The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Perfect for spammers, scammers and domain squatters, who can now automate their activities even more.
Can’t think of any other uses for this given the current state of LLM ‘agents’, though I can’t wait for the next report of something like ‘openclaw registered 1000 domains for me without asking and now cloudflare won’t refund me’.
LLM generation in general provides the most use to scammers and the like. Generate emails which people won't read, generate articles which are just honeypots or rip-offs, generate images to said articles, generate more and more spam.
Every legit use case for LLM practically requires that human would verify the result manually, at least briefly. But spammers can enjoy skipping that step, since content was never a main priority in the first place.
And cloudflare can actually sell them priority access to pass their bot protection or introduce micropaiments for agents access content. I feel cloudflare is getting a bit scary tbh. It is like your friendly bot net.
I think this post needs to be put in context, for months now Cloudflare has been releasing products that allow their whole platform to be usable by agents with the main objective of enabling their customers to dynamically write code using Cloudflare, this is just another step.
For example, you can now with Artifacts and Dynamic Workers make a lovable-style SaaS where your customers ask the AI agent to write software for them, the agent can run it in sandboxes with no build step, it can version it with a git-compatible API, and now you can even have it buy a domain for the end customer or set up their own cloudflare account when they want to move to production.
I personally have no use case for creating domains via agents, but some of the other features they're releasing around this area are extremely useful and I've started to ship internal tools for my clients where they are used, like giving them their own mini claude code that only does one thing – one I shipped last week was an agentic interface for Salesforce reports that understands their domain better (and all the undocumented tech debt) than the built-in Salesforce AI does and therefore manages the context better
People use agents to deploy sites all the time. Buying a domain is part of that if you want to build a site that's beyond a toy. Allowing agents to do a task isn't just for things you do every day – it's also for things you do rarely and need agents' help. It's not just devs using agents to perform these sort of tasks anymore.
Stripe Atlas makes it massively easier for startups to incorporate in Delaware. This is particularly hard for non-US founders. It solves a real problem. I don't think this part will be done by agents though!
Lets remind the purpose of incorporating in Delaware is legal tax evasion, so that we don't not have pensions, health insurance or anything nice, really.
It's for founders who don't have lawyers. My co-founder and I are both developers, we used Stripe Atlas to incorporate a C-Corp due to expecting to fundraise <1 year after incorporation. Stripe Atlas generates about 200 pages of legal boilerplate documents with very sane defaults so that your corporate structure, bylaws, IP protections, director indemnity, etc. align well with investor expectations. It helps investors not have to "rules-lawyer" all your corporate records during due-diligence, because their content exactly matches YC's expectations.
-------
I said we made a C-Corp but other founders should default to LLC. An LLC is superior to C-Corp in pretty much every way for any pre-raise founders who don't have an extra $2,000 to >$10,000/year they're willing to part with for higher franchise taxes, "foreign" (different state) corporation registration, CPA's, and additionally lawyers if any investments aren't YC SAFE's (e.g. not YC, Neo, or A16Z SpeedRun).
Also note that for pre-revenue C-Corps, Delaware franchise taxes are scaled against number of shares, not company revenue or # of employees, so you can save some money by forming your company with 1,000,000 shares and then file a "Unanimous action of the board of directors" to increase it to 10,000,000 just before angel/pre-seed/seed round, and potentially save a few hundred dollars on your first year franchise taxes, depending on when you incorporate and raise. But if a few hundred dollars makes a difference to you, incorporating as an LLC instead of a C-Corp is the only defensible decision.
And as always, start your taxes 3-4 months before they're due. If you want a CPA to do them (which you should if you have any revenue), you'll need to retain them way ahead of time for C-Corps. If you're filling tax forms out yourself, you'll want to start at least a month before they're due.
My biggest hesitation with these things is that there is no limit to the possible bill I may receive when the agent goes haywire. Cloudflare doesn’t see this as a problem of course.
> Buying a domain is not something you have to do daily to require any kind of automation.
Which is arguably unfortunate, as it nudges people towards using centralized services because they simply don't know that they have the option to register one.
For example, why not self-host a single-page party invitation site designed by an agent rather than using Facebook or Instagram?
A lot of what enabled Web 1.0 was how easy it was for an average web user to create his own website.
An average web user got far less technical since, and making a website got harder instead.
Now, if anyone could just ask an AI agent to set up a website, and get a personal page with an e-mail inbox and a domain - all reasonably secure, TLS set up, billing added as +$5 per year to the AI subscription bundle? Maybe that would help some.
I don't think there are a lot in the SAAS world. Usually when something quirky and new launches, readers on this website can discern something about useful intent.
Arguably Github, Slack, Twitch, TikTok were basically toys at launch with a lot of people questioning possible market fit.
But there is a difference between those products - and for example - everything that came out of the crypto blockchain scene. This new product by Cloudflare feels more in the latter camp than the former.
