Written by: Vaidik Mandloi
Compiled by: Luffy, Foresight News
Since its launch at the end of 2022, ChatGPT has spawned a vast ecosystem of AI agents. Currently, the total network traffic generated by these programs exceeds that of all human users worldwide. AI's online behavior is drastically different from humans: they don't browse ads, click links, or shop online; they simply collect network data to complete tasks and then leave.
The internet's initial architecture and business logic were built around human behavior and usage habits. However, the vast majority of online activity today does not originate from real people, causing significant problems for major websites. Currently, 2.5 million websites have begun blocking AI web crawlers, and platforms like Perplexity have been embroiled in related lawsuits. Cloud service provider Cloudflare has even built a "honeypot maze," using AI-generated jumbled and meaningless text to create infinitely looping pages, thus trapping various data crawlers.
However, some advanced AI agents already possess the ability to bypass these safeguards. Faced with the escalating human-machine confrontation, the entire industry has begun to focus on developing a more reliable human identity verification mechanism. This system needs to accurately identify whether the operator on the other end of the screen is human: when a real person operates, they will hesitate, make typing errors, and the cursor movement will exhibit subtle tremors unique to the human nervous system. This article will analyze the causes behind this revolution, the two mainstream technical solutions, and the choices people will face: whether to accept centralized biometric monitoring or to use encrypted zero-knowledge proof technology to achieve anonymous human verification.
AI is disrupting internet business models
Websites are increasingly blocking AI programs because AI is simultaneously undermining the very foundation of the internet's commercial viability from both ends. The traditional internet's profit logic is built on user attention: content publishers earn revenue when users visit pages or view ads. If AI were to handle online shopping, it could search five thousand websites at once, while the average person typically only browses four or five pages.
AI's reading speed far surpasses that of humans; it can complete price comparisons across the entire internet and even place orders directly within minutes, all without generating any ad views. This means that websites bear the server operating costs for nothing, without receiving any revenue.
Meanwhile, AI search is also continuously diverting website traffic. After Google added an AI-powered smart summary section to the top of search results, only 8% of users clicked through to the original webpage, resulting in a 33% drop in traffic to major content sites from Google. Within just one year of its launch, this feature had surpassed 1 billion monthly active users, and platform search volume has doubled every quarter since its release.
Many will likely remember Chegg, the online learning Q&A platform. Originally relying on its search ranking advantage to focus on academic Q&A, it has now officially shut down its Q&A section, blaming the collapse on the impact of ChatGPT. Content creators are caught in a double bind: on one hand, web crawlers are rampantly scraping content from websites, and on the other hand, AI summaries are intercepting traffic before users even reach the site.
The data disparity is even more alarming. For every redirect traffic OpenAI's crawler brings to a partner website, it first scrapes data from 400 pages; for Anthropic, this ratio reaches 38,000:1. These companies use publicly available data from across the internet to train AI models free of charge, and then divert traffic that originally belonged to the websites with their finished products.
In other industries, such predatory data collection practices would have already attracted countless lawsuits, but in the field of AI, these companies can achieve valuations in the trillions.
Your body is the new code.
For the past 25 years, the internet has primarily relied on CAPTCHAs to distinguish between humans and machines. People need to recognize traffic signs and input distorted characters. This mechanism was effective because, in the early days, machines' image recognition capabilities were far inferior to those of humans.
The situation has now completely reversed. OpenAI's AI-powered operating system scores far higher than humans in Google's human verification system, capable of accurately clicking on interfaces and copying and pasting content; AI-generated photos can fool identity verification systems, and deepfake video calls have even been used by criminals to complete bank transfers. The premise of traditional verification methods—that machines are less capable than humans—no longer exists.
The industry can only focus on areas that AI cannot yet replicate. One such area is the behavioral characteristics of humans operating electronic devices, also known as behavioral biometrics. Companies like IBM and BioCatch are developing related systems. This technology not only verifies identity during login but also monitors user activity throughout the process, collecting data on cursor movement speed, page scrolling, typing rhythm, key pressure, text deletion and editing habits, and phone holding angle. The phone's gyroscope records all relevant information.
The system can also recognize details such as the user's dominant hand and finger swipe patterns. IBM only needs to collect data from eight usage sessions to create a personalized user profile, and will subsequently compare each operation with baseline data in real time.
BioCatch's technology can even identify online scams. When victims read out their account passwords as instructed by scammers over the phone, the system accurately captures their frantic and disjointed typing rhythm. In just one year, the system helped 257 banks identify approximately 2 million money laundering accounts. Now, the EU is also piloting gait recognition technology. Only three years into the era of AI agents, EU border officials have already begun collecting data on people's walking postures.
