Perplexity under fire: Cloudflare says Perplexity’s AI bots faked their identities to bypass site blocks |

Perplexity, the rising AI-powered search startup, is facing scrutiny after Cloudflare alleged that its AI bots used deceptive tactics to access websites that had explicitly blocked them. According to Cloudflare’s report, Perplexity’s bots masked their identity, altered user agents to impersonate browsers like Google Chrome, and rotated IP addresses to evade detection. These actions allegedly allowed the bots to scrape content from thousands of restricted domains. The accusations reignite concerns about AI companies bypassing consent protocols and exploiting publisher content without permission.Cloudflare, one of the largest internet infrastructure providers globally, claims this behavior was observed across tens of thousands of domains and millions of daily requests. It further argues that such stealth crawling undermines publisher autonomy and violates transparency norms in web scraping. The controversy highlights growing tensions between AI firms seeking to build data-hungry models and platforms or publishers trying to protect their content from unauthorized use.

Perplexity accused of evading restrictions through disguised bot behaviour

Cloudflare says it received numerous complaints from clients who noticed Perplexity’s AI crawlers accessing their websites despite having put protections in place—such as disallowing the bots in their robots.txt files or blocking them via Web Application Firewalls (WAFs). In a controlled test, Cloudflare built new domains with restrictions against known Perplexity user agents. The company claims that when the AI bots encountered these blocks, they re-identified themselves as normal users by changing user agents to mimic Chrome on macOS, and used rotating IP addresses that were not listed as Perplexity’s official infrastructure.

Perplexity responds, denies wrongdoing and blames confusion

Perplexity has pushed back strongly against the accusations, calling Cloudflare’s blog post a “publicity stunt” riddled with misunderstandings. A company spokesperson stated that Cloudflare failed to distinguish between Perplexity’s own crawlers and third-party traffic, especially from services like BrowserBase, which Perplexity says it uses only occasionally. According to the company, the referenced 20–25 million daily requests were largely user-driven and did not amount to unauthorized scraping or bot-driven behaviour.

A growing flashpoint in AI and publisher relations

Following the incident, Cloudflare removed Perplexity from its verified bot list and rolled out new measures to block its access by default. The episode underscores larger debates around the ethics of AI scraping, content consent, and intellectual property. Cloudflare CEO Matthew Prince has warned that AI models pose an “existential threat” to publishers, and the company is actively encouraging website owners to demand compensation for access to their content—signaling a brewing war between digital infrastructure providers and AI firms in the era of large-scale content consumption.