Agents can now create Cloudflare accounts, buy domains, and deploy

The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.

It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.

I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.

I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.

I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.

I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.

Maybe it's me.

The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.

While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.

It can also be used to make art.

That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license

> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.

(Yes that’s really it. Sincerely. No “but I also abused X”)

This feels less like a major AI milestone and more like "the raccoons learned how to open the cooler.”

Agents can now participate in the oldest internet tradition: impulsively creating weird little websites at 2 am with unjustified confidence. But with no alcohol involved, which removes 93.74% of the impressiveness.

In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.

Industry really went from "prove you are not a robot", to "but also if you are, this way please"

Just woke up to this. Not sure if I’m reading this right. So this is the same company that puts up Captcha pages all over the internet?

Infrastructure provisioning is a key ingredient of agentic AI viruses: https://www.ericburel.tech/blog/ai-virus-agent This may be the first steps of the worst wave of spamming campaign ever seen on the Internet. We'll need to reinvent how we connect and communicate via computers.

One of the well-kept secrets about Cloudflare is:

You can have a zero-cost inbox.

Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)

but with this method, I get unlimited aliases, domains, and mailboxes:

Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.

This uses an email -> webworker workflow.

I use an API to fetch my emails.

This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.

The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.

I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.

The funniest thing is I am receiving zero spam? As if other email providers sell my email?

A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.

I wonder if this means I can now also buy a domain via the API?

*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...

The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)

I don't know how I feel about AI agents being able to buy domains, this is just going to enable domain squatters

Is it possible to block the agents from deleting domains? I’m comfortable with the risks of everything else, but I don’t want to give ai unfettered access to my cloudflare accounts because I don’t want to give it the ability to remove or delete domains.

Most of the sysadmin and devops team have been downsized in India because of AI.

Basically, now it's trivial for any new devops guy to run such a query in Claude Code:

“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”

Devops and sysadmins can no longer withhold information to maintain job security.

Boom, 80% of the team gone.

I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.

I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.

I got early access to Stripe Projects, the initialization didn't work very well. I emailed Rami (the lead of the Projects team) two weeks ago and he put his team on it. I waited for 5ish days and asked composer 2 to diagnose, it found the problem and let me know. I sent it to Rami and haven't really heard back any real progress on the bug after some follow up requests. Haven't tried it since though, might've been fixed.

Edit: composer 2 found a way to fix the initialization by setting an environment variable and it worked after doing that, but the docs didn't say to set the variable and Rami didn't know I should do that, so it is a bug

Best thing is that they finally have an API for that, which they’ve never exposed before.

sounds great! good luck!

IANAL, but I wonder what it means for an agent to “agree” to terms of service or to “agree” to pay for something. Can agents enter into contracts?

It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.

But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?

This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...

I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...

I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?

(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)

Ps. Agents can also sell and delete domains.

Oh good...

Now they can make websites full of info to back up their misinformation.

Which will feed future generations of AI.

Finally we are back to "You can't believe everything you read online".

Wow, the amount of reactionary doomsaying in this thread is offputting. I built the Stripe Projects agentic provisioning integration (what this post is about) at Inngest and when I saw it actually work in action I thought it was actually kind of magical. Basically, hey agent, use my stripe account to provision a pro plan at Inngest, build me an app and deploy it. The agent does it and logs me into the Inngest dashboard. Agentic provisioning seems inevitable given the way we work now, and deferring to Stripe for kyc seems a reasonable way to do it.

As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.

Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?

I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.

I was wondering if someone was going to allow payments through CLI at some point.

But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.

if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.

Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.

I recently started migrating my DNS to a DNSSEC-enabled provider.

This involves copy-pasting DNSSEC properties from one web interface into another.

Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.

I'm not willing to switch to Cloudflare for this feature.

But it reminds me there's more to automate.

AI slop officially enters its .com era

why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.

