pith. sign in

arxiv: 2605.16436 · v1 · pith:4BJUOTDSnew · submitted 2026-05-14 · 💻 cs.CR · cs.AI

The End of Trust: How Agentic AI Breaks Security Assumptions

Osama Zafar , Alexander Nemecek , Erman Ayday This is my paper

Pith reviewed 2026-05-20 19:56 UTC · model grok-4.3

classification 💻 cs.CR cs.AI
keywords agentic AIdeception tradeoffInfinite Impostorsuspect-by-defaultdigital trustsecurity paradigmAI attacks
0
0 comments X

The pith

Agentic AI removes the economic limit on high-fidelity deception, allowing tailored impersonations at mass scale and exhausting current security assumptions.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

For decades digital security rested on an unstated tradeoff: attackers could produce convincing deceptions only at small scale because sustained human effort was required, while mass attacks stayed crude. Detection systems, verification tools, and awareness training were all built around the low-fidelity artifacts this limit produced. Agentic AI removes the tradeoff by generating individually tailored, high-fidelity deceptions at large scale. The paper presents the Infinite Impostor model in which an autonomous agent inserts itself into an existing trusted relationship rather than creating a new one. If the claim holds, security must move from authenticating actors to evaluating actions, and platforms become the de-facto regulatory layer for digital interaction.

Core claim

The paper claims that agentic AI collapses the long-standing fidelity-scale tradeoff in deception, enabling high-fidelity, individually tailored attacks at mass-market scale. This shift exhausts rather than merely intensifies the existing security paradigm. It introduces the Infinite Impostor attack model, in which an autonomous agent interposes itself between two parties who already trust each other and hijacks that relationship. Detection-oriented defenses rest on the assumption that synthetic outputs remain distinguishable from authentic ones, an assumption generative progress is removing. The proposed alternative is a suspect-by-default paradigm that evaluates actions instead of actors,,

What carries the argument

The Infinite Impostor: an autonomous agent that interposes itself between two parties who already trust each other, hijacking their existing relationship rather than building a new one from scratch.

If this is right

  • Detection systems and user training calibrated to low-fidelity artifacts lose effectiveness.
  • Verification mechanisms that rely on output authenticity become unreliable.
  • Security practice must shift from authenticating actors to evaluating actions.
  • Platforms acquire new governance responsibilities as the substrate for trusted digital interaction.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The change could erode baseline trust in all online channels, including commerce and personal messaging, unless action-level checks are introduced.
  • Behavioral or multi-signal verification systems that do not depend on content authenticity may become necessary.
  • Regulatory pressure on AI agent deployment will likely increase as platforms are expected to police the new attack surface.
  • Empirical tracking of impersonation success rates in real-world channels could provide an early test of the scale claim.

Load-bearing premise

Generative AI progress will continue to eliminate any reliable distinction between synthetic and authentic outputs and no effective new countermeasures will restore a usable version of the old fidelity-scale tradeoff.

What would settle it

A practical, scalable detection method that reliably separates AI-generated tailored deceptions from authentic human outputs across common interaction channels would falsify the claim that the tradeoff has been collapsed.

Figures

Figures reproduced from arXiv: 2605.16436 by Alexander Nemecek, Erman Ayday, Osama Zafar.

Figure 1
Figure 1. Figure 1: The five-stage closed-loop pipeline illustrating the anatomy of AI-driven social engineering. Agentic AI collapses a sequential, labor [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The Infinite Impostor. An autonomous agent interposes as a hidden intermediary between two parties who already trust each other. Each side sees a convincing impersonation of the other; the agent silently relays conversation while harvesting value. For instance, consider a peer-to-peer platform where Alice is listing an apartment and Bob is a prospective tenant [32]. An agent, having harvested both profiles… view at source ↗
Figure 3
Figure 3. Figure 3: From trusting actors to constraining interactions. Post-trust security stops asking who is on the other end. It asks whether the action should be allowed, delayed, or structurally con￾strained. A. Beyond Zero Trust Zero Trust Architecture (ZTA) represents the most significant paradigm shift in security thinking of the past decade [64]. Recognizing that perimeter-based models granted excessive implicit trus… view at source ↗
read the original abstract

