Skip to content

v1.11.0 - Declared AI Agent Detection

Choose a tag to compare

View all tags
@cport1 cport1 released this 10 Jun 00:35
· 8 commits to main since this release
v1.11.0
93c707a

Minor release adding detection for self-identifying AI agents, plus a roadmap for deeper AI-agent detection.

Features

  • feat(detection): declared AI agent detection (#9). New declared_ai threat category that flags:

    • Self-identifying agent user-agentsClaudeBot, Claude-User, anthropic-ai, GPTBot, ChatGPT-User, OAI-SearchBot, PerplexityBot, Google-Extended, CCBot, Bytespider, meta-externalagent, Amazonbot, cohere-ai, and more.
    • Web Bot Auth signed requests (RFC 9421 HTTP Message Signatures). v1 identifies only; JWKS signature verification is a documented follow-up.

    High confidence, low severity by default — surfaced as its own category so operators can apply an allow/block policy rather than relying on a hard score. Implemented identically across Go, Node, and Python servers. Weights rebalanced bot 0.15 → 0.13, declared_ai 0.02.

Docs

  • docs/PRD-ai-agent-detection.md — roadmap for detecting modern AI agents (input-event forensics, LLM think-time cadence, hosted-agent environment composites, accessibility-tree honeypots, cross-session correlation) with detection code snippets. This release implements its Phase 1.

Tests

  • TestCheckDeclaredAIAgent and TestWeightsSumToOne added to the Go suite.

No breaking changes.

Assets 2
Loading