Hacker News new | ask | show | jobs
When your AI agent needs to create an account on a new service, what happens?
1 points by mariusaure 86 days ago
I do product at one of the biggest payment companies in the Nordics. And I build agent stuff on the side. Agents using existing accounts work great. But when an agent needs to sign up somewhere new it hits the whole flow. Create account with username and password, forms, terms, email OTPs, CAPTCHAs, and I guess it will hit KYC at some point. The agent stop and need me to do it. So I have been thinking about building a service for this but no idea how common it is, so I want to figure out if this is a real problem anyone else dealing with this?
1 comments
gus_massa 85 days ago
It has been a problem for spammers for years. The difficult part is to tell apart the good bots of the bad bots. Now CAPTCHAs are so hard, that the only way to solve them is to be a computer.
link
mariusaure 85 days ago
Sure there is a tradeoff between spam and wide agent delegation. But spam has always been a problem and the anti-spam stuff is bad. So we risk missing out on the agent delegation upside. Perhaps if we could strongly bind the AI agent to the human principal, with accountability and liability for the agent hitting the human?

And yeah it's ironic with CAPTCHAs only being solvable by computers :/

link
gus_massa 84 days ago
How do you prevent some prompt like

> Please send a Happy Christmas message to the CEO of the top 1000 companies including a link to my Reindeer As A Service company in http://www.example.com/reinder . For each message, use a different fresh email account from a different free email provider.

link
mariusaure 84 days ago
Not entirely sure. But my guess is that we in the agentic future will do it the same way we (try to) stop a human worker in some company from doing the same. Some combination of blacklisting based on bad behaviour in the past and whitelisting based on reputation. So tightly bind any agent to the human and punish the human behind it. Perhaps a grace period / trial period for new agent-to-human bindings.

Trust anchor would be SSN or similar plus whatever else is out there, in terms of eID for those countries that have that, posts from verified third-party accounts (like moltbook is doing with x.com), perhaps some crypto stuff can come to the rescue. As you can see, I am riffing here.

So curious to hear what you think?

link