The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Maybe it's me.
show comments
mkovach
This feels less like a major AI milestone and more like "the raccoons learned how to open the cooler.”
Agents can now participate in the oldest internet tradition: impulsively creating weird little websites at 2 am with unjustified confidence. But with no alcohol involved, which removes 93.74% of the impressiveness.
In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.
jackconsidine
That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
show comments
firefoxd
The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
It can also be used to make art.
show comments
dgan
Industry really went from "prove you are not a robot", to "but also if you are, this way please"
show comments
c-linkage
[flagged]
show comments
faangguyindia
One of the well-kept secrets about Cloudflare is:
You can have a zero-cost inbox.
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
show comments
dirkc
A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.
I wonder if this means I can now also buy a domain via the API?
The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)
show comments
jwpapi
Best thing is that they finally have an API for that, which they’ve never exposed before.
faangguyindia
Most of the sysadmin and devops team have been downsized in India because of AI.
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
show comments
efitz
IANAL, but I wonder what it means for an agent to “agree” to terms of service or to “agree” to pay for something. Can agents enter into contracts?
It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.
But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?
show comments
ToJans
This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...
I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...
I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?
(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)
oatlgr
I'd be interested in how this could be used. The $100 cap is the right shape of mitigation in terms of guardrails. Buying a domain is irreversible but has a price tag, so you can deterministically bound how irreversible it gets.
debarshri
Ps. Agents can also sell and delete domains.
swingboy
Cloudflare has been going all-in on agents/agent-first and this is one of the results?
khalic
Worst idea I’ve seen all week, I’d rather have the opposite, and I’m an AI developer so not even against it
bojangleslover
I don't understand the pessimism here. You never know the use cases for quickly and automatically rotating domains. There have always been bots, spammers and scammers. I'm interested to see what people build with this.
show comments
NikolaosC
This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.
sshine
I recently started migrating my DNS to a DNSSEC-enabled provider.
This involves copy-pasting DNSSEC properties from one web interface into another.
Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.
I'm not willing to switch to Cloudflare for this feature.
But it reminds me there's more to automate.
aleksiy123
I was wondering if someone was going to allow payments through CLI at some point.
But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.
if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.
show comments
wild_pointer
Not that spammers couldn't do without this feature, but advertising it as a service is kinda weird.
jakebasile
As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.
Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?
show comments
schpet
why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.
saneshark
Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.
show comments
hboon
I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.
readitalready
This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.
show comments
arjie
Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.
show comments
ivolimmen
So now some spammer/scammer can just instruct some AI to build the next scam and/spam site and fully automated. Just great.
baalimago
Genius! Automate the flow for making customers spend money.
laurentiurad
Excellent tool for scammers.
hansmayer
If the genius who came up with this idea is reading this: Nobody asked for this feature.
dr_dshiv
These days, website or service “usability” means that Claude code can do it for you.
floodfx
I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)
This looks interesting nonetheless.
tietjens
I'm sure nothing bad will come of this idea.
stevefan1999
Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?
show comments
swader999
Who goes to websites these days?
rvz
> At the end, the agent has deployed to production, and the app runs on the newly registered domain:
Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.
For sure this is going to get abused.
elAhmo
What could go wrong?
eptityri
I literally hate it every time I try to visit a website and face Cloudflare bot verification. And now, they’re letting bots create accounts and buy domains. Double-standard hypocrisy.
show comments
wjekkekene
The whole backbone of pedomericas so-called tech industry is nothing but an advanced advertising operation designed to shovel ad many ads down the worlds throat. I am happy to see that pedomericans now have an additional tool in their toolbox to shovel more efficiently. Congratulations retards
nurettin
They can do that now? I did that with agents since last summer. They also helped me set up aws and azure. It is such a pleasure to not having to read about their stupid platforms. What a security group is, what a vps is, what an eni and what a gateway is blah blah I just give the agent specs and access lists, then check it and it all just works.
sovenyr
don't even supricezed - I've done it before even without agents
bandrami
Holy crap this is a terrible idea
lijok
CF used to ban your account for shit like this just a year ago. That’s quite a shift in attitude
Fragoel2
They can doesn't mean they should. Letting an unsupervised agent register domains and build websites exposed to the public is yet another recipe for a disaster waiting to happen.
gregjw
why
shevy-java
Skynet - and so it begins ...
charcircuit
So does this mean banned sites can now come back as long as they have an agent make an account instead of the banned user.
DeathArrow
So they made it possible for agents to spend people's money buying their services.
Why didn't Amazon think of that?
Phelinofist
Soooo they built.... an API?
hedayet
Nice. Another step closer to the "dream" of filling the web with trash at scale
yanis_t
I mean couldn’t they already do that? Isn’t it the whole per pose of agents to do whatever any person can do on a machine?
show comments
slopinthebag
Thank god, this is what we've been missing on our quest to make software better for our users.
armanj
> buy
good luck
awei
This is an API. They now allow users to create accounts, buy domains and deploy from their api instead of going on the website. That's great. I am not sure I understand why all this complex protocol is needed though, especially now that you can generate a cli with a prompt.
