惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
S
Secure Thoughts
月光博客
月光博客
美团技术团队
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
W
WeLiveSecurity
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
爱范儿
爱范儿
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recent Announcements
Recent Announcements
Webroot Blog
Webroot Blog
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
罗磊的独立博客
The Register - Security
The Register - Security
Blog — PlanetScale
Blog — PlanetScale
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog
腾讯CDC
Microsoft Azure Blog
Microsoft Azure Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
IT之家
IT之家
D
DataBreaches.Net
博客园 - 司徒正美
N
Netflix TechBlog - Medium
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Why Security Teams Should Shift From Bot Detection To Bot Diplomacy
Kaustubh Phatak · 2026-05-28 · via Forbes - Innovation

Kaustubh Phatak is a seasoned product leader at AWS, driving strategy, execution, and GTM for cloud services serving global enterprises.

getty

​Six months ago, I wrote about the AI bots crisis facing publishers: Traffic is plummeting, unauthorized scraping is surging and the industry is scrambling to protect its assets.

The problem of increasing bots hasn't been solved since then, but it has been inverted.

Last month, I watched a major retailer's security team block an AI agent that was trying to complete a legitimate purchase on behalf of a customer. Their bot-detection system worked perfectly. It identified non-human traffic and shut it down.

But should it have? The "bot" was a paying customer's personal shopping agent, authorized and authenticated, attempting to do exactly what the customer asked.

Bot traffic now exceeds human traffic on the internet, crossing 51% in 2025 according to Imperva's annual report. Many of these bots are legitimate and useful, but our entire security apparatus still operates on a binary model: human or threat. We've built a multi-billion-dollar industry around a question that's no longer the right one to ask.​

Why The Binary Model Is Broken

​​For two decades, bot management meant one thing: detection. Identify the non-human traffic, challenge it, block it. CAPTCHAs, behavioral analysis, device fingerprinting and the entire toolkit assumes that identifying automation is synonymous with identifying threats.​

Today's AI agents, however, are authorized representatives carrying credentials, budgets and user intent. Customer's travel agents can query airline APIs to book a flight. A procurement agent can negotiate pricing across three vendor portals simultaneously.

Yet most security teams have no category between "verified human" and "blocked bot," meaning legitimate automation can get caught in detection systems designed for a different era. At the same time, sophisticated threats are learning to mimic the behavioral patterns of authorized agents.​​

​From Detection To Diplomacy​

To solve this, security teams ​will need to shift philosophically from focusing on detection to focusing on diplomacy.

Think about how international relations work. Countries don't ask "Is this person foreign?" and block all foreigners. They verify identity, check credentials, confirm intent and grant scoped access. Diplomats get different permissions than tourists. Business travelers get different access than refugees.​

Historically, bot detection has focused on the yes/no question: "Is this a bot?"

Today, security teams should be asking a more nuanced question: "Is this bot authorized to do what it's asking?"​​​

Three Embassies, No Common Language

Frameworks to address the evolving roles of bots are emerging, and there are mainly three competing approaches​.

The first approach treats agent identity as an extension of API authentication. Google's Agent-to-Agent (A2A) protocol, Anthropic's Model Context Protocol (MCP) and Cloudflare's Web Bot Authentication framework all define how agents identify themselves to services. The biggest concern is that they do it incompatibly. Currently, the major "passport offices" don't recognize each other's documents.

The second approach pushes identity into DNS, the internet's existing trust layer. If every legitimate agent has a verifiable identity record at the DNS level, services can check credentials the same way browsers check SSL certificates today. The idea is that no new protocol would be required, only an extension of infrastructure that already handles billions of lookups daily.

The third approach skips identity entirely and focuses on economic signals. If an agent is willing to pay for access (through micropayments, token deposits or computational proof-of-work), that economic commitment itself becomes the trust signal. You don't need to know who the agent is if you know it has skin in the game.​

Each approach has backers with deep pockets. The NIST has also launched a formal collaboration on agent identity standards in February.

Only time will tell how this will play out, but if you're a CTO or CISO, here's the practical reality: Your current bot management stack will need to account for legitimate bots in the near future. Here are three shifts to make now:

1. Create a third traffic category. Your systems likely classify traffic as "human" or "bot." Add "authorized agent" as a distinct category with its own policies, rate limits and access scopes. This can be the difference between blocking a customer's purchasing agent and completing a sale.

• 2. Invest in identity verification over behavioral detection. Behavioral analysis tells you what something is. Identity verification tells you who sent it and why. As AI agents become indistinguishable from humans in their browsing patterns (and they will, within months), identity will become more durable than behavioral detection.

• 3. Design for protocol plurality. Don't bet on a single agent identity standard winning. Build abstraction layers that can verify A2A Agent Cards, MCP credentials and DNS-based identity records. ​

The Publisher Update​

​Here's what most people miss: Up until this point, the conversation focused almost entirely on agents that read: content access, web scraping, information retrieval.

But as agents begin to act by booking flights, executing trades, signing contracts and deploying infrastructure, every one of those transactions requires trust. Not the "prove you're human" kind, but the "prove you're authorized, scoped, and accountable" kind.​ ​​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?