-detection/bot-directory#bot_info-metadata)) | | `provider` | The organization that operates the agent, e.g. `OpenAI` or `AWS` | | `name` | Human-readable agent name, e.g. `ChatGPT Agent` | | `identity` | Verification status: `signed`, `verified`, `unknown` or `spoofed` | `bot_info` is available in Server API v4 and only when Fingerprint recognizes the agent or bot. See the [Server API reference](/reference/server-api-v4-get-event#response-bot-info) for the full schema. ## Supported AI agents The following agents are currently detected and return `bot_info` metadata: | Name | Provider | Category | Identity | | ----------------- | ----------- | ------------ | -------- | | ChatGPT Agent | OpenAI | `ai_agent` | `signed` | | Bedrock AgentCore | AWS | `ai_agent` | `signed` | | Browserbase Agent | Browserbase | `ai_agent` | `signed` | | Manus Agent | Manus | `ai_agent` | `signed` | | AGI Agent | AGI Inc | `ai_agent` | `signed` | | Anchor Browser | Anchor | `ai_browser` | `signed` | For the full list of all detectable bots and agents, see the [Bot Directory](/docs/bot-detection/bot-directory). ## Using detection results The `bot` field (`good`, `bad`, `not_detected`) is a legacy signal. For AI agents and other recognized bots, use `bot_info.identity` instead, as it provides more precise, actionable information. Note that `identity` is only available for well-known bots and agents in the [Bot Directory](/docs/bot-detection/bot-directory). Some generic browser automation tools (Selenium, Playwright, headless Chrome, etc.) will not have a `bot_info` entry and should be handled using the `bot: bad` signal. | Scenario | Suggested action | | -------------------------------------- | ------------------------------------------------------------------------------------------ | | `bot_info.identity: verified` | **Allow**: agent identity is confirmed and safety verified | | `bot_info.identity: signed` | **Allow**: agent identity is cryptographically verified | | `bot_info.identity: unknown` | **Apply custom logic**: agent is recognized but unverified | | `bot_info.identity: spoofed` | **Review**: verification failed, which may indicate misconfiguration or malicious spoofing | | `bot` is `bad`, no `bot_info` (legacy) | **Review or Block**: unrecognized and potentially malicious automation | ## Next steps Full list of detectable bots and agents Cryptographically sign your agent to verify identity Submit your agent or bot to the Fingerprint Bot Directory