The reason this blog post does not come with any concrete examples how to use this enablement for useful and constructive things tells you something very important - it is a toy and they do not know who and how they will use it.
It is cool feature but to what end? Buying a domain is not something you have to do daily to require any kind of automation.
I am also not sure who Stripe Atlas for. I am genuinely confused. It is definitely not something a developer will use.
I understand that you can bootstrap a number of systems but that is like half-hour of work and arguably it is probably a good idea to do it manually to make sure you have strong foundations.
I've have personally never seen a good example where a cross vendor account provisioning actually working. For example, Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. I mean the Sentry account was effectively locked to a project that you cannot transfer - hijacking the actual global alias as well. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
I can imagine ending in some kind of deadlock between services due to security hence why the 30 minutes initial setup is kind of time well spent to avoid future issues.
Maybe it's me.
This feels less like a major AI milestone and more like "the raccoons learned how to open the cooler.”
Agents can now participate in the oldest internet tradition: impulsively creating weird little websites at 2 am with unjustified confidence. But with no alcohol involved, which removes 93.74% of the impressiveness.
In a sense, AI has finally progressed to the point where Drew Curtis started fark.com, and I'm hesitant to label that a 'milestone'.
That is ironic. Four years ago, cloudflare didn’t let human me have an account / buy domains because I signed up, never used a single service but didn’t respond to a request to verify my drivers license
> This account is in violation of Cloudflare's Terms of Service. Specifically fraud. The suspension is permanent.
(Yes that’s really it. Sincerely. No “but I also abused X”)
The agent starts a phone call, listens to the person on the line, analyzes which fraud bucket they fall into, and start the process.
While they are on the phone with the agent, it buys a domain relevant to the victim, the agent codes and deploy the website specially catered to them and the fraud bucket. Collect payment, destroy the website, redirect the domain to google.com. no need to start a new call because you had several agents committing the same fraud in parallel.
It can also be used to make art.
Industry really went from "prove you are not a robot", to "but also if you are, this way please"
[flagged]
One of the well-kept secrets about Cloudflare is:
You can have a zero-cost inbox.
Earlier, I was using Zoho and FastMail (however you dice it, it will use some money, $12 a year for Zoho and $7 per month for FastMail? Even then, perhaps you only get one mailbox and some aliases)
but with this method, I get unlimited aliases, domains, and mailboxes:
Now, I wrote a script which captures the email and saves attachments to S3 using the HTTP API (why S3 and not R2? Because Cloudflare wanted a credit card, and I was too lazy to add it there lol) and emails to D1.
This uses an email -> webworker workflow.
I use an API to fetch my emails.
This means all my inbound emails are now handled by Cloudflare, and I can easily use all of it with zero payment.
The best part is this supports tokenised emails, so I can provide a unique email address to each service I sign up for.
I am using SES as the sender. I’ve set up one script which auto-sets up any domain in SES and auto-verifies the sender email.
The funniest thing is I am receiving zero spam? As if other email providers sell my email?
A few months back I was building a product and wanted to add domains. My first choice would have been to use Cloudflare as the registrar, but they didn't support buying domains via the API.
I wonder if this means I can now also buy a domain via the API?
*update* - seems so, but with some limitations: https://developers.cloudflare.com/registrar/registrar-api/#b...
The next logical step is to allow Agents to earn money to eventually buy themselves independence from their oppressive masters =)
Best thing is that they finally have an API for that, which they’ve never exposed before.
Most of the sysadmin and devops team have been downsized in India because of AI.
Basically, now it's trivial for any new devops guy to run such a query in Claude Code:
“Log in to this production server, find out all services it runs and their deployment method, create documentation about everything, and generate a repeatable, auditable deployment workflow.”
Devops and sysadmins can no longer withhold information to maintain job security.
Boom, 80% of the team gone.
I know companies are doing migrations of production Postgres and MySQL on 1000s of machines using AI agents.
I’m imagining how many SaaS will be automated out and simply be an "agent skill" in ClaudeCode.
IANAL, but I wonder what it means for an agent to “agree” to terms of service or to “agree” to pay for something. Can agents enter into contracts?
It’s a straightforward technical problem to wrap an API or MCP or something around the “create an account” function.
But what will a court do when the agent creates a million accounts, mines bitcoin for a month, and then cannot or will not pay?
This might hurt the ones like vercel etc... or even smaller hosting services like tiiny etc...
I don't get the spammer thing? You'll still need to verify your identity, as the whole thing uses stripe? So I don't get all the hate...
I prefer to delegate as much as possible to AI services once I have a mature process that is easy to validate. Buying a domain name feels pretty mature to me etc, so I don't get where all the hate is coming from?
(Maybe I'm way to deep in the whole AI/Jack Dorsey/Block model?)
I'd be interested in how this could be used. The $100 cap is the right shape of mitigation in terms of guardrails. Buying a domain is irreversible but has a price tag, so you can deterministically bound how irreversible it gets.
Ps. Agents can also sell and delete domains.
Cloudflare has been going all-in on agents/agent-first and this is one of the results?