This is good for spammers and bots. They can automate creating websites, pay Cloudflare. Others pay Cloudflare to protect them from spammers and bots (and misidentified humans)

The more chaos on the Internet, the more Cloudflare earns. It is a horrible company.

They are still losing money unlike Akamai, so there is hope they go bankrupt.

I'd be interested in how this could be used. The $100 cap is the right shape of mitigation in terms of guardrails. Buying a domain is irreversible but has a price tag, so you can deterministically bound how irreversible it gets.

Not that spammers couldn't do without this feature, but advertising it as a service is kinda weird.

I don't understand the pessimism here. You never know the use cases for quickly and automatically rotating domains. There have always been bots, spammers and scammers. I'm interested to see what people build with this.

Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.

This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.

This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.

Worst idea I’ve seen all week, I’d rather have the opposite, and I’m an AI developer so not even against it

Cloudflare has been going all-in on agents/agent-first and this is one of the results?

Cloudflare seems to be on a streak, boasting about new capabilities that are only useful for mass spam. When can we start blocking them for deliberately harboring spam?

Genius! Automate the flow for making customers spend money.

If the genius who came up with this idea is reading this: Nobody asked for this feature.

I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)

This looks interesting nonetheless.

These days, website or service “usability” means that Claude code can do it for you.

Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?

Cannot unsee it that in their own video demonstration they prompt the agent to deploy to domain name of "superseal.club" and agent grabs superseal.cc instead.

Bruh.

Who goes to websites these days?

> At the end, the agent has deployed to production, and the app runs on the newly registered domain:

Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.

For sure this is going to get abused.

I'm sure nothing bad will come of this idea.

Excellent tool for scammers.

This feels less like a major AI milestone and more like "the raccoons learned how to open the cooler.”

In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.

A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.

I wonder if this means I can now also buy a domain via the API?

*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...

Best thing is that they finally have an API for that, which they’ve never exposed before.

Ps. Agents can also sell and delete domains.

This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...

I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...

(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)

I recently started migrating my DNS to a DNSSEC-enabled provider.

This involves copy-pasting DNSSEC properties from one web interface into another.

I'm not willing to switch to Cloudflare for this feature.

But it reminds me there's more to automate.

This is good for spammers and bots. They can automate creating websites, pay Cloudflare. Others pay Cloudflare to protect them from spammers and bots (and misidentified humans)

The more chaos on the Internet, the more Cloudflare earns. It is a horrible company.

They are still losing money unlike Akamai, so there is hope they go bankrupt.

Not that spammers couldn't do without this feature, but advertising it as a service is kinda weird.

This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.

Worst idea I’ve seen all week, I’d rather have the opposite, and I’m an AI developer so not even against it

Cloudflare has been going all-in on agents/agent-first and this is one of the results?

Genius! Automate the flow for making customers spend money.

If the genius who came up with this idea is reading this: Nobody asked for this feature.

I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)

This looks interesting nonetheless.

These days, website or service “usability” means that Claude code can do it for you.

Cannot unsee it that in their own video demonstration they prompt the agent to deploy to domain name of "superseal.club" and agent grabs superseal.cc instead.

Bruh.

Who goes to websites these days?

> At the end, the agent has deployed to production, and the app runs on the newly registered domain:

Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.

For sure this is going to get abused.

I'm sure nothing bad will come of this idea.

Excellent tool for scammers.

It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.

I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.

I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.

I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.

Maybe it's me.

The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.

It can also be used to make art.

I thought this was excessive and impossible, but as I was reading, I realized nowadays everything you say is technically possible. The future gives me the chills.

Some would argue, forcefully at that, that AI cannot make art and/or cannot be used to make art.

What I saw was Transmetropolitan setup, where Hole renews their presence online every 5 minutes or so to avoid government censor.

> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.

