robots.txt for AI Training: How to Build a Selective Policy
To restrict AI training access, identify each provider’s exact training or dataset token and disallow it in a dedicated robots.txt group. Keep search crawlers in separate allowed groups, treat product-control tokens such as Google-Extended according to their documentation, and use authentication or server-side controls when access must be enforced.
A useful policy begins with purpose, not a copied block list. Some agents crawl material that may contribute to model development, some build searchable indexes, and others fetch a page after a user asks a question. Blocking all agents associated with an AI company can unnecessarily remove search citations or user-requested access.
Create a short inventory of the exact published tokens that matter to your content. Examples include GPTBot for OpenAI model development and ClaudeBot for Anthropic model development. Dataset crawlers such as CCBot may also be relevant to a broader data-use policy. Product controls such as Google-Extended and Applebot-Extended require separate interpretation because they are not ordinary standalone crawler identities.
Use exact groups instead of a global shutdown
Place each restricted token in its own group so your intent is visible and maintainable:
A global rule such as User-agent: * Disallow: / requests that every compliant crawler stop, including Googlebot, Bingbot, AI search crawlers, monitoring tools, and other services. That is rarely the intended result for a public site.
Preserve discovery routes explicitly
If you want public content to remain discoverable in search and AI answers, keep search-oriented agents open in separate groups:
Provider documentation can change, so do not assume that every bot name containing “AI” is used for training. Review the current purpose before adding a restriction.
Handle user-triggered agents separately
Agents such as ChatGPT-User, Claude-User, and Perplexity-User act in response to a person. Their providers may state that robots.txt does not apply or may not reliably apply to these requests. Decide whether user-requested retrieval supports your audience, but do not rely on robots.txt when the content must be technically inaccessible.
Understand what the file can and cannot do
The Robots Exclusion Protocol is an advisory standard for automatic clients. It is not authorization, copyright enforcement, or a private-content barrier. A compliant crawler can honor your preference; an unidentified scraper can ignore it. Use login requirements, signed URLs, rate limiting, bot management, or contractual controls where appropriate.
Publish, validate, and maintain the policy
Serve one robots.txt file at the root of each host and protocol you control.
Can robots.txt guarantee that my content is not used for AI training?
No. It communicates a preference to compliant agents. It does not prevent a crawler from ignoring the file, using previously obtained material, or receiving content through another authorized source.
Should I block every bot operated by an AI company?
Usually not. Providers often separate training, search-discovery, and user-requested agents. Blocking every token can reduce citations, search visibility, or features that a person explicitly requested.
Are Google-Extended and Applebot-Extended normal crawlers?
They are product-use control tokens rather than ordinary standalone crawler identities. Follow the provider’s current documentation and do not expect a separate matching HTTP user agent in logs.
Why keep Googlebot and Bingbot allowed?
They support ordinary search discovery. Blocking them can damage search visibility and is broader than an AI-training opt-out.
What should protect private or licensed content?
Use server-side authorization, authentication, paywalls, signed access, rate limits, WAF or bot-management controls. Robots.txt is not a security mechanism.
We use essential storage for security and core features. With your permission, we may also use analytics and advertising technologies. Rejecting optional technologies does not block access to the site.
Non-essential categories are off unless you choose to enable them. You can return to these settings at any time from the footer.
Global Privacy Control is active.Your browser has requested an opt-out from sale, sharing, and targeted advertising. Advertising remains disabled.
Strictly necessary
Supports security, server sessions, form protection, administrator sign-in, and remembering your privacy choice.
Analytics
Allows Google Analytics to measure visits and interactions so the site can be improved. It is not loaded before permission.
Advertising and cross-site measurement
Allows advertising technologies when they are configured. This may involve ad delivery, fraud prevention, measurement, personalization, or cross-context advertising.
Your choice is stored for 180 days using a first-party preference cookie. A material policy change can ask you to choose again.