•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For years, defenses against Sybil attacks—where a single actor creates many fake identities to subvert a system—relied on spotting bot-like behavior. If large numbers of accounts moved in perfect synchronization or used the same rigid script, security systems could flag them as malicious.
But the integration of artificial intelligence (AI) is undermining those traditional signals. In an interview with Bitcoin.com News on the evolving threat landscape, Paolo D’Amico, senior staff product engineer at Tools for Humanity, said AI has shifted from a technical tool into a “force multiplier” for digital attackers.
In the past, scaling a Sybil attack required substantial technical effort to make “clones” appear distinct. D’Amico said AI reduces that barrier by automating the creation of credible personas.
“AI makes that automation both easier to deploy and more convincing in practice,” D’Amico said. “It expands an attacker’s ability to generate realistic behavior, adapt dynamically, and bypass existing security controls.”
Unlike traditional bots that follow static code, AI-driven agents can generate unique social media posts, engage in varied onchain transactions, and mimic human timing patterns. D’Amico argued that this dynamic adaptation makes it difficult for legacy security systems to identify clusters of accounts controlled by a single entity.
D’Amico also described a shift in how automated traffic is interpreted. Historically, security teams used a simple rule: automated traffic is bad; human traffic is good. That binary is breaking down as decentralized AI agents increasingly perform legitimate tasks.
“Agents are providing a new interface for interacting online, which makes it harder to distinguish harmful automation from legitimate or desired automated activity,” D’Amico said. “As a result, sites now need to adapt their defenses for a world where automation itself is no longer a reliable signal of abuse.”
With AI able to solve puzzles and mimic human browsing patterns, the question becomes whether CAPTCHA is effectively obsolete. D’Amico said CAPTCHAs are not necessarily disappearing, but they are evolving.
He argued that relying on simple puzzles is increasingly a game AI can win. Instead, stronger approaches should better represent human presence in the digital world, including “human-in-the-loop” verification through deeper technological layers. He pointed to emerging standards such as those from the Privacy Pass working group.
To address Sybil swarms of autonomous agents, D’Amico said new infrastructure is prioritizing verified uniqueness. One example is Agentkit, an SDK based on the World ID Protocol.
With Agentkit, websites can gate, limit, or control access to content using rules tied to World ID credentials. The immediate application described is rate limiting based on unique humans—for example, allowing each verified person a set number of requests within a timeframe to reduce the advantage of mass-produced bot accounts.
D’Amico said World ID adds a security layer that makes scaling Sybil attacks significantly harder. In this model, an attacker cannot simply create a new identity by using a new email address or phone number; the system treats the attacker as needing to be a new person.
He said this is supported by the Orb, described as trusted hardware, and by zero-knowledge (ZK) cryptography, which verifies uniqueness without compromising individual privacy.
As the economy of autonomous agents grows, the challenge moves from identification to authorization. D’Amico referenced protocols such as x402, which enable agents to pay for web resources directly.
However, he said the key security question remains: how to determine whether an agent is spending on behalf of a human rather than acting as a rogue script.
D’Amico said the integration of x402 and Agentkit creates a “power of attorney” model for the digital age. In this setup, x402 handles payment, while Agentkit verifies the authority behind the request.
“Through AgentKit, a user can delegate presenting their proof of human to an agent,” D’Amico said. “In that model, a World ID can have multiple authorized keys that are allowed to generate proofs. One key belongs to the user’s device, and the user can also authorize an agent key through AgentKit.”
When an agent makes a payment via x402, D’Amico said it carries a cryptographic signature showing it was explicitly authorized by a verified human. He also noted that the authority is limited: the agent can act within its granted permissions, but it cannot alter the user’s World ID or seize broader control of the identity.
D’Amico said these technologies are closely tied to regulatory developments. He described regulatory frameworks around identity and privacy as evolving alongside the technology rather than acting as a barrier.
“As AI continues to advance, we expect regulatory frameworks around identity and privacy to evolve in conjunction with the technology,” D’Amico said. “These advances will reshape the landscape, opening new opportunities while also introducing new risks and attack vectors.”
Looking ahead five years, D’Amico projected that identity management will shift from a peripheral security feature to a central pillar of the internet. In an “AI-native” world, he said identity must cover both the creator and the emissary.
“For humans, that means stronger verifiable trust anchors that allow identity to remain a reliable representation of a real person online,” D’Amico predicted. “In parallel, I expect identity frameworks for autonomous agents to become more important.”
As agents interact more directly with financial systems and platforms, D’Amico said the industry will need clearer ways to verify who or what agents represent, the extent of their authority, and whether they are acting on behalf of real users.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