Related research also incorporated the Stroop effect: when the word "blue" is written in green, the human brain experiences a conflict between the meaning of the word and the visual color, resulting in a significantly slower reaction time, but AI remains unaffected. The study found that this cognitive interference is directly reflected in typing behavior. The platform doesn't even need specific tests; it can determine whether the operator is human simply by the keystroke rhythm. Typing habits reveal uniquely human characteristics of brain information processing.
Traditional web tracking primarily records users' browsing, clicks, and spending behaviors, which users can circumvent by blocking cookies, using VPNs, and disabling location services. However, behavioral biometrics collects instinctive human characteristics: cursor movement and typing rhythm are difficult to alter artificially.
Each person's behavioral characteristics are as unique as a fingerprint. Unlike passwords and keys, this biometric profile cannot be changed or reset. Once this technology becomes widespread, major platforms will be forced to adapt. Voice simulation technology can already create convincing fake conversations, and deepfake video technology is following closely behind. If this is the future, the most crucial question emerges: who will ultimately control this human data?
Who will control the real-person verification system?
Currently, the industry has split into two camps, each exploring real-person identity verification solutions.
The first is Sam Altman's World (formerly Worldcoin). Users need to walk in front of a spherical iris scanner, which collects iris information and generates an encrypted certificate to prove that the user is a unique natural person. Currently, 18 million people in 160 countries around the world have completed iris registration. In April 2026, World successively reached user verification partnerships with dating app Tinder, video conferencing platform Zoom, and electronic signature service provider DocuSign; it also launched the AgentKit tool in conjunction with Coinbase, which allows users to bind their AI agents to their real-name identities. The platform can confirm that there is a real person behind the agent without leaking the user's personal information.
However, iris scanning technology is explicitly banned in many countries. The public is unaware of the potential risks associated with authorizing the collection of biometric data, which is the core reason for the resistance from various countries. An investigation by MIT Technology Review also found that World, without proper authorization, was not only collecting iris data but also illegally collecting data on other vital signs such as heart rate and respiration.
The second type is zero-knowledge proof based on cryptographic technology, which allows you to prove you are human without revealing your real identity, location, or appearance. Vitalik Buterin proposed this concept as early as 2023. He believes that if a decentralized system for real-person identities cannot be built, the internet will eventually move towards centralized identity control. Once the authority to verify identities is controlled by corporations or governments, surveillance mechanisms will be rooted in the underlying network.
Decentralized real-person identity systems have seen large-scale implementation attempts before, but all have ultimately failed. Idena, one of the first public blockchain projects to emphasize "one person, one identity," saw 40% of the accounts and 48% of the rewards controlled by 23 institutions within just two years of its launch. Account operation teams in India, Russia, and other locations hired ordinary people to lend their identities for less than one dollar per hour, earning returns of up to 55 times the initial investment. Researchers also discovered that even children's identity information was used as bot accounts.
Vitalik had anticipated these risks. He stated that the cheapest attack method against a real-person identity verification system is not deepfakes or sophisticated hacking techniques, but rather hiring people from low-income areas to lend their identities. Any real-person identity verification system requires financial support: iris scanning devices and on-chain verification nodes all require continuous investment.
However, once identity documents are given economic value, a black market for identity rentals will emerge. In a real world with a huge gap between the rich and the poor, those with strong capital will always control this type of market.
"Forcibly implementing a one-person-one-vote rule in a system with real economic incentives will only repeat the mistakes of related social experiments in the 20th century."
Objectively speaking, both development paths have obvious flaws. Centralized solutions can achieve large-scale deployment, but users' biometric data will be entrusted to companies that excessively collect information, and these companies themselves can profit from the proliferation of bots. Encryption, while theoretically protecting privacy, struggles to overcome real-world economic imbalances, ultimately becoming a loophole for gray-market industries.
If I had to place a bet, I'd still bet on encryption. Because behavioral biometrics and centralized iris scanning permanently record your physical information, and ownership of that information belongs to the people who deploy the system. Once they have your data, you can't delete or transfer it; the data will be locked in the hands of the company that collected it.
Even knowing that zero-knowledge proofs can be exploited, they are still worth developing because they can verify your identity as a human being without revealing any additional information. Conversely, if this approach is abandoned, in the future, any website we visit will retain our behavioral data. Currently, this centralized solution with surveillance capabilities is being implemented far faster than encryption technologies.