People making cooking websites, websites for their garden, etc usually have nowhere to go. A web app who is an agent for a customer will then deploy agents in the backend to deploy the website too.
Basically what one would do manually, you tell one agent to make another agent do it.
Sadly they will be publishing on a web which has no human readers anymore because it’s been crowded out by 5 trillion AI slop gardening websites. And the only visitors will be other AI scraper bots.
Any actual readers will be on platforms which combat the bot spam.
While large social media sites have captured lots of traffic, etc. I've had small websites for a local wargaming club, a very modest blog, etc. for decades requiring little or no technical expertise.
The idea that people who want modest websites need active agentic systems to do that is a really odd take.
> The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
Every time I come across AI projects and AI integrations (including my previous job where I full-time worked on one), no one was able to show me concrete examples how can I use it for constructive things.
Doesn’t this sum up most of the AI “innovations” we’ve seen shoveled in this bubble?
We constantly see AI thought leaders backpeddling on promises and just spouting general nonsense. Altman originally talked effusively about an era of “abundance”. An abundance of what? It’s a word salad of feel good vibes without any substance.
Sam Altman has gone from claiming AI might cure cancer to shoveling ads and the scope of AI seems to be reduced to mostly be suitable as flawed, imperfect, but mildly useful coding/automation agents that are likely subsidized beyond economic viability, but you can’t point that out because it’s the future!
> Buying a domain is not something you have to do daily to require any kind of automation
I wrote a python client for dnsimple nearly 16 years ago to exactly that. If you can’t think of a reason it’s useful, you may wish to get your agent to buy a domain for some project you have asked to create.
> Buying a domain is not something you have to do daily to require any kind of automation.
Sorry, but no, you totally miss the fact there are domain farms which buy the dropped domains and then offer them up for sale. Bots now use AI to analyze the domain's value and automate the whole process. To be able to let AI buy it as well likely offers a tremendous amount of time saving.
Domain registration is already API driven and has been for decades. The most sophisticated domain name investors (or "domain farms") go as far as to own registrars directly so they have instant access to the registries. Nobody involved in domains would use Cloudflare's product because they already have and have had automations for decades.
For example, DropCatch (NameBright) own over 1,000 different registrars so that they have over 1,000 direct routes to Verisign's .com registry. GName are a new player in the space, approaching 1,000 registrars. The amount these companies spend on their registrar licensing alone is many millions of dollars[1].
Cloudflare's product adds nothing new to the world of domains. Anyone has been able to go to OpenSRS and sign up as a reseller with API access for over 20 years.
That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
This conflict is popping up everywhere. There is a push by a lot of companies to allow agentic use of their services (and new companies explicitly offering "X for agents"), ignoring the fact that "agent" means the same thing as "bot" which we've spent the last couple of decades actively filtering out. Will be interesting to see how it plays out.
The future is the internet will be entirely bot activity and humans will ether be strapped in to the metaverse reels ai slop feed or they will be outside interacting with people in person again. Both of these seem like likely futures and probably both at the same time.
> By agreeing to these Terms, you represent and warrant to us: (i) that you have not previously been suspended or removed from the Websites and Online Services
CloudFlare ToS has you covered. A human must accept it, even with the new agentic flow.
I think this is just saying you can’t sign up for a new account after a previously created account gets suspended, not that the act of suspension itself causes you to violate the the terms of service in perpetuity because, pedantically, any suspension that has happened, happened “previously”.
The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
I thought this was excessive and impossible, but as I was reading, I realized nowadays everything you say is technically possible. The future gives me the chills.
The likely outcome is that the phone system becomes massively more locked down. Your phone will only ring if the caller has a number which is backed by a real ID, particularly one from your own country. It will become increasingly difficult to contact someone you don’t have a legitimate connection to.
The banking system will become increasingly fraud resilient with better real time detection of fraud.
Your phone may even have its own AI on your side listening in on the call and sounding the alarm when a number from Nigeria starts using an AI voice pretending to be your son.
Curious, is there an Andreesen Horowitz Agent MCP?
Let’s automate this end to end, from idea to raising capitals. Vibe Angels should just be multi agents managing how much capitals to allocate to each projects.
About goddamn time. The recent past consisted of discord blocking me because their telemetry was broken and exceeded their rate limit and target blocking me because two devices in a single household look really suspicious.
This is Cloudflare. They have an extremely strong incentive to increase bot usage. If there is no bot scrapping the internet they'll be out of business.
A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.
I wonder if this means I can now also buy a domain via the API?
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
That's not a well kept secret, that's just a workflow that almost nobody would accept for their email setup which is the center of most people's digital identify and should always work and not be a duct taped construct to save a couple of bucks.
> I wonder what it means for an agent to “agree” to terms of service
It's already not clear what it means for humans to do it, but it doesn't prevent every single service from asking it. At least an AI has a chance to ingest it all.
Most of the sysadmin and devops team have been downsized in India because of AI.
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
Can you support this claim with some evidence? Not just about the redundancies, but I’m also particularly interested in hard data showing Claude is capable of doing that kind of research with near 100% verifiable accuracy and migrations with no data loss and equivalent functionality (which is required to sustain your claim).
> Devops and sysadmins can no longer withhold information to maintain job security.
I can't imagine this is very prevalent. That's a very 2004-style corporate immaturity; I get the sense that even the slow-moving behemoths of the software world have mostly caught up to, say ... 2017's recognition of the importance of automation and reproducibility and won't tolerate the kind of malpractice you describe--wilful information siloing by infrastructure teams.
Like, those businesses might well suck at automation! But they've been doing it and firing the people who resist it for a long while now.
And when it goes wrong, production is down, until they can get a real devops to look at what shit the AI-only guys did wrong. Haha, no serious shop would act like that, but then again most shops are not serious, now are they? So you might have a point.
Only downsized? I would expect them to cease to exist entirely in the coming years, as western companies begin to realize that AI is cheaper and more competent than the Indian firms they usually outsource work to.
I'd be interested in how this could be used. The $100 cap is the right shape of mitigation in terms of guardrails. Buying a domain is irreversible but has a price tag, so you can deterministically bound how irreversible it gets.
This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...
I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...
I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?
(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)
This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.
I don't understand the pessimism here. You never know the use cases for quickly and automatically rotating domains. There have always been bots, spammers and scammers. I'm interested to see what people build with this.
AI agent calls a human on their phone (even engage in an email chain), whilst talking to the human they analyse the likelyhood of diffferent fraud vectors, and choose the most likely one to work on this particular victim. Whilst keeping the human talking in chit chat to raise their confidence levels, in the background it buys a domain which fits the users fraud profile, and quickly makes a basic website on it. Maybe its a fake login page, maybe it just hosts malware, who knows at this point. The agent then emails the user from a mailbox on the new domain which directs the user to the new domain and commits the fraud. The email from the domain ties up with what the agent is saying on the phone, so it all looks legit to the human.
Immediately after the call it deletes the website, directs the new domains dns to blackhole and discards it from its posession.
This is all possible right now. I am also interested to see what is built with this technology in the future, but interested in a very worried way.
I recently started migrating my DNS to a DNSSEC-enabled provider.
This involves copy-pasting DNSSEC properties from one web interface into another.
Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.
I'm not willing to switch to Cloudflare for this feature.
I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.
As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.
Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?
Humans will not win in court with a "but the agent did it, I had no idea" argument. Just look at how the cases against OAI are going, and that's where families lose a loved one. There's not going to be any sympathy when your agent committed fraud on your behalf.
And it's not like pro agent companies have a reason to self regulate. They're not going to absorb that liability voluntarily, they'll push it onto users contractually (most of them already do). This is just another channel to bring in customers. They will capitalize ruthlessly to increase their bottom line.
Interesting questions you bring up. Especially the legal ramifications as to how it would fully work within current legal framework.
I suppose there would be a broad disclaimer and agreement one would have to agree to that would state that users of the service are ultimately responsible to monitor and ensure websites deployed by agents comply with local laws.
Ultimately I assume that since it is not the agent who pays but a registered user that the user would own the site. And that the legal agreement would be agreed to beforehand so it is legally binding.
why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.
Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.
All of the domains are public. Whenever a new model comes out I like to ask a very specific prompt that helps me identify niche markets with high buyer urgency, have the AI rank them across a rubric, pick the one that has the highest degree of automation potential and then have it build me an MVP.
I’m not trying to shamelessly promote here but since you asked one of them is at jobwiz.biz
Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.
The whole backbone of pedomericas so-called tech industry is nothing but an advanced advertising operation designed to shovel ad many ads down the worlds throat. I am happy to see that pedomericans now have an additional tool in their toolbox to shovel more efficiently. Congratulations retards
They can do that now? I did that with agents since last summer. They also helped me set up aws and azure. It is such a pleasure to not having to read about their stupid platforms. What a security group is, what a vps is, what an eni and what a gateway is blah blah I just give the agent specs and access lists, then check it and it all just works.
I literally hate it every time I try to visit a website and face Cloudflare bot verification. And now, they’re letting bots create accounts and buy domains. Double-standard hypocrisy.
It's not as simple as being pro- or anti-bot. It's about giving site owners the tools to decide whether or not they want to allow them. Seems pretty consistent to me. If they don't want bots, they can use tools to identify and block them. If they do, they can do things like automatically deliver markdown versions to them, or use x402 to charge micropayments.
Disclaimer: I work at Cloudflare, but not on these
They can doesn't mean they should. Letting an unsupervised agent register domains and build websites exposed to the public is yet another recipe for a disaster waiting to happen.
This is an API. They now allow users to create accounts, buy domains and deploy from their api instead of going on the website. That's great. I am not sure I understand why all this complex protocol is needed though, especially now that you can generate a cli with a prompt.
I meant a cli is essentially a wrapper around an API, you are right it is less complex than a direct call. My point was that now there is an API you can call with this CLI, or a cli you vibecode yourself to call the API or you can call the API directly. Where before you probably could not create an account without going on the website manually. They now have a programming interface to more features of their services. But their cli still feel too complex with the stripe protocol integration. As said in other comments, I probably only want to create an account and register a domain every once in a while so a simpler cli that just wraps the api call would be better.
But they paid for the emission just like every other electricity consumer? Then who are we to determine the Hello World page is morally more wasteful than outdoor terrace heaters or advertising jumbo-trons?
I hear your argument. However, you assume CloudFlare pays taxes and utility rates comparable to what other customers pay. That is never the case with large businesses. CloudFlare seems to be less parasitic than others in the industry, but they are not doing this for the charity.
For example, in 2024 JPMorgan received a $77m subsidy to build a datacenter that created only one permanent job.
The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Maybe it's me.
Perfect for spammers, scammers and domain squatters, who can now automate their activities even more.
Can’t think of any other uses for this given the current state of LLM ‘agents’, though I can’t wait for the next report of something like ‘openclaw registered 1000 domains for me without asking and now cloudflare won’t refund me’.
LLM generation in general provides the most use to scammers and the like. Generate emails which people won't read, generate articles which are just honeypots or rip-offs, generate images to said articles, generate more and more spam.
Every legit use case for LLM practically requires that human would verify the result manually, at least briefly. But spammers can enjoy skipping that step, since content was never a main priority in the first place.
And cloudflare can actually sell them priority access to pass their bot protection or introduce micropaiments for agents access content. I feel cloudflare is getting a bit scary tbh. It is like your friendly bot net.
3 replies →
The DNS provider I recently switched to surprised me with a policy:
To create records for more than one domain, you need to write a personal support email.
They say it's to raise DNSSEC awareness, but I think it's also a robot captcha.
3 replies →
I think this post needs to be put in context, for months now Cloudflare has been releasing products that allow their whole platform to be usable by agents with the main objective of enabling their customers to dynamically write code using Cloudflare, this is just another step.
For example, you can now with Artifacts and Dynamic Workers make a lovable-style SaaS where your customers ask the AI agent to write software for them, the agent can run it in sandboxes with no build step, it can version it with a git-compatible API, and now you can even have it buy a domain for the end customer or set up their own cloudflare account when they want to move to production.
I personally have no use case for creating domains via agents, but some of the other features they're releasing around this area are extremely useful and I've started to ship internal tools for my clients where they are used, like giving them their own mini claude code that only does one thing – one I shipped last week was an agentic interface for Salesforce reports that understands their domain better (and all the undocumented tech debt) than the built-in Salesforce AI does and therefore manages the context better
I’m not saying that you’re wrong.
But it’s worth noting that any good technology starts off being called a toy and with most people not being able to imagine its usefulness.
People use agents to deploy sites all the time. Buying a domain is part of that if you want to build a site that's beyond a toy. Allowing agents to do a task isn't just for things you do every day – it's also for things you do rarely and need agents' help. It's not just devs using agents to perform these sort of tasks anymore.
Stripe Atlas makes it massively easier for startups to incorporate in Delaware. This is particularly hard for non-US founders. It solves a real problem. I don't think this part will be done by agents though!
Disclaimer: I work at Cloudflare but not on this
Lets remind the purpose of incorporating in Delaware is legal tax evasion, so that we don't not have pensions, health insurance or anything nice, really.
Rename to Greedware.
6 replies →
Wouldn't it be critical if the agent botched the domain purchase in weird ways ?
Short of throwaway sites (spam etc) it's hard to imagine skimping time on this specific, mostly painless part.
2 replies →
> it's also for things you do rarely and need agents' help
I recently set up DNSSEC for the first time.
It really was just a bunch of copy-paste from one provider to another.
I like to understand what I'm doing, and LLMs helped greatly with that.
But it was copy-pasting screenshots into chat, so not really agentic.
1 reply →
> I am also not sure who Stripe Atlas for.
It's for founders who don't have lawyers. My co-founder and I are both developers, we used Stripe Atlas to incorporate a C-Corp due to expecting to fundraise <1 year after incorporation. Stripe Atlas generates about 200 pages of legal boilerplate documents with very sane defaults so that your corporate structure, bylaws, IP protections, director indemnity, etc. align well with investor expectations. It helps investors not have to "rules-lawyer" all your corporate records during due-diligence, because their content exactly matches YC's expectations.
-------
I said we made a C-Corp but other founders should default to LLC. An LLC is superior to C-Corp in pretty much every way for any pre-raise founders who don't have an extra $2,000 to >$10,000/year they're willing to part with for higher franchise taxes, "foreign" (different state) corporation registration, CPA's, and additionally lawyers if any investments aren't YC SAFE's (e.g. not YC, Neo, or A16Z SpeedRun).
Also note that for pre-revenue C-Corps, Delaware franchise taxes are scaled against number of shares, not company revenue or # of employees, so you can save some money by forming your company with 1,000,000 shares and then file a "Unanimous action of the board of directors" to increase it to 10,000,000 just before angel/pre-seed/seed round, and potentially save a few hundred dollars on your first year franchise taxes, depending on when you incorporate and raise. But if a few hundred dollars makes a difference to you, incorporating as an LLC instead of a C-Corp is the only defensible decision.
And as always, start your taxes 3-4 months before they're due. If you want a CPA to do them (which you should if you have any revenue), you'll need to retain them way ahead of time for C-Corps. If you're filling tax forms out yourself, you'll want to start at least a month before they're due.
My biggest hesitation with these things is that there is no limit to the possible bill I may receive when the agent goes haywire. Cloudflare doesn’t see this as a problem of course.
There's a whole payment section in the submitted article which addresses your concern, perhaps you should read it.
It's not Cloudflare's job to see what you choose to buy as a problem.
1 reply →
I assume the constructive use case is some non-techy person asking ChatGPT.
> Hey, please make me a website about my dog woofy. Give it the link myfluffywoofy.dog ;) Thank you!
> Buying a domain is not something you have to do daily to require any kind of automation.
Which is arguably unfortunate, as it nudges people towards using centralized services because they simply don't know that they have the option to register one.
For example, why not self-host a single-page party invitation site designed by an agent rather than using Facebook or Instagram?
A lot of what enabled Web 1.0 was how easy it was for an average web user to create his own website.
An average web user got far less technical since, and making a website got harder instead.
Now, if anyone could just ask an AI agent to set up a website, and get a personal page with an e-mail inbox and a domain - all reasonably secure, TLS set up, billing added as +$5 per year to the AI subscription bundle? Maybe that would help some.
2 replies →
A lot of good and interesting things started out as toys
We should build more toys
I don't think there are a lot in the SAAS world. Usually when something quirky and new launches, readers on this website can discern something about useful intent.
Arguably Github, Slack, Twitch, TikTok were basically toys at launch with a lot of people questioning possible market fit.
But there is a difference between those products - and for example - everything that came out of the crypto blockchain scene. This new product by Cloudflare feels more in the latter camp than the former.
> I've have personally never seen a good example where a cross vendor account provisioning actually working.
At enterprise level, account provisioning with SCIM is the industry standard.
> to what end?
People making cooking websites, websites for their garden, etc usually have nowhere to go. A web app who is an agent for a customer will then deploy agents in the backend to deploy the website too.
Basically what one would do manually, you tell one agent to make another agent do it.
Meta agents are where are going it seems.
> People making cooking websites, websites for their garden, etc usually have nowhere to go.
They've had WYSIWYG website builders since the late 1990s.
> People making cooking websites, websites for their garden, etc usually have nowhere to go.
You know, I kind of miss Geocities too.
Sadly they will be publishing on a web which has no human readers anymore because it’s been crowded out by 5 trillion AI slop gardening websites. And the only visitors will be other AI scraper bots.
Any actual readers will be on platforms which combat the bot spam.
While large social media sites have captured lots of traffic, etc. I've had small websites for a local wargaming club, a very modest blog, etc. for decades requiring little or no technical expertise.
The idea that people who want modest websites need active agentic systems to do that is a really odd take.
[dead]
> The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
Every time I come across AI projects and AI integrations (including my previous job where I full-time worked on one), no one was able to show me concrete examples how can I use it for constructive things.
> It is cool feature but to what end?
Doesn’t this sum up most of the AI “innovations” we’ve seen shoveled in this bubble?
We constantly see AI thought leaders backpeddling on promises and just spouting general nonsense. Altman originally talked effusively about an era of “abundance”. An abundance of what? It’s a word salad of feel good vibes without any substance.
Sam Altman has gone from claiming AI might cure cancer to shoveling ads and the scope of AI seems to be reduced to mostly be suitable as flawed, imperfect, but mildly useful coding/automation agents that are likely subsidized beyond economic viability, but you can’t point that out because it’s the future!
> Buying a domain is not something you have to do daily to require any kind of automation
I wrote a python client for dnsimple nearly 16 years ago to exactly that. If you can’t think of a reason it’s useful, you may wish to get your agent to buy a domain for some project you have asked to create.
> it is a toy and they do not know who and how they will use it.
Just like it is usually used: spam and (D)DoS
> Buying a domain is not something you have to do daily to require any kind of automation.
Sorry, but no, you totally miss the fact there are domain farms which buy the dropped domains and then offer them up for sale. Bots now use AI to analyze the domain's value and automate the whole process. To be able to let AI buy it as well likely offers a tremendous amount of time saving.
It offers value to parasites who buy domains and resell them?
3 replies →
It's not like there aren't others who sell domains with an API. This doesn't change that much.
So actively making the internet worse. Awesome.
Hasn’t all that been automated by people for decades anyway?
I guess this, lowers the barrier to entry for this extremely specific niche?
And that goes back way further than AI. We were doing some crazy stuff at Demand Media with enom and all their fake content sites.
Complete and utter nonsense.
Domain registration is already API driven and has been for decades. The most sophisticated domain name investors (or "domain farms") go as far as to own registrars directly so they have instant access to the registries. Nobody involved in domains would use Cloudflare's product because they already have and have had automations for decades.
For example, DropCatch (NameBright) own over 1,000 different registrars so that they have over 1,000 direct routes to Verisign's .com registry. GName are a new player in the space, approaching 1,000 registrars. The amount these companies spend on their registrar licensing alone is many millions of dollars[1].
Cloudflare's product adds nothing new to the world of domains. Anyone has been able to go to OpenSRS and sign up as a reseller with API access for over 20 years.
[1] The majority of ICANN's registrar revenue comes from just a few companies that own thousands of registrars collectively: https://www.iana.org/assignments/registrar-ids/registrar-ids... cmd + f "DropCatch" and "GName"
1 reply →
lol, there are lots of people who aren't developers.
[dead]
It's a sales tool.
You can tell Claude to add a new condition to an if and instead it will duplicate the whole if body.
They're hoping you'll tell your "agent" to buy a domain and it will buy 30 instead.
That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
This conflict is popping up everywhere. There is a push by a lot of companies to allow agentic use of their services (and new companies explicitly offering "X for agents"), ignoring the fact that "agent" means the same thing as "bot" which we've spent the last couple of decades actively filtering out. Will be interesting to see how it plays out.
In defense of old-school bots, we had to code them up by hand.
The future is the internet will be entirely bot activity and humans will ether be strapped in to the metaverse reels ai slop feed or they will be outside interacting with people in person again. Both of these seem like likely futures and probably both at the same time.
3 replies →
> By agreeing to these Terms, you represent and warrant to us: (i) that you have not previously been suspended or removed from the Websites and Online Services
CloudFlare ToS has you covered. A human must accept it, even with the new agentic flow.
I think this is just saying you can’t sign up for a new account after a previously created account gets suspended, not that the act of suspension itself causes you to violate the the terms of service in perpetuity because, pedantically, any suspension that has happened, happened “previously”.
3 replies →
Money talks.
The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
It can also be used to make art.
I thought this was excessive and impossible, but as I was reading, I realized nowadays everything you say is technically possible. The future gives me the chills.
The likely outcome is that the phone system becomes massively more locked down. Your phone will only ring if the caller has a number which is backed by a real ID, particularly one from your own country. It will become increasingly difficult to contact someone you don’t have a legitimate connection to.
The banking system will become increasingly fraud resilient with better real time detection of fraud.
Your phone may even have its own AI on your side listening in on the call and sounding the alarm when a number from Nigeria starts using an AI voice pretending to be your son.
Some would argue, forcefully at that, that AI cannot make art and/or cannot be used to make art.
What I saw was Transmetropolitan setup, where Hole renews their presence online every 5 minutes or so to avoid government censor.
People used to say the same about photography a while ago.
1 reply →
Cloudflare has been going all-in on agents/agent-first and this is one of the results?
[flagged]
Reminds me of an article from The Onion from this morning: https://theonion.com/taking-advantage-of-other-people-was-th...
A truly wonderful read
Have you talked to Andreesen Horowitz yet? That elevator pitch alone should get you a few million.
Curious, is there an Andreesen Horowitz Agent MCP?
Let’s automate this end to end, from idea to raising capitals. Vibe Angels should just be multi agents managing how much capitals to allocate to each projects.
1 reply →
Industry really went from "prove you are not a robot", to "but also if you are, this way please"
About goddamn time. The recent past consisted of discord blocking me because their telemetry was broken and exceeded their rate limit and target blocking me because two devices in a single household look really suspicious.
This is Cloudflare. They have an extremely strong incentive to increase bot usage. If there is no bot scrapping the internet they'll be out of business.
I mean, Cloudflare will help website owners ban scrapers unless they pay. It’s kind of what they do.
A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.
I wonder if this means I can now also buy a domain via the API?
*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...
The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)
One of the well-kept secrets about Cloudflare is:
You can have a zero-cost inbox.
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
That's not a well kept secret, that's just a workflow that almost nobody would accept for their email setup which is the center of most people's digital identify and should always work and not be a duct taped construct to save a couple of bucks.
Here's my top-secret Rube Goldberg Machine that maintains my online identity.
isn't cloudflare webworker and email forwarding infra hyperscaling and highly available?
5 replies →
On a related note they opensourced an email client: https://github.com/cloudflare/agentic-inbox
cf bought an email security company a couple years ago so wouldn’t shock me they have good spam filtering.
There’s a completely free tier of Zohomail which does more than what I need for a custom email.
That's pretty neat! What do you use to send and receive emails on your phone?
once you've emails stored, you can use any webclient.
you can write an api to imap adapter and use it in your favourite mail client
SES exposes SMPT directly.
IANAL, but I wonder what it means for an agent to “agree” to terms of service or to “agree” to pay for something. Can agents enter into contracts?
It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.
But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?
> I wonder what it means for an agent to “agree” to terms of service
It's already not clear what it means for humans to do it, but it doesn't prevent every single service from asking it. At least an AI has a chance to ingest it all.
Worst idea I’ve seen all week, I’d rather have the opposite, and I’m an AI developer so not even against it
Most of the sysadmin and devops team have been downsized in India because of AI.
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
Can you support this claim with some evidence? Not just about the redundancies, but I’m also particularly interested in hard data showing Claude is capable of doing that kind of research with near 100% verifiable accuracy and migrations with no data loss and equivalent functionality (which is required to sustain your claim).
is most sysadmins and devops capable of 100% verifiable accuracy? you over estimate average skill level available in market.
> Devops and sysadmins can no longer withhold information to maintain job security.
I can't imagine this is very prevalent. That's a very 2004-style corporate immaturity; I get the sense that even the slow-moving behemoths of the software world have mostly caught up to, say ... 2017's recognition of the importance of automation and reproducibility and won't tolerate the kind of malpractice you describe--wilful information siloing by infrastructure teams.
Like, those businesses might well suck at automation! But they've been doing it and firing the people who resist it for a long while now.
Epic. Can't wait for those humans to be rehired after you find out that letting Claude perform 1000s of migrations autonomously is a bad idea
What about the 80% of teams? Are there enough trenches to dig in the country for them to make a living?
And when it goes wrong, production is down, until they can get a real devops to look at what shit the AI-only guys did wrong. Haha, no serious shop would act like that, but then again most shops are not serious, now are they? So you might have a point.
Only downsized? I would expect them to cease to exist entirely in the coming years, as western companies begin to realize that AI is cheaper and more competent than the Indian firms they usually outsource work to.
You forgot "make no mistakes" and "don't hallucinate" and "don't delete any important files" as well, those are important.
I found that, without that, Claude makes too many critical mistakes.
[dead]
I'd be interested in how this could be used. The $100 cap is the right shape of mitigation in terms of guardrails. Buying a domain is irreversible but has a price tag, so you can deterministically bound how irreversible it gets.
This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...
I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...
I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?
(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)
This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.
Ps. Agents can also sell and delete domains.
I don't understand the pessimism here. You never know the use cases for quickly and automatically rotating domains. There have always been bots, spammers and scammers. I'm interested to see what people build with this.
Maybe something like this?
AI agent calls a human on their phone (even engage in an email chain), whilst talking to the human they analyse the likelyhood of diffferent fraud vectors, and choose the most likely one to work on this particular victim. Whilst keeping the human talking in chit chat to raise their confidence levels, in the background it buys a domain which fits the users fraud profile, and quickly makes a basic website on it. Maybe its a fake login page, maybe it just hosts malware, who knows at this point. The agent then emails the user from a mailbox on the new domain which directs the user to the new domain and commits the fraud. The email from the domain ties up with what the agent is saying on the phone, so it all looks legit to the human. Immediately after the call it deletes the website, directs the new domains dns to blackhole and discards it from its posession.
This is all possible right now. I am also interested to see what is built with this technology in the future, but interested in a very worried way.
Well, let me guess... even more bots and new agentic spammers and scammers?
I recently started migrating my DNS to a DNSSEC-enabled provider.
This involves copy-pasting DNSSEC properties from one web interface into another.
Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.
I'm not willing to switch to Cloudflare for this feature.
But it reminds me there's more to automate.
Not that spammers couldn't do without this feature, but advertising it as a service is kinda weird.
I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.
I was wondering if someone was going to allow payments through CLI at some point.
But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.
if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.
Wait until one account is banned, and then all linked accounts are permanently banned.
As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.
Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?
Humans will not win in court with a "but the agent did it, I had no idea" argument. Just look at how the cases against OAI are going, and that's where families lose a loved one. There's not going to be any sympathy when your agent committed fraud on your behalf.
And it's not like pro agent companies have a reason to self regulate. They're not going to absorb that liability voluntarily, they'll push it onto users contractually (most of them already do). This is just another channel to bring in customers. They will capitalize ruthlessly to increase their bottom line.
> There's not going to be any sympathy when your agent committed fraud in your behalf.
Good thing the fraud is committed in places that specifically don't prosecute fraud when it's targeted against Western countries.
Fraud requires intention
Interesting questions you bring up. Especially the legal ramifications as to how it would fully work within current legal framework. I suppose there would be a broad disclaimer and agreement one would have to agree to that would state that users of the service are ultimately responsible to monitor and ensure websites deployed by agents comply with local laws. Ultimately I assume that since it is not the agent who pays but a registered user that the user would own the site. And that the legal agreement would be agreed to beforehand so it is legally binding.
why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.
Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.
