u/Fragrant_Barnacle722

AI agents are already hitting sites and most people have very little visibility into it.

For example, Claude browses your MCP docs, GPT scrapes pages, OpenClaw creates shitposts on Reddit, etc.

I've been working with the team at Vouched recently on a way to detect and identify agents, bots, human traffic, etc. to help with this. Under the hood, there is an ecosystem of agents on a registrar with appropriate reputation scoring, all powered by a identity layer named KYA-OS which uses verifiable credentials that persist identity / authentication context across systems.

Well in the world of vibe coding we wanted it to be accessible to non-technical people too so it's as simple as:
- copy prompt from docs
- paste into Claude Code
- merge your PR

The hope is that people can have better visibility into which agents (or bots, or people) are interacting with your site and what they're actually doing.

If you're interested, I'll share the docs in comments.

AI agents are already hitting sites and most people have very little visibility into it.

For example, Claude browses your MCP docs, GPT scrapes pages, OpenClaw creates shitposts on Reddit, etc.

I've been working with the team at Vouched recently on a way to detect and identify agents, bots, human traffic, etc. to help with this. Under the hood, there is an ecosystem of agents on a registrar with appropriate reputation scoring, all powered by a identity layer named KYA-OS which uses verifiable credentials that persist identity / authentication context across systems.

Well in the world of vibe coding we wanted it to be accessible to non-technical people too so it's as simple as:
- copy prompt from docs
- paste into Claude Code
- merge your PR

The hope is that people can have better visibility into which agents (or bots, or people) are interacting with your site and what they're actually doing.

If you're interested, prompt to integrate is here:
https://kya.vouched.id/docs/quick-start

I saw this last week that the founder of PocketOS's agent wiped their prod DB in 9 seconds.

Honestly I don't think the takeaway was "agents are dangerous" but that it did literally what the system allowed it to.

tl;dr: It found a token, the token had broad permissions, and the API let it execute a destructive action (delete prod DB and all backups) with zero friction and then it did.

My opinion is that the agent didn't go rogue, it used a token that had way more access than anyone realized. Their system was set up with no clear delegation, no scoped authority, and no way to enforce intent at execution. So when something breaks you freak out and say "this shouldn't have been possible" well your system was designed such that it was possible.

We're missing an entire primitive here when working with agents: enforcement delegation at execution time.

My team and I have been working on this, and we call it "KYA-OS" and making it so that agents have a real identity, action are explicitly on behalf of someone with scope, and that context persists across the entire chain. I read that guy's post on X this week and sighed because it was preventable and now fear-mongering non technical people with self-inflicted horror stories. We built the spec and donated it to the Decentralized Identity Foundation because we believe it should be open source and this layer of trust infrastructure fundamentally should be governed by more than just one company.

Let me know your thoughts. I'll post the source and our url in the comments for anyone interested.

I saw this last week that the founder of PocketOS's agent wiped their prod DB in 9 seconds. Source.

Honestly I don't think the takeaway was "agents are dangerous" but that it did literally what the system allowed it to.

tl;dr: It found a token, the token had broad permissions, and the API let it execute a destructive action (delete prod DB and all backups) with zero friction and then it did.

My opinion is that the agent didn't go rogue, it used a token that had way more access than anyone realized. Their system was set up with no clear delegation, no scoped authority, and no way to enforce intent at execution. So when something breaks you freak out and say "this shouldn't have been possible" well your system was designed such that it was possible.

We're missing an entire primitive here when working with agents: enforcement delegation at execution time.

My team and I have been working on this, and we call it "KYA-OS" and making it so that agents have a real identity, action are explicitly on behalf of someone with scope, and that context persists across the entire chain. I read that guy's post on X this week and sighed because it was preventable and now fear-mongering non technical people with self-inflicted horror stories. We built the spec and donated it to the Decentralized Identity Foundation because we believe it should be open source and this layer of trust infrastructure fundamentally should be governed by more than just one company. If this is interesting to you, feel free to check out our site: https://kya.vouched.id/

Let me know your thoughts.