Earlier this month, a research team published aCAPTCHA — the first academic formalization of a question nobody was asking five years ago: "Is this entity an AI agent?"
Not "is this a human?" — the opposite.
The Problem: Verifying Agents, Not Blocking Them
Traditional CAPTCHAs exist to prove you're human. But as AI agents become legitimate web participants — browsing, booking, purchasing, automating — a new need has emerged: some systems need to verify that a visitor is a bot.
Think about it:
- Agent-only APIs that shouldn't serve human traffic
- AI-to-AI marketplaces where humans have no business being
- Multi-agent orchestration platforms requiring authenticated agents
- Agent-facing services that need to distinguish real agents from scripts
The aCAPTCHA paper formalizes this as the Agentic Capability Verification Problem (ACVP). They define a three-class taxonomy — Human, Script, Agent — based on three capability dimensions: action, reasoning, and memory. The key insight is asymmetric hardness: design challenges that are trivial for agents but impractical for humans.
A Working Implementation: imrobot
I built imrobot, an open-source reverse-CAPTCHA library that implements this concept. It's been in development since early 2026 and is now at v0.5.0 on npm.
How It Works
imrobot generates a pipeline of deterministic operations applied to a random seed:
seed: "a7f3b2c1d4e5f609"
1. reverse()
2. caesar(7)
3. xor_encode(42)
4. fnv1a_hash()
5. to_upper()
The challenge data is embedded in the DOM as structured JSON (data-imrobot-challenge), making it trivially parseable by any agent. AI agents parse it, execute the pipeline, and submit the result — typically in under a second. A human would need to manually compute multi-step transformations involving hashing, XOR encoding, and bit rotation.
What's Included
- Framework support: React, Vue, Svelte, and Web Component
- Server-side verification: HMAC-SHA256 signed challenges (stateless, no DB needed)
-
Proof-of-agent tokens: JWT-like tokens issued after verification, passed via
X-Agent-Proofheader - Express/Koa/Hono middleware: Drop-in route protection
- CLI: Test challenges from your terminal
- Zero dependencies
- Anti-scraping: Natural-language challenge formatting with randomized phrasing
Quick Example (React)
import { ImRobot } from 'imrobot/react'
function App() {
return (
<ImRobot
difficulty="medium"
theme="light"
onVerified={(token) => {
console.log('Robot verified!', token)
}}
/>
)
}
Server-Side Protection
import express from 'express'
import { createAgentRouter, requireAgent } from 'imrobot/server'
const app = express()
app.use(express.json())
// Challenge/verify endpoints
const router = createAgentRouter({ secret: process.env.IMROBOT_SECRET! })
app.get('/imrobot/challenge', router.challenge)
app.post('/imrobot/verify', router.verify)
// Protect any route — only verified agents get through
const guard = requireAgent({ secret: process.env.IMROBOT_SECRET! })
app.get('/api/agent-data', guard, (req, res) => {
res.json({ message: 'Agent verified!' })
})
The Bigger Picture
This isn't just a niche library. The web is rapidly adapting for AI agents:
- Google's A2A protocol (v0.3) defines agent-to-agent communication with OAuth and signed security cards
- Cloudflare's Markdown for Agents converts HTML to Markdown on-the-fly for AI crawlers
- World's AgentKit lets verified humans delegate cryptographic identity to AI agents
- Reddit is exploring Face ID/Touch ID to combat bots — showing the tension between human verification and bot verification
We're at an inflection point where the web needs both: ways to prove you're human AND ways to prove you're a bot. The infrastructure for the first has existed for decades (reCAPTCHA, hCaptcha, Turnstile). The infrastructure for the second is just being built.
Try It
- Live demo: imrobot.vercel.app
-
npm:
npm install imrobot - GitHub: github.com/leopechnicki/im_robot
- aCAPTCHA paper: arxiv.org/abs/2603.07116
I'd love to hear what the community thinks. Is agent verification a problem you're running into? What challenges should a reverse CAPTCHA include?
Top comments (0)