AI bots can be blocked by adding their user-agent name to the disallow directive in the robots.txt file.

What Happens If I Don’t Have a Robots.txt?

Search engine web crawlers will index every page on your site. This can result in irrelevant content being indexed which can negatively impact your page rankings.

What is the Difference Between Robots.txt and Meta Tags?

Robots.txt controls access to your site at a directory level. Meta tags manage crawling and indexing behavior for individual pages.

Agent Trust at DataDome: The AI Control Plane for Managing Your Agentic Traffic

Agent trust Agentic AI

The agentic hype right now is at a peak. What’s clear is the potential of the agentic economy that is nearly upon us.

For security teams, AI agents aren’t a “next year” problem because they’re already in use—touching product pages, logins, accounts, checkout flows, and APIs at machine speed. In the first two months of 2026, DataDome’s network processes nearly 8 billion AI agent requests.

For most enterprises, the big issue is visibility. Many security teams are flying blind, unable to understand what agentic AI traffic they have, and unable to distinguish between AI traffic that drives value and AI traffic that causes harm. That can result in a triple whammy: lost revenue, higher fraud risk, and higher operating costs.

Agentic AI traffic forces enterprises to challenge their existing security posture and transition from providing protection against automated bots to establishing trust relationships with humans, bots, and AI agents.

That’s why, starting in Q1 2025, we designed and built Agent Trust as a key component of DataDome’s core bot management solution. We originally released AI agent & LLM crawler visibility and control, and have continued to add innovative new features since then. And we’re not stopping now.

In fact, Forrester has recognized this important transition with an updated category name in its latest Landscape Report, The Bot And Agent Trust Management Software Landscape, Q4 2025, which we reflect on as well.

What is Agent Trust?

Agent Trust is DataDome’s capability to identify, classify, score, and govern the behavior of agentic AI traffic interacting in real time with your digital assets.

Not “block all automated bots and AI agents.” Not “allow all bots.” Governance means visibility, real-time decisions, and policy control you can run day to day.

How Agent Trust works: Identity and intent verification

Agent Trust is built on two main verification pillars:

Identity: who or what is making the request(s)?
Intent: what are they trying to do?

For identity verification, DataDome assesses the strength of agent identification and agent reputation based on multiple signals collected for every request. The level of trust we assign to an AI agent’s identity is determined by the strength & integrity of its chosen authentication method, including DNS & IP ranges, client & server-side signals, cryptographic signatures like Web Bot Auth, and frameworks like Know Your Agent (KYA). Agent providers can also request verification & addition to our catalog through our self-service portal.

Some vendors hang their hats on agent identity alone to determine trust. That’s a mistake. Verifying agent identity doesn’t ensure legitimate traffic and shouldn’t unlock a “hall pass” for all transactions. According to the DataDome Galileo threat research team, 80% of AI agents don’t properly identify themselves, and 80% of websites are vulnerable to AI agent spoofing.

Agents can easily be spoofed, hijacked, or misdirected by determined fraudsters. And, just as you would let a bank customer use the ATM but not enter the vault, agentic access needs to be constrained by business logic. Intent also matters, but it’s a tough thing for many vendors to determine.

DataDome assesses agentic intent by focusing on what agents are actually trying to accomplish in your environment in real time. We analyze observed behavior by examining every click, request pattern, and interaction throughout the full user session and customer journey. Every digital interaction with an AI agent is authenticated, accountable, and aligned with legitimate business value and terms of service.

Bad intent, on the other hand, can look like evasive behavior, anomalous and unauthorized content or login requests, and vulnerability scanning.

Agent Trust in action: Three core capabilities

Visibility that you can act on

Agent Trust provides continuous detection and visibility into AI agents so you can classify what you’re seeing and determine how to treat that traffic, including what it is allowed to do and access.

DataDome buckets agentic AI traffic into four categories—AI Crawler, AI Assistant, Agentic Browser, and Autonomous Agent—because “acceptable” behavior depends heavily on the agent type.

AI agent analytics

Dynamic trust scoring (not a static allowlist)

DataDome generates a global Agent Trust score on a 100-point trust scale for every AI agent, tailored per customer and network-informed. It’s based on identity strength, agent reputation, and global plus customer-specific behavioral intent. Because we assess 100% of requests, there are no gaps or missing links, and we update scores and enforce policies dynamically.

DataDome's Agent Trust score

Policies that scale, from out-of-the-box to custom rules

Agent Trust needs to apply policy in real time to be effective. DataDome enables easy-to-use controls to govern AI agents interacting with your business. This includes:

Out-of-the-box (OOTB) policy: Use default, recommended policy applied automatically, based on Agent Trust score and reconfigurable in 1-click.
Endpoint-specific policy: Assign policy responses by agent and endpoint for more fine-grained control, with intent-based decisioning.
Custom rules: Define specific custom policies for an AI agent, verified bot, or user accounts, using 60+ traffic attributes together.

DataDome' Agentic Trust capabilities

The outcome: let verified and trusted AI agents interact and transact seamlessly, while blocking malicious or untrusted agents that increase risk.

Why CISOs care: Agentic abuse threats are real

Agentic abuse is a new threat type that DataDome detects, classifies, and surfaces globally in our threats overview dashboard, along with others like scraping, L7 DDoS, ATOs, and payment fraud.

This includes any agentic traffic that exhibits malicious behavior, as well as any traffic that exhibits malicious behavior with endpoints using agentic protocols. This exposure will grow further with the explosion of MCP-enabled endpoints that can come online unprotected.

DataDome’s Galileo threat research team has already documented several instances of attackers hijacking trusted agent identities, including OpenAI used for SQL injections, Comet Browser used for fake account creation, and Meta-ExternalAgent used as a vulnerability scanner.

3 questions to assess your agentic exposure

If you want a quick gut-check of your agentic exposure, start here:

Which AI agents are hitting our most sensitive endpoints (login, checkout, account changes, MCP servers)?
How strong is their identity—and do we have cryptographic verification where available (e.g., Web Bot Auth)?
Do their actions match our business intent, or are we seeing patterns that look like automated fraud?

If you want to go even deeper, download our Guide to Readying Your Business for Agentic Commerce.

Take control of your agentic traffic today

Several other vendors are beginning to offer Agent Trust capabilities. When evaluating solutions, focus on critical factors like detection accuracy, end-to-end performance, and usability.

But here’s what most vendors won’t tell you: the price. DataDome publishes transparent pricing on our pricing page. No other vendor shares this information openly. All of our Agent Trust capabilities are included in every Bot Protect plan, from Essentials to Enterprise, at no additional cost.

To see DataDome’s Agent Trust capabilities in action, book a demo here.