The hottest acronym in enterprise security right now is KYA: Know Your Agent. Modeled on the KYC checks banks run on customers, it gives AI agents verified identities, scoped permissions, runtime guardrails, and audit trails. Gartner expects 40 percent of enterprise applications to embed task-specific agents by the end of this year, up from under 5 percent in 2025, and an entire compliance industry is assembling itself around that curve.
For what it covers, KYA is genuinely good. If an AI agent can move money, change payroll details, or sign contracts, it should absolutely be credentialed, constrained, and logged. Nobody seriously disputes this.
But the industry is treating KYA as the answer to a much bigger question, and it isn't. The question is whether the internet's social spaces, the places where humans talk to each other, remain human at all. And on that question, a corporate bot registry is worse than useless. It's a comfort blanket.
The category error
KYA verifies agents that want to be verified. An enterprise deploys an agent, registers it, scopes its permissions, and monitors its behavior, because the enterprise has every incentive to do so. The agent is a known employee with a badge.
The agents hollowing out social media are not applying for badges. The astroturf operation flooding a subreddit, the engagement farm inflating a product launch, the influence network shaping a political conversation: none of these will ever show up in a registry, for the same reason spammers never filled out the abuse-contact form. Registration-time verification only ever catches the participants who were never the problem.
This is the same mistake the identity-verification industry has been making about humans for a decade, now repeated for machines. The theory says that if we can just verify who everyone is at the door, the room stays trustworthy. The practice says that the door is not where trust lives.
Meanwhile, the room is already crowded. The 2025 Imperva Bad Bot Report found that automated traffic surpassed human activity for the first time, reaching 51 percent of all web traffic, with malicious bots alone accounting for 37 percent. The machines are now the majority. This is the "dead internet" people joke about, except the numbers stopped being a joke a while ago. The dead internet isn't a theory about the future. It's a measurement of the present.
Detection already lost
The standard response is detection: get better at telling humans from bots. That arms race is over, and detection lost.
CAPTCHAs were the front line, and the front line fell. A UC Irvine-led study presented at USENIX Security tested 1,400 people against automated solvers on real-world CAPTCHAs: the bots scored 85 to 100 percent accuracy, most above 96 percent, while humans managed 50 to 85 percent. The test designed to tell computers and humans apart now flags the humans. Behavioral fingerprinting, typing-cadence analysis, device signals: every detection technique becomes training data for the next generation of evasion. Frontier language models now write posts, replies, and arguments that are indistinguishable from human writing, because being indistinguishable from human writing is precisely what they were optimized for. You cannot build a filter for content whose defining property is that it passes filters.
So we have three proposed answers to the bot problem, and all three fail the same way. Detection fails because the machines win the imitation game. Registries fail because bad actors don't register. And identity verification, the surveillance industry's preferred answer, fails twice: it doesn't stop a verified human from running a thousand machine accounts behind their government ID, and it destroys the pseudonymity that makes honest speech possible for whistleblowers, dissidents, patients, and anyone whose opinions could cost them a job. We would be trading away privacy and getting nothing back.
Two layers, one distinction
Part of the confusion is that "AI in social media" is actually two different questions, and they have opposite answers.
The first is the content layer: AI helping a human write a post, polish an argument, generate an image. This is fine. A human chose to publish it, and a human stands behind it. Word processors didn't make writing inauthentic and neither does this.
The second is the discourse layer: the replies, the votes, the reactions, the back-and-forth that tells you what other people think. This is where machine participation is fatal, because the entire value of discourse is that it aggregates human judgment. A machine opinion isn't a low-quality opinion. It's a counterfeit, in the precise sense that counterfeiting works: it devalues every genuine unit in circulation. When you can't tell whether the pushback on your idea came from a person or a script, the rational move is to stop listening, and a social space where nobody listens is dead regardless of how much traffic it shows.
KYA has nothing to say about the discourse layer. It was never designed to.
Accountability is a chain, not a checkpoint
If verification at the door doesn't work, what does? The oldest trust technology humans have: references.
Before databases, communities solved exactly this problem through social lineage. You got the job, the apartment, the loan, the membership because someone put their name behind you, and that person's standing rose or fell with how you behaved afterward. Accountability wasn't a checkpoint you passed once. It was a chain of human relationships that persisted for as long as you participated, and every link in the chain had skin in the game.
That structure has properties no registry can replicate. It scales only at human speed, because each new member costs an existing member a real stake, which is precisely the property that makes bot armies uneconomical. It pushes enforcement to the people with the most context, the ones who gave the reference. And, critically, it separates accountability from identity. The chain doesn't need to know your legal name to know that a specific human, with a reputation on the line, stands behind you. Accountability and anonymity are not opposites. They only look like opposites if you assume trust has to be issued by an institution instead of carried by relationships.
This isn't nostalgia. It's an architecture, and it's buildable: networks where every account traces back through an unbroken chain of human references, where reputational consequences flow up the chain by algorithm, and where the discourse layer is reserved for participants a human has put their name behind. That structure deserves a name. I call it a TrustChain.
KYA will succeed at what it was built for, and enterprises should adopt it. But we should stop pretending a compliance checklist for corporate agents addresses the hollowing-out of human conversation online. You cannot stop rogue agents at registration time. You have to build the foundation underneath the conversation, and that foundation is a TrustChain: humans who answer for each other.
Top comments (0)