Cloudflare has announced the general availability of Precursor, a continuous behavioural validation engine for bot management available on its edge network.
Precursor operates inside web browsers and monitors entire user sessions to identify potentially automated activity. The system is being launched as an alternative to static CAPTCHAs, using ongoing behavioural analysis in real time rather than single-point security checkpoints.
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The feature comes amid reported growth in bot activity online, with Cloudflare stating that automated traffic now accounts for 57% of all web requests. Company data indicates this is the first time bots have generated more traffic than humans.
According to Cloudflare, the shift highlights gaps in legacy bot defences, which are struggling to counter modern automation strategies that can simulate user actions and evade static verification tools. Precursor seeks to address these gaps with session-wide behavioural signals rather than single-request analyses.
Cloudflare chief technology officer Dane Knecht said: “Traditional security checks look at a single moment in time, but modern bots have gotten smart enough to fake their way through the front door.
“Instead of just checking an ID at the gate, we are looking at behaviour over the entire visit. This makes life seamless for real users, while making it incredibly difficult and expensive for bad actors to fake human behaviour.
Precursor works client-side, using a session-based architecture.
Once enabled, Cloudflare automatically injects a lightweight, dynamic JavaScript into HTML responses. This script monitors user activity across the entire application session and captures signals such as cursor movement, scrolling behaviour, typing patterns, clipboard actions, and visibility duration of the page.
Data collected by the script is buffered locally and sent at intervals back to the Cloudflare edge infrastructure for evaluation.
When the data arrives at the server, it is deserialised and submitted to parallel evaluators which look for congruity between separate interaction signals. For example, they check for matches between typing events and focused text fields or align pointer activity with the periods when the page is visible.
All signals collected during the session are compiled into a bot score, and analysis is maintained across an enduring session, not just single events or requests. This session-level analysis makes it more challenging for bots to evade detection by refreshing pages or starting new sessions.
Cloudflare has highlighted privacy as a design consideration in Precursor. The system does not record specific keystrokes or uniquely identifiable actions.
Instead, keyboard activity is logged using timing and rhythm only, and the collected behavioural signals are processed in aggregate without being associated with individual user identities, persistent profiles, or login data.
Event listeners are limited to gathering only those details essential for detecting automation and abusive patterns.
Precursor has been integrated as an extension of the wider Cloudflare bot protection system and is available as an optional feature within the company’s Enterprise Bot Management package.
It complements features such as Challenge and Turnstile. Activation requires only a single click via the Cloudflare dashboard and does not require direct code modifications, allowing organisations to implement detection across full web applications quickly.
The engine provides a real-time, session-level view of site activity for operators. It logs browser interaction signals and applies detection rules without relying on frequent challenges or disruptions for end users.
Cloudflare maintains that as automated scripts increasingly use genuine browsers and execute JavaScript to bypass superficial protections, behavioural analysis of long-term user interaction is necessary to reliably identify non-human actors.
By evaluating patterns across a session, Precursor is designed to make it more resource-intensive and complex for bot operators to mimic authentic human use.
Technical documentation details three core components to Precursor. The injection and collection layer deploys a script that gathers necessary signals and sends them back to the server periodically. The evaluation layer performs multi-signal correlation and anomaly detection at the edge.
Session integration allows for continuing refinement of detection scores, so sessions cannot be reset to evade validation.
This expansion of Cloudflare’s security suite follows an update to the company’s Agent Cloud platform. In April 2026, Cloudflare released additional tools for developers building and scaling agents on its network.
