AI bots can be blocked by adding their user-agent name to the disallow directive in the robots.txt file.

What Happens If I Don’t Have a Robots.txt?

Search engine web crawlers will index every page on your site. This can result in irrelevant content being indexed which can negatively impact your page rankings.

What is the Difference Between Robots.txt and Meta Tags?

Robots.txt controls access to your site at a directory level. Meta tags manage crawling and indexing behavior for individual pages.

Why Anthropic’s Connector Expansion Makes MCP Security a Business Imperative

MCP Agent trust Agentic AI

Anthropic just made it official: the AI agent economy is going mainstream.

Anthropic recently announced a major expansion of Claude’s connector ecosystem, adding a wave of consumer apps to the 200+ connectors already available in the Claude directory. The new lineup includes heavy hitters like AllTrails, TripAdvisor, Instacart, Booking.com, Uber, Spotify, and more.

These new connectors are a wake-up call for businesses that AI agents are now legitimate, first-class participants in everyday commerce and services. DataDome recorded nearly 8 billion AI agent requests in the first two months of 2026, a 5% increase QoQ and a clear indicator that agentic traffic is on the rise.

Our data further proves out the traction: MCP traffic across DataDome’s customer base skyrocketed 50x in the week following the announcement.

MCP traffic across DataDome's network following Anthropic's connector expansion

And for the security teams responsible for protecting those services, that call comes with an urgent question: who’s knocking on your door, and can you trust them?

From MCP prototype to production reality

The Model Context Protocol (MCP) was conceived by Anthropic as an open standard to enable AI agents to connect to external data, APIs, and tools. It’s the connective tissue of the agentic web, and the Claude connector platform is one of the highest-profile deployments of MCP at scale.

AllTrails and Tripadvisor are two of the brands now powering Claude’s connector experience. Ask Claude to recommend a weekend hike, and AllTrails surfaces nearby trails based on your preferences. Planning a trip? Tripadvisor delivers curated recommendations directly inside the conversation.

Both companies are also DataDome customers.

AllTrails has been running MCP traffic through DataDome’s protection layer in production since early 2026, supporting live AI agent interactions at enterprise scale. These are not hypothetical attack scenarios or lab environments. This is real agentic traffic from real AI clients interacting with production infrastructure.

When Anthropic enables a connector for AllTrails, every Claude user who installs it becomes an agent interacting with AllTrails’ MCP servers. At scale, that’s a massive, heterogeneous stream of AI-initiated requests that no traditional rules-based WAF or basic bot detection tool was designed to handle. In fact, DataDome is the first and only bot and agent trust management vendor to explicitly support MCP endpoints.

MCP: The attack surface no one is talking about

MCP servers are fundamentally different from traditional web or API traffic. While MCP is great in many ways, the protocol has no built-in authentication, rate limiting, or native session-to-client binding. This represents a gap in the protocol specification itself that can be exploited by attackers.

The result is a new but ungoverned attack surface with multiple distinct vectors:

Automated scraping through MCP tools: MCP servers return clean, structured JSON directly from backend systems, making it far easier for AI agents to scrape pricing, product catalogs, search results, and other business data at scale.
Prompt injection and tool poisoning: Researchers have demonstrated attacks in which malicious instructions are hidden inside tool descriptions or inputs to manipulate LLM behavior. The recent MCPTox benchmark found attack success rates as high as 72.8%.
Denial-of-service through rapid tool calls: AI agents automatically retry failures and can generate large volumes of valid requests, overwhelming backend systems or consuming expensive API and AI resources.
Session hijacking and replay attacks: If session tokens or credentials are exposed, attackers may be able to replay requests or impersonate trusted sessions from different clients or locations.
Unverified agent impersonation: Any client can claim to be Claude, ChatGPT, or another trusted AI agent. Without continuous verification of identity and behavior, it is difficult to distinguish legitimate AI traffic from malicious automation. DataDome’s Galileo threat research team recently reported that 80% of AI agents don’t properly identify themselves, and 80% of sites don’t verify identity.

These vectors are documented, benchmarked, and already appearing out in the wild.

DataDome MCP Protection: Security for the agentic layer

Galileo, our team of threat researchers, started tracking MCP traffic in early 2025, and DataDome announced MCP server protection as part of our Bot Protect product in October 2025.

This approach extends DataDome’s AI-driven cyberfraud platform directly to MCP servers, providing three layers of capability:

1. Real-time agentic traffic visibility

Every request to your MCP servers is analyzed in real time, with instant insight into the identity and intent of the AI agent behind the request.

DataDome collects multiple MCP-specific fields per request, such as the MCP method, tool name, client identity, and session ID. We maintain a real-time out-of-the-box catalog of verified bots and AI agents—identified, classified, and accessible to customers.

This means you can see not only that a request arrived, but also who sent it, what it was trying to do, and whether to trust it.

2. Autopilot protection at the edge

DataDome blocks malicious threats before they reach MCP servers, using adaptive AI detection to stop scraping, vulnerability scanning, prompt injections, account takeovers, and emerging attack patterns.

Customers can use the default recommended policies or define fine-grained policies by endpoint easily in their dashboard. The real-time protection doesn’t disrupt legitimate agent traffic.

3. Continuous agentic trust relationships

By verifying identity and intent for every interaction (human, bot, or AI agent), DataDome enables enterprises to make confident decisions about which agents to allow, rate limit, or block.

We provide a dynamic Agent Trust score tailored per customer that reflects identity strength, global and customer-specific behavioral patterns against expected intent, and agent reputation for every AI agent. The goal is to make the agentic economy trustworthy enough to scale.

Since then, we’ve also launched native integration support for the most popular MCP development framework for AI agents—FastMCP—enabling protection with minimal implementation effort. All this investment came with the anticipation of a moment like this.

The opportunity for early movers

Anthropic’s announcement is the kind of inflection point that companies like DataDome have been anticipating. Major consumer brands are now exposing MCP endpoints to millions of AI agent interactions per day. The attack surface isn’t theoretical anymore; it’s our customers’ backend servers or APIs that are now exposed to the agentic web.

The companies that get ahead of this won’t just be more secure. They’ll be the ones that can say yes to agentic commerce without hesitation, because they have the Agent Trust infrastructure to back it up. Consumers trust brands to shop and buy, but agents will find who’s really open for business.

DataDome is already there, protecting forward-looking brands in production.

Interested in protecting your new MCP endpoints? DataDome offers MCP Protection as part of our Bot Protect offering. Book a demo today to learn more.