I wrote this piece in early 2024. At the time, there was not as much conversation about AI Agents as there is now, but it was very clear that agents will have a major impact on daily life and work.
A disclaimer: I am not an expert on AI nor do I claim to be; some (or many) of the thoughts in this piece have become commonplace.
AI Agent Authentication Problem
Note: Platform and Website are used interchangeably. This refers to websites, products, stores that exist on the web. Really any website.
AI agents are already enhancing or entirely replacing jobs in the business world. In the future, it’s likely AI agents will play a major role in individuals’ personal lives. Figure recently shared that it’s ‘launching its robots in the home;’ Tesla’s Elon Musk has repeatedly shared his vision for a future where every home has its own Tesla Robot, executing tasks on behalf of the homeowner. Whether it’s picking up groceries and swiping a credit card, or taking your dog to the groomer, AI agents and robots will transform the lives of all humans and the physical streets of the world.
What’s (maybe) less spoken about is how AI agents will transform web traffic. Sooner rather than later, every individual will have an AI assistant that completes personal tasks for them on the web. Booking a flight and planning a trip itinerary, building a budget spreadsheet, making loan payments, or reserving a table at your favorite restaurant will likely all be done by an agent that you direct through a single app or interface. In this future, it’s not unreasonable to believe that practically all web traffic and actions taken on the web will come from bots and agents, not humans. By “all,” I mean 99.99%; bots are already the majority of web traffic, so this isn’t too crazy.
Before this can become a scalable reality, there are some real challenges and questions that need to be addressed:
How will platforms know whether the agent interacting with their site on behalf of someone is truly representing that individual or using stolen information? Remember, hackers and bad actors will have equal access to AI agents as everyone else and the problem of identity theft/account takeovers aren’t going anywhere anytime soon.
How will platforms know whether the action being taken by an agent is legitimate? I assume it’s on the builder of the agent to ensure its agent only takes actions approved by its owner, but how will platforms or websites know this for sure?
If an AI agent is instructed to complete an action on a website but it needs to create an account to do so, what is the legality around the agent agreeing to terms of use on behalf of its owner? If an AI agent e-signs something, can the owner of the agent be held to those terms even though they didn’t e-sign it themselves? If the owner must agree to terms or e-sign something themselves, then it’s highly unlikely AI agents will be able to roam the web freely and execute actions on behalf of their owners due to friction.
If an AI agent tries to buy something with a credit card or bank account, how does the payment platform know whether that payment was truly authorized? If the AI agent’s owner disputes the charge, can the payment platform even fight back?
Should AI agents be able to access every platform or product if it knows its owner’s passwords? Should there be a way to restrict access through an app like a password manager or SSO tool does for employees of businesses today? In this case, the AI agent would be an ‘employee’ of its owner and the consumer could grant the agent access to certain platforms via an app.
Will the companies that build AI agents be subject to regulation that requires them to work with an authentication service to ensure that unrelated companies can confirm their agents are acting on behalf of their owner?
Many of these questions are applicable to both physical AI agents/robots and those that exist solely on the web. Without an answer to these foundational questions and concerns, I’m unsure whether it will be possible for AI agents to roam the web or physical world due to authorization concerns; the security risks are too great. It’s possible that the onus to ensure agents are only acting with authorization falls on the maker of the agent and everyone will be comfortable with that, but I believe it’s more likely there will need to be some kind of authorization layer/blockchain/or protocol that enables the public and private businesses to instantly validate the actions of agents and who or what they really represent.
The solution here is likely a mixture of a public protocol that enables anyone and any business to validate the actions of an agent have been authorized by their owner and that the agent is truly representing who they say they are, and software that enables websites and physical commerce locations to instantly validate AI agents before they are permitted to take action. The software would also have to be really good at identifying AI in the first place; human traffic should not be affected or subject to unnecessary friction like it is today with captchas, etc. This solution is also likely accompanied by a consumer platform that enables individuals to grant/restrict their agent’s access to certain locations and platforms so that data is not constantly being shared with the agent’s maker. There is also likely a push notification system built into the consumer application that enables websites/stores/etc. to request secondary authentication that the consumer’s agent is acting on their authority.
Building this solution would be no small feat, if it were done by a startup. It’d be expensive and likely take a number of years before it is widely adopted. There are some very difficult technical challenges as well. That said, the owner of this protocol will likely own the connective tissue between AI and how it interacts with the physical/digital world on behalf of real humans. It’s most probable that large, established search titans will be the ones building this protocol (i.e. Google, Microsoft, Yahoo, etc.).
Anyway, if anyone is building anything related to this topic, I’d love to chat. My email is reedeswitzer@gmail.com.