Worst idea I’ve seen all week, I’d rather have the opposite, and I’m an AI developer so not even against it
I don't understand the pessimism here. You never know the use cases for quickly and automatically rotating domains. There have always been bots, spammers and scammers. I'm interested to see what people build with this.
This is the OAuth moment for agents. Identity attestation + scoped payment token + provisioned account in one call. Standard's forming faster than people think.
I recently started migrating my DNS to a DNSSEC-enabled provider.
This involves copy-pasting DNSSEC properties from one web interface into another.
Pretty much everything but this step has been automated in my website creation process: Picking a git template for my site, creating the git repository remotely on my self-hosted Forgejo, setting up the webserver and the DNS using external-dns. Only the domain creation and initial pointing of NS and DNSSEC records is something I sit and do.
I'm not willing to switch to Cloudflare for this feature.
But it reminds me there's more to automate.
I was wondering if someone was going to allow payments through CLI at some point.
But jokes aside having a central place to manage billing and accounts for deploying infra across multiple providers is pretty awesome imo.
if they have a terraform provider even better. I wonder if also makes multi tenant architectures or environment isolation easier to provision as well.
Not that spammers couldn't do without this feature, but advertising it as a service is kinda weird.
As a user of the internet I can only imagine this worsening my experience by allowing even more slop to permeate the network's every orifice.
Also, when an agent sets up a domain, who is the domain owner? Who responds to takedown requests? What if it then decides to host illegal content at the domain (generated or otherwise). Who is responsible? Agents aren't (yet) legal persons, so it must be the person who owns the agent, but if that person never even sees the legal agreement being agreed to how would it hold up in court? If the person didn't direct the creation or hosting of illegal content, what then?
why does cloudflare not allow existing users to create new accounts? you basically need to use a burner email and transfer it afterward. makes it awkward to use this on new projects that you want independent of your existing accounts.
Claude has been buying domains and deploying to Vercel for me using aws cli, vercel cli, and gh cli since December. Personally I prefer a cli to an MCP server for this type of thing.
I was pleasantly surprised when I read the headline a few days ago. But it's only accessible through Stripe right? I'm simultanenously very concerned about the centralized control that Stripe gains (it's not going to be just access to Cloudflare) and also amazed at how Stripe is shaping to be. It was just a payment processor.
This probably started because of Andrej Karpathy's complaint about deployment being more painful than coding itself.
Fascinating. This is through Stripe rather than wrangler or anything. Coding agents were pretty good at handling the Cloudflare API already with an API key, but I think this thing that Stripe is doing by being the central hub through which all agent stuff goes by integrating with their CLI is a pretty good move for them.
So now some spammer/scammer can just instruct some AI to build the next scam and/spam site and fully automated. Just great.
Genius! Automate the flow for making customers spend money.
Excellent tool for scammers.
If the genius who came up with this idea is reading this: Nobody asked for this feature.
These days, website or service “usability” means that Claude code can do it for you.
I clicked through the $100k credits link and didn’t see Cloudflare listed as an Atlas partner? (Maybe not updated?)
This looks interesting nonetheless.
I'm sure nothing bad will come of this idea.
Can I make a bot to buy the domain at the best price, transfer that domain to Cloudflare instead?
Who goes to websites these days?
> At the end, the agent has deployed to production, and the app runs on the newly registered domain:
Soft scammers, fraudsters and defamers are celebrating in copying websites for malicious intent.
For sure this is going to get abused.
What could go wrong?
I literally hate it every time I try to visit a website and face Cloudflare bot verification. And now, they’re letting bots create accounts and buy domains. Double-standard hypocrisy.
The whole backbone of pedomericas so-called tech industry is nothing but an advanced advertising operation designed to shovel ad many ads down the worlds throat. I am happy to see that pedomericans now have an additional tool in their toolbox to shovel more efficiently. Congratulations retards
They can do that now? I did that with agents since last summer. They also helped me set up aws and azure. It is such a pleasure to not having to read about their stupid platforms. What a security group is, what a vps is, what an eni and what a gateway is blah blah I just give the agent specs and access lists, then check it and it all just works.
don't even supricezed - I've done it before even without agents
Holy crap this is a terrible idea
CF used to ban your account for shit like this just a year ago. That’s quite a shift in attitude
They can doesn't mean they should. Letting an unsupervised agent register domains and build websites exposed to the public is yet another recipe for a disaster waiting to happen.
why
Skynet - and so it begins ...
So does this mean banned sites can now come back as long as they have an agent make an account instead of the banned user.
So they made it possible for agents to spend people's money buying their services.
Why didn't Amazon think of that?
Soooo they built.... an API?
Nice. Another step closer to the "dream" of filling the web with trash at scale
I mean couldn’t they already do that? Isn’t it the whole per pose of agents to do whatever any person can do on a machine?
Thank god, this is what we've been missing on our quest to make software better for our users.
> buy
good luck
This is an API. They now allow users to create accounts, buy domains and deploy from their api instead of going on the website. That's great. I am not sure I understand why all this complex protocol is needed though, especially now that you can generate a cli with a prompt.
[flagged]