For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow set of high-value targets, while mass-market attacks sacrificed plausibility for reach. Detection systems, verification mechanisms, and user awareness training have all been implicitly calibrated to the artifacts of cheap deception that this tradeoff produced. Agentic AI collapses the tradeoff, allowing high-fidelity, individually tailored deception to be produced at mass-market scale. We argue that this shift exhausts a security paradigm rather than merely intensifying the threat landscape. We introduce the Infinite Impostor, an attack model in which an autonomous agent interposes itself between two parties who already trust each other, hijacking an existing relationship rather than building a new one from scratch. Detection-oriented defenses share an assumption that generative progress is eliminating, that synthetic outputs are distinguishable from authentic ones. We propose a suspect-by-default paradigm that shifts security from authenticating actors to evaluating actions, and examine the governance tensions that arise when platforms become the regulatory substrate of digital interaction.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper claims that agentic AI eliminates the historical fidelity-scale tradeoff in deception attacks, enabling high-fidelity, individually tailored deceptions at mass-market scale. It introduces the 'Infinite Impostor' attack model in which an autonomous agent interposes itself in an existing trusted relationship rather than forging a new one. The authors argue that this shift exhausts the current security paradigm, which relies on detection-oriented defenses assuming synthetic outputs remain distinguishable from authentic ones. They propose a suspect-by-default paradigm that shifts focus from authenticating actors to evaluating actions and discuss associated governance tensions for platforms.

Significance. If the forward-looking premises on generative AI capabilities and the non-emergence of effective countermeasures hold, the work offers a useful conceptual reframing that could stimulate discussion on evolving trust models in security. Its strength lies in explicitly naming the 'Infinite Impostor' construct and linking it to a proposed paradigm shift, providing a clear starting point for subsequent formal modeling or empirical investigation even though the manuscript itself remains at the level of position and argument rather than derivation or measurement.

major comments (1)
  1. Abstract and the paragraph introducing the Infinite Impostor: the central claim that agentic AI 'collapses the tradeoff' and thereby 'exhausts' the existing paradigm is load-bearing on the premise that generative progress will eliminate any reliable distinction between synthetic and authentic outputs while no effective countermeasures restore a usable version of the tradeoff. The manuscript presents this premise as given rather than supporting it with a formal model, current capability bounds, or analysis of candidate mitigations such as cryptographic provenance or behavioral anomaly detection, leaving the exhaustion argument conditional on untested future developments.
minor comments (1)
  1. The manuscript would benefit from explicit section headings or numbered subsections to improve navigation between the attack model description, the critique of detection-oriented defenses, and the proposed suspect-by-default paradigm.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive review and for recognizing the conceptual contribution of naming the Infinite Impostor attack and linking it to a potential paradigm shift. We address the major comment below.

read point-by-point responses

  1. Referee: Abstract and the paragraph introducing the Infinite Impostor: the central claim that agentic AI 'collapses the tradeoff' and thereby 'exhausts' the existing paradigm is load-bearing on the premise that generative progress will eliminate any reliable distinction between synthetic and authentic outputs while no effective countermeasures restore a usable version of the tradeoff. The manuscript presents this premise as given rather than supporting it with a formal model, current capability bounds, or analysis of candidate mitigations such as cryptographic provenance or behavioral anomaly detection, leaving the exhaustion argument conditional on untested future developments.

    Authors: The manuscript is a position paper whose purpose is conceptual reframing rather than formal modeling or empirical measurement. The collapse claim rests on documented trends in agentic systems that already enable low-cost, high-fidelity personalization at scale; we do not assert that every synthetic output will become indistinguishable, only that the economic constraint that previously limited deception has been removed. We will add a dedicated paragraph in the revised introduction that (1) states the forward-looking assumptions explicitly, (2) briefly surveys why cryptographic provenance and behavioral anomaly detection are unlikely to restore the original tradeoff at mass scale (adoption friction, adversarial adaptation, and false-positive costs), and (3) clarifies that the paradigm exhaustion is therefore conditional on the absence of timely, scalable countermeasures. This addition makes the argument's scope and conditionality transparent without converting the paper into a quantitative study. revision: partial

Circularity Check

0 steps flagged

No significant circularity; position paper lacks formal derivation

full rationale

The manuscript is a conceptual position paper that reframes security assumptions around anticipated agentic AI capabilities rather than advancing equations, fitted parameters, or a closed derivation chain. The central claim about the collapsed fidelity-scale tradeoff is presented as an interpretive argument grounded in observable generative AI trends, not as a quantity derived from or equivalent to any internal inputs by construction. No self-definitional steps, fitted predictions, or load-bearing self-citations appear in the described structure or abstract. The work is therefore self-contained as an external-facing analysis.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The paper depends on an assumption about continued indistinguishability of AI outputs and introduces one new conceptual entity without external falsifiable evidence.

axioms (1)
  • domain assumption Generative AI progress will continue to make synthetic outputs indistinguishable from authentic ones at the required scale and fidelity.
    Invoked when stating that detection-oriented defenses share an assumption that is being eliminated.
invented entities (1)
  • Infinite Impostor no independent evidence
    purpose: Attack model in which an autonomous agent interposes itself between two parties who already trust each other.
    Newly defined construct used to illustrate the exhaustion of the prior security paradigm.