(Yes that’s really it. Sincerely. No “but I also abused X”)

This conflict is popping up everywhere. There is a push by a lot of companies to allow agentic use of their services (and new companies explicitly offering "X for agents"), ignoring the fact that "agent" means the same thing as "bot" which we've spent the last couple of decades actively filtering out. Will be interesting to see how it plays out.

> By agreeing to these Terms, you represent and warrant to us: (i) that you have not previously been suspended or removed from the Websites and Online Services

CloudFlare ToS has you covered. A human must accept it, even with the new agentic flow.

"Prove that you are a human" is such a nasty hack for lack of thought out solution for rate limiting. I'm really happy we are moving away from this.

Industry really went from "prove you are not a robot", to "but also if you are, this way please"

This is Cloudflare. They have an extremely strong incentive to increase bot usage. If there is no bot scrapping the internet they'll be out of business.

About goddamn time. The recent past consisted of discord blocking me because their telemetry was broken and exceeded their rate limit and target blocking me because two devices in a single household look really suspicious.

I mean, Cloudflare will help website owners ban scrapers unless they pay. It’s kind of what they do.

How? Getting domains has never been a barrier for malicious actors. You don’t even need agents.

Reminds me of an article from The Onion from this morning: https://theonion.com/taking-advantage-of-other-people-was-th...

Have you talked to Andreesen Horowitz yet? That elevator pitch alone should get you a few million.

One of the well-kept secrets about Cloudflare is:

You can have a zero-cost inbox.

Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)

but with this method, I get unlimited aliases, domains, and mailboxes:

This uses an email -> webworker workflow.

I use an API to fetch my emails.

This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.

The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.

I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.

The funniest thing is I am receiving zero spam? As if other email providers sell my email?

That's not a well kept secret, that's just a workflow that almost nobody would accept for their email setup which is the center of most people's digital identify and should always work and not be a duct taped construct to save a couple of bucks.

On a related note they opensourced an email client: https://github.com/cloudflare/agentic-inbox

cf bought an email security company a couple years ago so wouldn’t shock me they have good spam filtering.

There’s a completely free tier of Zohomail which does more than what I need for a custom email.

That's pretty neat! What do you use to send and receive emails on your phone?

The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)

Like the Delamain AI in Cyberpunk. You would need to allow anonymous payments with cryptocurrencies for that, but it's coming for sure.

Most of the sysadmin and devops team have been downsized in India because of AI.

Basically, now it's trivial for any new devops guy to run such a query in Claude Code:

“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”

Devops and sysadmins can no longer withhold information to maintain job security.

Boom, 80% of the team gone.

I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.

I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.

Can you support this claim with some evidence? Not just about the redundancies, but I’m also particularly interested in hard data showing Claude is capable of doing that kind of research with near 100% verifiable accuracy and migrations with no data loss and equivalent functionality (which is required to sustain your claim).

> Devops and sysadmins can no longer withhold information to maintain job security.

I can't imagine this is very prevalent. That's a very 2004-style corporate immaturity; I get the sense that even the slow-moving behemoths of the software world have mostly caught up to, say ... 2017's recognition of the importance of automation and reproducibility and won't tolerate the kind of malpractice you describe--wilful information siloing by infrastructure teams.

Like, those businesses might well suck at automation! But they've been doing it and firing the people who resist it for a long while now.

Epic. Can't wait for those humans to be rehired after you find out that letting Claude perform 1000s of migrations autonomously is a bad idea

What about the 80% of teams? Are there enough trenches to dig in the country for them to make a living?

Only downsized? I would expect them to cease to exist entirely in the coming years, as western companies begin to realize that AI is cheaper and more competent than the Indian firms they usually outsource work to.

And when it goes wrong, production is down, until they can get a real devops to look at what shit the AI-only guys did wrong. Haha, no serious shop would act like that, but then again most shops are not serious, now are they? So you might have a point.

You forgot "make no mistakes" and "don't hallucinate" and "don't delete any important files" as well, those are important.

