Kaustubh Phatak is a seasoned product leader at AWS, driving strategy, execution, and GTM for cloud services serving global enterprises.
getty
Six months ago, I wrote about the AI bots crisis facing publishers: Traffic is plummeting, unauthorized scraping is surging and the industry is scrambling to protect its assets.
The problem of increasing bots hasn't been solved since then, but it has been inverted.
Last month, I watched a major retailer's security team block an AI agent that was trying to complete a legitimate purchase on behalf of a customer. Their bot-detection system worked perfectly. It identified non-human traffic and shut it down.
But should it have? The "bot" was a paying customer's personal shopping agent, authorized and authenticated, attempting to do exactly what the customer asked.
Bot traffic now exceeds human traffic on the internet, crossing 51% in 2025 according to Imperva's annual report. Many of these bots are legitimate and useful, but our entire security apparatus still operates on a binary model: human or threat. We've built a multi-billion-dollar industry around a question that's no longer the right one to ask.
For two decades, bot management meant one thing: detection. Identify the non-human traffic, challenge it, block it. CAPTCHAs, behavioral analysis, device fingerprinting and the entire toolkit assumes that identifying automation is synonymous with identifying threats.
Today's AI agents, however, are authorized representatives carrying credentials, budgets and user intent. Customer's travel agents can query airline APIs to book a flight. A procurement agent can negotiate pricing across three vendor portals simultaneously.
Yet most security teams have no category between "verified human" and "blocked bot," meaning legitimate automation can get caught in detection systems designed for a different era. At the same time, sophisticated threats are learning to mimic the behavioral patterns of authorized agents.
To solve this, security teams will need to shift philosophically from focusing on detection to focusing on diplomacy.
Think about how international relations work. Countries don't ask "Is this person foreign?" and block all foreigners. They verify identity, check credentials, confirm intent and grant scoped access. Diplomats get different permissions than tourists. Business travelers get different access than refugees.
Historically, bot detection has focused on the yes/no question: "Is this a bot?"
Today, security teams should be asking a more nuanced question: "Is this bot authorized to do what it's asking?"
Frameworks to address the evolving roles of bots are emerging, and there are mainly three competing approaches.
The first approach treats agent identity as an extension of API authentication. Google's Agent-to-Agent (A2A) protocol, Anthropic's Model Context Protocol (MCP) and Cloudflare's Web Bot Authentication framework all define how agents identify themselves to services. The biggest concern is that they do it incompatibly. Currently, the major "passport offices" don't recognize each other's documents.
The second approach pushes identity into DNS, the internet's existing trust layer. If every legitimate agent has a verifiable identity record at the DNS level, services can check credentials the same way browsers check SSL certificates today. The idea is that no new protocol would be required, only an extension of infrastructure that already handles billions of lookups daily.
The third approach skips identity entirely and focuses on economic signals. If an agent is willing to pay for access (through micropayments, token deposits or computational proof-of-work), that economic commitment itself becomes the trust signal. You don't need to know who the agent is if you know it has skin in the game.
Each approach has backers with deep pockets. The NIST has also launched a formal collaboration on agent identity standards in February.
Only time will tell how this will play out, but if you're a CTO or CISO, here's the practical reality: Your current bot management stack will need to account for legitimate bots in the near future. Here are three shifts to make now:
• 1. Create a third traffic category. Your systems likely classify traffic as "human" or "bot." Add "authorized agent" as a distinct category with its own policies, rate limits and access scopes. This can be the difference between blocking a customer's purchasing agent and completing a sale.
• 2. Invest in identity verification over behavioral detection. Behavioral analysis tells you what something is. Identity verification tells you who sent it and why. As AI agents become indistinguishable from humans in their browsing patterns (and they will, within months), identity will become more durable than behavioral detection.
• 3. Design for protocol plurality. Don't bet on a single agent identity standard winning. Build abstraction layers that can verify A2A Agent Cards, MCP credentials and DNS-based identity records.
Here's what most people miss: Up until this point, the conversation focused almost entirely on agents that read: content access, web scraping, information retrieval.
But as agents begin to act by booking flights, executing trades, signing contracts and deploying infrastructure, every one of those transactions requires trust. Not the "prove you're human" kind, but the "prove you're authorized, scoped, and accountable" kind.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。