The “AI arms race” is both inevitable and already happening. Evidently, the real challenge now is to distinguish which bot is malicious and which is a verifiable hard-working AI agent. What’s necessary is to identify precisely and bounce the malicious ones.
Robust systems are required that cryptographically link to who is doing what online. Something like a digital signature or a watermark for every interaction — so we know whether we’re talking to a human or bot, and the service or a platform knows who logs in — a human or an AI agent. This would shore up transparency and trust, making it much harder for malicious AI to deceive without detection.
The future is interesting and exciting precisely because it’s difficult to predict. It’s unwise to rule out the idea that each of us will eventually have one, two, or even ten AI agents performing various tasks and browsing the web on our behalf. So, the idea of having an “agent free web” might turn out somewhat counterintuitive in the long run.
Regarding “clean traffic” and whether it could jeopardize normal but unusual user behavior: perhaps to some extent. In the grand scheme, however, it remains relatively easy to contextually distinguish a bot from a human. Moreover, if a human acts overtly weirdly and disruptively, their isolation might be as necessary as that of a bot.
To build sustainable protection against algorithmic bias, it makes sense to focus less on mimicry itself and more on the intent and potential adverse outcome of a behavior. Both bots and humans can have malicious intent. Our priority should be to prevent harmful x, not just to identify whether an actor is a bot.
Karolis Arbačiauskas is the Head of Product at NordPass, where he leads the development of user-focused cybersecurity solutions aimed at simplifying and strengthening digital authentication. With a background spanning product management, business development, and finance, he has worked across companies such as Danske Bank and Nordea, building expertise in scalable digital products. He is known for advocating a balance between usability and robust security, particularly in areas like password management and emerging authentication methods. Karolis frequently comments on evolving cybersecurity risks, emphasizing shared responsibility between users, developers, and platforms.
