Hello,

OpenAI’s ChatGPT, launched in late 2022, has come so far that it has spawned an entire ecosystem of AI agents that now generate more web traffic than all humans on the internet combined. And these agents don’t do any of the things a human on the web does. They don’t watch ads, click links, or shop online. They scrape the internet for whatever they need to complete a task and leave.

The entire internet was built around human behaviour and intent, but now most of the time, there isn’t a human, and the web is pissed with it! They have started to block out these agents - 2.5 million sites are blocking AI crawlers, and there are lawsuits against platforms like Perplexity. Cloudflare even started building honeypot mazes that trap scrapers in an infinite loop of AI-generated gibberish.

But some of these agents are already smart enough to bypass this, and so the internet is losing its sh*t trying to build something more concrete called a ‘proof of humanhood’. A way to verify that the thing on the other end actually hesitates, mistypes, and moves its cursor with the micro-jitter of a real nervous system. In this piece, I’ll get into why this is happening, who’s building that proof layer, and what it means when the choice comes down to centralised biometric surveillance or cryptographic proof of humanity.

Follow the money

The reason websites started blocking AI agents is that AI has broken the web’s business model from both sides simultaneously. The entire model was built on human attention: you visit a website, you see an ad, and the publisher gets paid for it. An AI agent shopping for shoes on your behalf today searches 5,000 websites instead of the 4 or 5 you’d visit yourself.

It can read everything faster than your eyes can blink, compare every price, and even make the purchase for you in a matter of minutes, all without registering an ad impression, leaving the publisher to cover server costs and get nothing in return.

On the other end, AI search is eating into reader traffic. When Google shows an AI summary (AI Mode) at the top of the search results, only 8% of users ever bother to click through to the actual website. Google traffic to publishers has dropped 33%. In just one year after its debut,AI Mode has surpassed one billion monthly users, with queries more than doubling every quarter since launch.

Remember Chegg? It had its whole business built on being the first result for homework help, but it’s now shut down! The company officially ended its Q&A platform operations and blamed ChatGPT for it. Publishers are getting squeezed from both ends at the same time, with bots stripping away their content from the bottom and AI summaries intercepting their readers even before they ever arrive at the website.

The extraction ratios are crazy: for every referral OpenAI sends back to a website, its crawlers first visit 400 pages. Anthropic’s number is 38,000 to 1. These companies have trained their models on the open web without compensating anyone, and then deployed them to intercept traffic that once reached the same sites they scraped.

It’s quite funny, actually. In any other industry, an extraction ratio like that can get you lawsuits. But in AI, it gets you a trillion-dollar valuation.

Your body is the new password

For the last 25 years, the only way for the internet to know if you’re a human was the CAPTCHA. You clicked the traffic lights, typed some wobbly letters, and it was working because machines were terrible at visual recognition.

Today, that’s not the case. OpenAI’s Operator agent now surpasses Google’s reCAPTCHA with an exceptionally high human score, all while doing perfectly centred clicks and copy-pasting texts into forms. AI-generated selfies are fooling ID verification systems, and there are cases where Deepfake video calls have been used to authorise real wire transfers. All these tests assumed that machines were worse than humans at the tasks they performed.

The only way for the web to solve this is to double down on what AI still can’t replicate: how a human body physically moves when it operates a screen. This is called behavioural biometrics. Companies like IBM and BioCatch are building systems that can now check not just your identity at login but your entire session. This includes your cursor speed, how you scroll, your typing rhythm, which keys you press harder, whether you delete and retype words, and the angle at which you hold your phone; all of this is measured by a gyroscope.

It can also track which hand you use, how your thumbs arc when you swipe something. IBM needs about 8 sessions to build this behavioural profile of you, and once done, every action gets scored against your baseline in real time.

BioCatch can even tell when someone is being scammed online. Their system picks up the fragmented typing of a person reading out account numbers while a fraudster dictates them over the phone.

They have flagged about 2 million mule accounts across 257 banks in a single year. The European Union is piloting gait recognition at border crossings. We’re barely three years into the agentic era and already have EU border guards profiling how you walk.

There’s also a body of research on the Stroop effect. When you see the word “BLUE” printed in green ink, your brain takes noticeably longer to name the colour because the meaning and the visual conflict with each other. But an AI can still respond at the same speed.

Researchers found that this kind of cognitive interference actually correlates with typing dynamics. The system might not even need to run an explicit test on you. It’ll figure out whether you’re human just from the way your keystrokes land, because the way you type carries measurable traces of how your brain processes information.

Every previous way of online surveillance tracked your choices, like which sites you visit, what you clicked or bought, and you could always stop this by blocking cookies or using a VPN, and even turn off location sharing if needed. But behavioural biometrics reads your body. You can’t opt out of moving the cursor the way you move it, you can’t type with someone else’s rhythm.

Your behavioural profile is as unique as a fingerprint, and unlike a password or key, you can’t change or rotate it. And once this gets built, each platform will force the others to match and adapt to it. In fact, browsers are just the beginning; voice models already pass as human on phone calls, and video is next. So if this is the future, the most important question is who ends up owning that data?

Who holds the proof?

There are two camps building proof of humanhood right now.

The first is Sam Altman’s World (formerly Worldcoin). Here, you basically have to walk up to a chrome sphere called the Orb, which scans your retina and generates a cryptographic proof that you’re a unique human. 18 million people across 160 countries have already done it. In April 2026, World even signed a deal with Tinder, Zoom, and DocuSign to verify their users. They also partnered with Coinbase to build AgentKit, which lets you register your AI agents to your verified identity so the platform can confirm that an agent is backed by a real person without knowing who that person is.

But with that are also countries that do not support World’s iris scans and have completely banned them. All because of concerns around collecting biometric data from people who don’t fully understand what they are giving up. An MIT Technology Review investigation even found that World was collecting more than just iris scans, including heart rate, breathing, and other vital signs, without meaningful consent.

The second camp is crypto-based zk-proofs that let you prove you’re a human without actually revealing who you are, where you are, or what your face looks like. Vitalik Buterin laid this out in 2023 and argued that without a working decentralised proof of personhood, the internet will always default to centralised identity. Someone has to verify you, and if crypto doesn’t build that tool, governments and corporations will, and it’ll come with surveillance built into the foundation.

But Decentralised proof of personhood has already been tried at scale, and it collapsed. The Idena network was one of the first proof-of-personhood blockchains that gave every human an equal identity. But within two years, 23 entities had captured 40% of all accounts and 48% of all rewards on the network. Pool operators in Indonesia and Russia paid workers less than a dollar per hour to hand over their verified identities and pocketed upto 55x the return. Researchers also found photos of children used as identity puppets.

Vitalik had predicted this. He wrote that “the cheapest attack on any proof-of-humanhood system isn’t a deepfake or a sophisticated hack, it’s paying someone in a low-income country to lend you their identity.” The problem of building proof of humanhood is that there needs to be a financial incentive behind it. Somebody has to fund the Orbs, fund the blockchain for verification.

But the moment you attach financial value to a unique identity, you actually create a market for identity rental. And in a world with such massive wealth inequality, the market always gets captured by whoever has the most capital.

“Forcing one-person-one-vote into a system with real economic incentives always conjures failed experiments in 20th-century communism.”

So both paths are kind of broken. The centralised path works at scale, but puts your biometric data in the hands of a company that already overcollects it and benefits directly from the bot problem persisting. The crypto path protects privacy in theory, but gets eaten by the same economic power imbalances it was built to escape.

If I had to bet, I’d still bet on crypto. Because behavioural biometrics and centralised iris scanning create a permanent record of your body that belongs to whoever deploys the system. And once they have your data, you can’t delete or port it; it will be locked with the company that captured it.

A zero-knowledge proof that confirms you’re a human without telling anyone anything more is still worth building, even knowing it’ll get gamed. Because the alternative to it is a web where every site you visit has your body’s movements on file. And that corporate version is already shipping faster than the crypto one.

That’s all for today!

Vaidik

Token Dispatch is a daily crypto newsletter handpicked and crafted with love by human bots. If you want to reach out to 170,000+ subscriber community of the Token Dispatch, you can explore the partnership opportunities with us 🙌

📩 Fill out this form to submit your details and book a meeting with us directly.

Disclaimer: This newsletter contains analysis and opinions of the author. Content is for informational purposes only, not financial advice. Trading crypto involves substantial risk - your capital is at risk. Do your own research.