Security

Cloudflare Launches Precursor: AI Bot Detection Through Behavior

2 min read
Laptop screen with Cloudflare dashboard visualizing a browser session with mouse movement and scroll tracking lines Image generated with GPT Image 2
Laptop screen with Cloudflare dashboard visualizing a browser session with mouse movement and scroll tracking lines

TL;DR Too Long; Didn’t read

Cloudflare has been combating automated AI bots since July 13, 2026, with a new behavior guardian called Precursor. Instead of individual checkpoints, the software evaluates mouse movement, scrolling rhythm, and typing behavior throughout the entire session. The provider estimates the share of automated traffic on the web at 57 percent. Customers can activate the feature with a single click; Cloudflare has not yet disclosed specific prices.

Key takeaways

  • Precursor analyzes complete user sessions instead of individual requests to detect AI-driven bots.
  • The system evaluates mouse movement, scrolling rhythm, typing speed, and clipboard activity.
  • Cloudflare estimates the share of bot traffic in total web data traffic at 57 percent.
  • Customers activate Precursor with a single click in the dashboard, without needing to adjust their own code.
  • CTO Dane Knecht compares the approach to monitoring the entire visit instead of just at the entrance.
  • Cloudflare has not yet provided specific prices for the new feature.

The US security provider Cloudflare has introduced a new tool against automated AI agents on the web: Precursor continuously observes user sessions instead of just checking individual requests. This responds to a growing share of bot traffic, which the company claims now accounts for 57 percent of all web requests. The system has been available to all customers since July 13, 2026.

Behavioral data replaces one-time checks

According to the technical blog post by Cloudflare, Precursor continuously collects signals from the browser: mouse movements, scrolling rhythm, typing speed, clipboard usage, and the visibility duration of a tab. From these patterns, the software calculates a trust score that is continuously updated throughout the entire session – not just at the first page view. Bots that previously triggered a re-check by restarting or deleting cookies lose a common workaround, as Precursor detects inconsistencies in behavior across the entire session rather than just at a single point in time.

Customers activate the feature with a single click in the Cloudflare dashboard. A script is automatically integrated into pages already running through Cloudflare, eliminating the need for any programming effort. According to the company, Precursor only stores aggregated behavioral patterns, such as the time interval between keystrokes, but not the actual characters entered. This is intended to make Precursor privacy-friendly for operators of sensitive login and checkout pages. Cloudflare has not yet disclosed specific prices for the new feature.

Automated traffic surpasses human usage

Automated requests now account for around 57 percent of all web requests according to independently unverified claims by Cloudflare, thus surpassing human activity for the first time. The company cites AI agents as the main drivers, which autonomously fill out forms, browse content, or complete purchase processes while mimicking human behavior. SiliconANGLE also points to the growing share of AI-driven automation on the web as a trigger for the new approach.

Cloudflare’s Chief Technology Officer Dane Knecht sums up the shift: modern bots are now capable of sneaking in at the entrance, which is why the company will focus on behavior throughout the entire visit rather than a one-time check. Previous defense mechanisms like CAPTCHAs or spot checks can increasingly be solved automatically by specialized AI tools, making the switch to session-wide analyses necessary from the company’s perspective. The transition is part of a series of Cloudflare measures against AI bots, after the provider had previously introduced a purpose-differentiated control for search, agent, and training crawlers.

It will be crucial whether Precursor keeps the false positive rate for mistakenly blocked users low enough to prove itself in productive use – independent tests on this are not yet available. It also remains to be seen what costs customers will incur once Cloudflare publishes a price list, and whether competitors will follow suit with comparable session-based systems.

Frequently asked questions

Is Precursor already available for all Cloudflare customers?

Yes, the system has been generally available since July 13, 2026, and can be activated via the dashboard.

What does Precursor cost?

Cloudflare has not yet published any prices; details should be inquired through sales.

Does Precursor store personal data like keystrokes?

No, the system only logs aggregated behavior patterns such as time intervals, not the actual characters entered.

How does Precursor differ from traditional CAPTCHAs?

Instead of a one-time check, Precursor continuously evaluates behavior throughout the entire session, making a page refresh unable to bypass detection.

Are there comparable systems from other providers?

Publicly available information on comparable session-based systems from competitors is not yet available.


← Back to the blog