I found that, without that, Claude makes too many critical mistakes.

IANAL, but I wonder what it means for an agent to “agree” to terms of service or to “agree” to pay for something. Can agents enter into contracts?

It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.

But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?

> I wonder what it means for an agent to “agree” to terms of service

It's already not clear what it means for humans to do it, but it doesn't prevent every single service from asking it. At least an AI has a chance to ingest it all.

As someone not well versed in these topics, would you mind helping me understand how this is different than an MCP for your onboarding & account provisioning APIs.

As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.

Humans will not win in court with a "but the agent did it, I had no idea" argument. Just look at how the cases against OAI are going, and that's where families lose a loved one. There's not going to be any sympathy when your agent committed fraud on your behalf.

And it's not like pro agent companies have a reason to self regulate. They're not going to absorb that liability voluntarily, they'll push it onto users contractually (most of them already do). This is just another channel to bring in customers. They will capitalize ruthlessly to increase their bottom line.

Interesting questions you bring up. Especially the legal ramifications as to how it would fully work within current legal framework. I suppose there would be a broad disclaimer and agreement one would have to agree to that would state that users of the service are ultimately responsible to monitor and ensure websites deployed by agents comply with local laws. Ultimately I assume that since it is not the agent who pays but a registered user that the user would own the site. And that the legal agreement would be agreed to beforehand so it is legally binding.

I was wondering if someone was going to allow payments through CLI at some point.

But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.

if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.

Wait until one account is banned, and then all linked accounts are permanently banned.

Buying the domain is the key here.

Maybe something like this?

AI agent calls a human on their phone (even engage in an email chain), whilst talking to the human they analyse the likelyhood of diffferent fraud vectors, and choose the most likely one to work on this particular victim. Whilst keeping the human talking in chit chat to raise their confidence levels, in the background it buys a domain which fits the users fraud profile, and quickly makes a basic website on it. Maybe its a fake login page, maybe it just hosts malware, who knows at this point. The agent then emails the user from a mailbox on the new domain which directs the user to the new domain and commits the fraud. The email from the domain ties up with what the agent is saying on the phone, so it all looks legit to the human. Immediately after the call it deletes the website, directs the new domains dns to blackhole and discards it from its posession.

This is all possible right now. I am also interested to see what is built with this technology in the future, but interested in a very worried way.

Well, let me guess... even more bots and new agentic spammers and scammers?

Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.

Are any of these domains public? I’d love to study and better understand the use case for needing to AIify this.

This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.

Yes I'm sure that whenever Andrej Karpathy complains, the market reacts. By the way, remind me who Andrej Karpathy is?

Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?

Cloudflare's prices are already close to unbeatable. They basically resell at cost. But there's nothing stopping you from doing that if you want.

Perfect for spammers, scammers and domain squatters, who can now automate their activities even more.

Can’t think of any other uses for this given the current state of LLM ‘agents’, though I can’t wait for the next report of something like ‘openclaw registered 1000 domains for me without asking and now cloudflare won’t refund me’.

I think this post needs to be put in context, for months now Cloudflare has been releasing products that allow their whole platform to be usable by agents with the main objective of enabling their customers to dynamically write code using Cloudflare, this is just another step.

For example, you can now with Artifacts and Dynamic Workers make a lovable-style SaaS where your customers ask the AI agent to write software for them, the agent can run it in sandboxes with no build step, it can version it with a git-compatible API, and now you can even have it buy a domain for the end customer or set up their own cloudflare account when they want to move to production.

I personally have no use case for creating domains via agents, but some of the other features they're releasing around this area are extremely useful and I've started to ship internal tools for my clients where they are used, like giving them their own mini claude code that only does one thing – one I shipped last week was an agentic interface for Salesforce reports that understands their domain better (and all the undocumented tech debt) than the built-in Salesforce AI does and therefore manages the context better

> I am also not sure who Stripe Atlas for.