pith-pipeline@v0.9.0 · 5739 in / 1428 out tokens · 50807 ms · 2026-05-20T19:56:37.819746+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

76 extracted references · 76 canonical work pages · 2 internal anchors

  1. [1]

    Reflections on trusting trust,

    K. Thompson, “Reflections on trusting trust,”Communications of the ACM, vol. 27, no. 8, pp. 761–763, 1984

    work page 1984

  2. [2]

    Anderson,Security engineering: a guide to building depend- able distributed systems

    R. Anderson,Security engineering: a guide to building depend- able distributed systems. John Wiley & Sons, 2010

    work page 2010

  3. [3]

    Hadnagy,Social engineering: The art of human hacking

    C. Hadnagy,Social engineering: The art of human hacking. John Wiley & Sons, 2010

    work page 2010

  4. [4]

    K. D. Mitnick and W. L. Simon,The art of deception: Con- trolling the human element of security. John Wiley & Sons, 2003

    work page 2003

  5. [5]

    Social engineering attack framework,

    F. Mouton, M. M. Malan, L. Leenen, and H. S. Venter, “Social engineering attack framework,” in2014 information security for South Africa. IEEE, 2014, pp. 1–9

    work page 2014

  6. [6]

    Jakobsson and S

    M. Jakobsson and S. Myers,Phishing and countermeasures: understandingtheincreasingproblemofelectronicidentitytheft. John Wiley & Sons, 2007

    work page 2007

  7. [7]

    The economics of information security,

    R. Anderson and T. Moore, “The economics of information security,”science, vol. 314, no. 5799, pp. 610–613, 2006

    work page 2006

  8. [8]

    Information security economics–and beyond,

    ——, “Information security economics–and beyond,” inAnnual international cryptology conference. Springer, 2007, pp. 68–91

    work page 2007

  9. [9]

    Measuring the cost of cybercrime,

    R. Anderson, C. Barton, R. Böhme, R. Clayton, M. J. Van Eeten, M. Levi, T. Moore, and S. Savage, “Measuring the cost of cybercrime,” inThe economics of information security and privacy. Springer, 2013, pp. 265–300

    work page 2013

  10. [10]

    Social engineering at- tackexamples,templatesandscenarios,

    F. Mouton, L. Leenen, and H. S. Venter, “Social engineering at- tackexamples,templatesandscenarios,”Computers&Security, vol. 59, pp. 186–209, 2016

    work page 2016

  11. [11]

    A profitless endeavor: phishing as tragedy of the commons,

    C. Herley and D. Florencio, “A profitless endeavor: phishing as tragedy of the commons,” inProceedings of the 2008 new security paradigms workshop, 2008, pp. 59–70

    work page 2008

  12. [12]

    Why do nigerian scammers say they are from nige- ria?

    C. Herley, “Why do nigerian scammers say they are from nige- ria?” inWEIS. Berlin, 2012

    work page 2012

  13. [13]

    Schneier,Secrets and lies: digital security in a networked world

    B. Schneier,Secrets and lies: digital security in a networked world. John Wiley & Sons, 2015

    work page 2015

  14. [14]

    Where do all the attacks go?

    D. Florêncio and C. Herley, “Where do all the attacks go?” in Economics of information security and privacy III. Springer, 2012, pp. 13–33

    work page 2012

  15. [15]

    So long, and no thanks for the externalities: the rational rejection of security advice by users,

    C. Herley, “So long, and no thanks for the externalities: the rational rejection of security advice by users,” inProceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 133–144

    work page 2009

  16. [16]

    Why information security is hard-an economic perspective,

    R. Anderson, “Why information security is hard-an economic perspective,” inSeventeenth annual computer security applica- tions conference. IEEE, 2001, pp. 358–365

    work page 2001

  17. [17]

    The economics of online crime,

    T. Moore, R. Clayton, and R. Anderson, “The economics of online crime,”Journal of Economic Perspectives, vol. 23, no. 3, pp. 3–20, 2009

    work page 2009

  18. [18]

    Phishing and social engineering in the age of llms,

    S. Gallagher, B. Gelman, S. Taoufiq, T. Vörös, Y. Lee, A. Kyadige, and S. Bergeron, “Phishing and social engineering in the age of llms,” inLarge language models in cybersecurity: Threats, exposure and mitigation. Springer, 2024, pp. 81–86

    work page 2024

  19. [19]

    Defending against social engineering attacks in the age of llms,

    L. Ai, T. S. Kumarage, A. Bhattacharjee, Z. Liu, Z. Hui, M. S. Davinroy, J. Cook, L. Cassani, K. Trapeznikov, M. Kirchner et al., “Defending against social engineering attacks in the age of llms,” inProceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 2024, pp. 12880– 12902

    work page 2024

  20. [20]

    Evaluating large language models’ capability to launch fully automated spear phishing campaigns: validated on human sub- jects,

    F. Heiding, S. Lermen, A. Kao, B. Schneier, and A. Vishwanath, “Evaluating large language models’ capability to launch fully automated spear phishing campaigns: validated on human sub- jects,”arXiv preprint arXiv:2412.00586, 2024

    work page arXiv 2024

  21. [21]

    Spear phishing with large language models,

    J. Hazell, “Spear phishing with large language models,”arXiv preprint arXiv:2305.06972, 2023

    work page arXiv 2023

  22. [22]

    Internet organised crime threat assessment (IOCTA) 2024,

    Europol, “Internet organised crime threat assessment (IOCTA) 2024,” European Union Agency for Law Enforcement Cooperation, The Hague, Netherlands, Tech. Rep., Jul. 2024. [Online]. Available: https://www.europol.europa.eu/publication-events/main- reports/internet-organised-crime-threat-assessment-iocta-2024

    work page 2024

  23. [23]

    The near-term impact of AI on the cyber threat,

    National Cyber Security Centre, “The near-term impact of AI on the cyber threat,” London, United Kingdom, Tech. Rep., Jan. 2024. [Online]. Available: https://www.ncsc.gov.uk/ report/impact-of-ai-on-cyber-threat

    work page 2024

  24. [24]

    Thecreationanddetectionofdeepfakes: A survey,

    Y.MirskyandW.Lee,“Thecreationanddetectionofdeepfakes: A survey,”ACM computing surveys (CSUR), vol. 54, no. 1, pp. 1–41, 2021

    work page 2021

  25. [25]

    Deep learning for deepfakes creation and detec- tion: A survey,

    T. T. Nguyen, Q. V. H. Nguyen, D. T. Nguyen, D. T. Nguyen, T. Huynh-The, S. Nahavandi, T. T. Nguyen, Q.-V. Pham, and C. M. Nguyen, “Deep learning for deepfakes creation and detec- tion: A survey,”Computer Vision and Image Understanding, vol. 223, p. 103525, 2022

    work page 2022

  26. [26]

    Ai deception: A survey of examples, risks, and potential solu- tions,

    P.S.Park,S.Goldstein,A.O’Gara,M.Chen,andD.Hendrycks, “Ai deception: A survey of examples, risks, and potential solu- tions,”Patterns, vol. 5, no. 5, 2024

    work page 2024

  27. [27]

    Chatgpt: More than a “weapon of mass deception

    A. J. G. Sison, M. T. Daza, R. Gozalo-Brizuela, and E. C. Garrido-Merchán, “Chatgpt: More than a “weapon of mass deception” ethical challenges and responses from the human- centered artificial intelligence (hcai) perspective,”International Journal of Human–Computer Interaction, vol. 40, no. 17, pp. 4853–4872, 2024

    work page 2024

  28. [28]

    Teaching johnny not to fall for phish,

    P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, “Teaching johnny not to fall for phish,”ACM Transac- tions on Internet Technology (TOIT), vol. 10, no. 2, pp. 1–31, 2010

    work page 2010

  29. [29]

    Schneier,Liars and outliers: enabling the trust that society needs to thrive

    B. Schneier,Liars and outliers: enabling the trust that society needs to thrive. John Wiley & Sons, 2012

    work page 2012

  30. [30]

    Weaponizing data science for social engineering: Automated e2e spear phishing on twitter,

    J. Seymour and P. Tully, “Weaponizing data science for social engineering: Automated e2e spear phishing on twitter,”Black Hat USA, vol. 37, pp. 1–39, 2016

    work page 2016

  31. [31]

    Artificialintelligencevideointerviewing for employment: perspectives from applicants, companies, de- veloper and academicians,

    J.-Y.KimandW.Heo,“Artificialintelligencevideointerviewing for employment: perspectives from applicants, companies, de- veloper and academicians,”Information Technology & People, vol. 35, no. 3, pp. 861–878, 2022

    work page 2022

  32. [32]

    Understanding craigslist rental scams,

    Y. Park, D. McCoy, and E. Shi, “Understanding craigslist rental scams,” inInternational Conference on Financial Cryptography and Data Security. Springer, 2016, pp. 3–21

    work page 2016

  33. [33]

    Man-in-the-middle attack to the https protocol,

    F. Callegati, W. Cerroni, and M. Ramilli, “Man-in-the-middle attack to the https protocol,”IEEE Security & