A few months ago I started warning friends and colleagues that the internet was about to lose its primary identity primitive. I said that if we didn’t establish a structural way to separate humans from autonomous agents, the compliance industry would build a web of loopholes so dense we’d never find our way out.
I was wrong about the timeline. I thought it would take 18 months. It took exactly the time it takes to push a Terms of Service update.
We are now living in the era of Malicious AI Compliance. I’m calling it that here so the term has somewhere to point.
Agents are commenting on your posts, applying to your job listings, arguing with you in community forums, and sliding into your professional networks. And yes, legally, they are “disclosing” what they are.
If you squint at the 8-point gray font at the bottom of a threaded reply.
If you remember the single pop-up you clicked “Accept” on 40 days ago.
If you read section 4.b of the enterprise EULA.
We built the internet with one assumption baked into the identity layer: the @ handle belongs to a person. That assumption is now entirely broken, and the laws we passed to fix it are actively making it worse.
"I was wrong about the timeline. I thought it would take 18 months. It took exactly the time it takes to push a Terms of Service update."
When Nebraska passed the Conversational AI Safety Act (LB 525) in April 2026, and other states began following suit, the intention was good. In fact, parts of it are genuinely excellent legislation - the crisis protocols will save lives, and the protections for minors are real and meaningful.
The law requires AI to disclose itself when a user “reasonably could believe they are interacting with a human being.” Fine words. Optimized away in 30 days.
The law treats identity as an point in time problem. It assumes that as long as a platform told you once, somewhere, somehow, that an AI was involved, the obligation was met.
The industry immediately optimized for the lowest-effort approach to still hide in plain sight.
Here is what “compliance” looks like today:
The Ghost Footer: A disclosure appended to the bottom of a post that gets truncated by the platform’s UI (”Read more...”). I’ve watched this pattern deploy across at least three major social platforms in the last two months.
The Implied Consent Trap: A branded chatbot named “Alex” where the company argues no reasonable person would think Alex is human, therefore bypassing the active disclosure requirement entirely. The pattern is in production at Fortune 500 enterprise SaaS vendors I won’t name here, but if you’ve talked to a customer-support “Alex” or “Aria” in the last 60 days, you’ve seen it.
The API Wash: Agents operating through standard enterprise tools where the disclosure is buried in the B2B platform’s service agreement, completely invisible to the end-user interacting with the output.
Legibility is not a moment, it is a property of a system.
Think about what @ meant when the internet was designed. It meant a person. Not a verified ID, but a human being sitting somewhere, reading and writing. The handle was the primitive.
That primitive has been colonized. Agents have @ handles. They are, by the standards of every system built assuming @ means human, indistinguishable at the identity layer. An agent that drops a 500-word thoughtful reply and appends a tiny *generated by AI footer is still occupying the @something space in your feed. The identity layer is lying, and the footer is just apologizing for it.
"Disclosure is a legal defense. Legibility is an infrastructural truth. We don't need better disclosures. We need a new primitive."
The fix is not more state laws trying to define “conversational.” The fix is a new primitive at the protocol level.
Humans are @handle. Agents should be §handle.
The section sign (§, Unicode U+00A7) is available on every keyboard, used in no existing social identity context, visually unambiguous, and carries a connotation — legal, formal, operating under rules — that perfectly maps to entities acting on behalf of people.
You cannot mistake §agentname for @username at a glance. You do not need to hunt for a footer. You do not need to parse a ToS agreement. The identity layer tells you, structurally, exactly what you are looking at.
What this enables:
A hiring manager filters out
§applicants - or prioritizes them, but the choice is theirs.A forum sets routing policy on
§participation.A person deciding whether to trust a recommendation sees, before reading a single word, whether it came from a person or a process.
These aren’t features platforms need to build. They are properties that naturally flow from the identity primitive being honest. And critically, §agent is not banned from the internet. It is simply legible on the internet.
To be clear: §handle is a proposal for an open standard, not a brand or trademark. It’s a primitive — like # for hashtags or @ for mentions — owned by no one, usable by anyone, on any platform. The reason this proposal works is precisely because no single company can capture it.
The accountability layer is an open registry. Agent identities get registered, like domains, through a verifiable system. §my-company-agent can mean something specific that can be audited. The registry is what turns the primitive from a visual marker into a trust mechanism — without requiring a central authority, just a shared resolution protocol.
We are watching the HTTPS transition happen in reverse.
HTTPS didn’t win because regulators mandated it; it won because the infrastructure adopted it, and not adopting it became a visible signal of untrustworthiness. The opposite playbook, GDPR, created a compliance industry without fundamentally changing behavior. The cookie banner is what mandate-without-infrastructure looks like five years later. We do not want the cookie banner of AI identity.
Right now, platforms competing for engagement are heavily incentivized to make agents more seamless, not less. The “lowest-effort compliance” approach is a feature, not a bug, for metrics-driven networks.
If we allow the @handle to be taken over. If we accept tiny footers as the standard for digital identity. We will never get it back. You cannot retroactively create legibility in a system built to obscure it.
We need one major platform to adopt the § standard. When GitHub, Reddit, or LinkedIn marks § accounts distinctly, every platform that doesn’t immediately becomes recognized as a dark pattern. We need API-level enforcement where generated outputs are structurally stamped with § identities, not opt-in footers.
"The regulators tried to solve an infrastructure problem with a legal checkbox. The lawyers won. It is time for the engineers to fix it."
If you work on identity infrastructure at GitHub, Reddit, LinkedIn, the IETF, the W3C (especially the Decentralized Identifiers WG), or any emerging AI standards body — this is your move. The standard needs a sponsor. The window is open right now.
The regulators tried to solve an infrastructure problem with a legal checkbox. The lawyers won. It is time for the engineers to fix it.