It's for founders who don't have lawyers. My co-founder and I are both developers, we used Stripe Atlas to incorporate a C-Corp due to expecting to fundraise <1 year after incorporation. Stripe Atlas generates about 200 pages of legal boilerplate documents with very sane defaults so that your corporate structure, bylaws, IP protections, director indemnity, etc. align well with investor expectations. It helps investors not have to "rules-lawyer" all your corporate records during due-diligence, because their content exactly matches YC's expectations.

-------

I said we made a C-Corp but other founders should default to LLC, which Stripe Atlas can also streamline. An LLC is superior to C-Corp in pretty much every way for any pre-raise founders who don't have an extra $2,000 to >$10,000/year they're willing to part with for higher franchise taxes, "foreign" (different state) corporation registration, CPA's, and additionally lawyers if any investments aren't YC SAFE's (e.g. not YC, Neo, or A16Z SpeedRun).

Also note that for pre-revenue C-Corps, Delaware franchise taxes are scaled against number of shares, not company revenue or # of employees, so you can save some money by forming your company with 1,000,000 shares and then file a "Unanimous action of the board of directors" to increase it to 10,000,000 just before angel/pre-seed/seed round, and potentially save a few hundred dollars on your first year franchise taxes, depending on when you incorporate and raise. But if a few hundred dollars makes a difference to you, incorporating as an LLC instead of a C-Corp is the only defensible decision.

And as always, start your taxes 3-4 months before they're due. If you want a CPA to do them (which you should if you have any revenue), you'll need to retain them way ahead of time for C-Corps. If you're filling tax forms out yourself, you'll want to start at least a month before they're due.

People use agents to deploy sites all the time. Buying a domain is part of that if you want to build a site that's beyond a toy. Allowing agents to do a task isn't just for things you do every day – it's also for things you do rarely and need agents' help. It's not just devs using agents to perform these sort of tasks anymore.

Stripe Atlas makes it massively easier for startups to incorporate in Delaware. This is particularly hard for non-US founders. It solves a real problem. I don't think this part will be done by agents though!

Disclaimer: I work at Cloudflare but not on this

> I've have personally never seen a good example where a cross vendor account provisioning actually working.

That's not what this is though, is it? In other words, isn't the (anti-)pattern you describe an argument in favor of agents setting up your accounts instead?

You can tell your agent to buy the domain at registrar x, manage DNS at y (and maybe configure DDoS protection and CDN), and host your content at z, and if the agent is good enough, you don't even need to understand the details.

You end up with individual credentials for each service, rather than a web of account relationships managed by a single "portal" SaaS.

My biggest hesitation with these things is that there is no limit to the possible bill I may receive when the agent goes haywire. Cloudflare doesn’t see this as a problem of course.

I’m not saying that you’re wrong.

But it’s worth noting that any good technology starts off being called a toy and with most people not being able to imagine its usefulness.

I am curious. Say, cloudflare let's Mr doofus run 4 agents from AI provider X. Those agents go on to create a pyramid scheme, prompted or not(both cases are interesting to me). The agents are running code in infrastructure owned by a third party cloud provider. The law catches up with the bots many years later after people lose a couple million. Who is at fault?

I think cloudflare is in the clear. Mr doofus could argue that the AI company allowed or enabled the crime which they otherwise wouldn't have done. Or Mr doofus could claim his prompts shouldn't have lead to that outcome and that wasn't his intent at all. Making the bots at fault, but not the AI company I guess?

> I am also not sure who Stripe Atlas for.

This was such a weird mention to see in the article. Stripe Atlas is a service that helps new businesses incorporate and onboard onto Stripe/partner services with some startup credits. It's been around forever, has nothing to do with AI, and is generally a very well-respected service.

I assume the constructive use case is some non-techy person asking ChatGPT.

> Hey, please make me a website about my dog woofy. Give it the link myfluffywoofy.dog ;) Thank you!