Are any of these domains public? I’d love to study and better understand the use case for needing to AIify this.
All of the domains are public. Whenever a new model comes out I like to ask a very specific prompt that helps me identify niche markets with high buyer urgency, have the AI rank them across a rubric, pick the one that has the highest degree of automation potential and then have it build me an MVP.
I’m not trying to shamelessly promote here but since you asked one of them is at jobwiz.biz
2 replies →
It’s not AIifying one thing. It’s AIifying the entire work flow… every detail. Allowing domain names is just one aspect of it.
The agent does everything. “Make a website that does…“ and it can handle everything from start to finish. It’s that good now.
2 replies →
[dead]
Excellent tool for scammers.
This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.
Yes I'm sure that whenever Andrej Karpathy complains, the market reacts. By the way, remind me who Andrej Karpathy is?
Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.
Buying the domain is the key here.
Genius! Automate the flow for making customers spend money.
If the genius who came up with this idea is reading this: Nobody asked for this feature.
Holy crap this is a terrible idea
These days, website or service “usability” means that Claude code can do it for you.
I'm sure nothing bad will come of this idea.
I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)
This looks interesting nonetheless.
Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?
Cloudflare's prices are already close to unbeatable. They basically resell at cost. But there's nothing stopping you from doing that if you want.
Cloudflare's prices are very beatable, especially if we're talking about the first year price.
Their name doesn't appear in the first 6 pages (~175 TLDs) of this list https://tldes.com/cheapest-domains
On renewals they appear much more competitive though.
Who goes to websites these days?
What could go wrong?
> At the end, the agent has deployed to production, and the app runs on the newly registered domain:
Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.
For sure this is going to get abused.
The whole backbone of pedomericas so-called tech industry is nothing but an advanced advertising operation designed to shovel ad many ads down the worlds throat. I am happy to see that pedomericans now have an additional tool in their toolbox to shovel more efficiently. Congratulations retards
They can do that now? I did that with agents since last summer. They also helped me set up aws and azure. It is such a pleasure to not having to read about their stupid platforms. What a security group is, what a vps is, what an eni and what a gateway is blah blah I just give the agent specs and access lists, then check it and it all just works.
I literally hate it every time I try to visit a website and face Cloudflare bot verification. And now, they’re letting bots create accounts and buy domains. Double-standard hypocrisy.
It's not as simple as being pro- or anti-bot. It's about giving site owners the tools to decide whether or not they want to allow them. Seems pretty consistent to me. If they don't want bots, they can use tools to identify and block them. If they do, they can do things like automatically deliver markdown versions to them, or use x402 to charge micropayments.
Disclaimer: I work at Cloudflare, but not on these
CF used to ban your account for shit like this just a year ago. That’s quite a shift in attitude
why
don't even supricezed - I've done it before even without agents
They can doesn't mean they should. Letting an unsupervised agent register domains and build websites exposed to the public is yet another recipe for a disaster waiting to happen.
Skynet - and so it begins ...
So does this mean banned sites can now come back as long as they have an agent make an account instead of the banned user.
So they made it possible for agents to spend people's money buying their services.
Why didn't Amazon think of that?
Soooo they built.... an API?
Nice. Another step closer to the "dream" of filling the web with trash at scale
I mean couldn’t they already do that? Isn’t it the whole per pose of agents to do whatever any person can do on a machine?
Not via the API, previously.
Thank god, this is what we've been missing on our quest to make software better for our users.
> buy
good luck
[flagged]
[flagged]
[flagged]
[dead]
This is an API. They now allow users to create accounts, buy domains and deploy from their api instead of going on the website. That's great. I am not sure I understand why all this complex protocol is needed though, especially now that you can generate a cli with a prompt.
A cli application is less complex than an API you send the literal string
"POST /some/api"
to?
I meant a cli is essentially a wrapper around an API, you are right it is less complex than a direct call. My point was that now there is an API you can call with this CLI, or a cli you vibecode yourself to call the API or you can call the API directly. Where before you probably could not create an account without going on the website manually. They now have a programming interface to more features of their services. But their cli still feel too complex with the stripe protocol integration. As said in other comments, I probably only want to create an account and register a domain every once in a while so a simpler cli that just wraps the api call would be better.
[flagged]
Please don't fulminate on HN. The guidelines make it clear we're trying for something better here. https://news.ycombinator.com/newsguidelines.html
But they paid for the emission just like every other electricity consumer? Then who are we to determine the Hello World page is morally more wasteful than outdoor terrace heaters or advertising jumbo-trons?
I hear your argument. However, you assume CloudFlare pays taxes and utility rates comparable to what other customers pay. That is never the case with large businesses. CloudFlare seems to be less parasitic than others in the industry, but they are not doing this for the charity.
For example, in 2024 JPMorgan received a $77m subsidy to build a datacenter that created only one permanent job.
https://nysfocus.com/2026/04/20/data-center-tax-break-jpmorg...
1 reply →