The US security provider Cloudflare has introduced a new tool against automated AI agents on the web: Precursor continuously observes user sessions instead of just checking individual requests. This responds to a growing share of bot traffic, which the company claims now accounts for 57 percent of all web requests. The system has been available to all customers since July 13, 2026.
Behavioral data replaces one-time checks
According to the technical blog post by Cloudflare, Precursor continuously collects signals from the browser: mouse movements, scrolling rhythm, typing speed, clipboard usage, and the visibility duration of a tab. From these patterns, the software calculates a trust score that is continuously updated throughout the entire session – not just at the first page view. Bots that previously triggered a re-check by restarting or deleting cookies lose a common workaround, as Precursor detects inconsistencies in behavior across the entire session rather than just at a single point in time.
Customers activate the feature with a single click in the Cloudflare dashboard. A script is automatically integrated into pages already running through Cloudflare, eliminating the need for any programming effort. According to the company, Precursor only stores aggregated behavioral patterns, such as the time interval between keystrokes, but not the actual characters entered. This is intended to make Precursor privacy-friendly for operators of sensitive login and checkout pages. Cloudflare has not yet disclosed specific prices for the new feature.
Automated traffic surpasses human usage
Automated requests now account for around 57 percent of all web requests according to independently unverified claims by Cloudflare, thus surpassing human activity for the first time. The company cites AI agents as the main drivers, which autonomously fill out forms, browse content, or complete purchase processes while mimicking human behavior. SiliconANGLE also points to the growing share of AI-driven automation on the web as a trigger for the new approach.
Cloudflare’s Chief Technology Officer Dane Knecht sums up the shift: modern bots are now capable of sneaking in at the entrance, which is why the company will focus on behavior throughout the entire visit rather than a one-time check. Previous defense mechanisms like CAPTCHAs or spot checks can increasingly be solved automatically by specialized AI tools, making the switch to session-wide analyses necessary from the company’s perspective. The transition is part of a series of Cloudflare measures against AI bots, after the provider had previously introduced a purpose-differentiated control for search, agent, and training crawlers.
It will be crucial whether Precursor keeps the false positive rate for mistakenly blocked users low enough to prove itself in productive use – independent tests on this are not yet available. It also remains to be seen what costs customers will incur once Cloudflare publishes a price list, and whether competitors will follow suit with comparable session-based systems.


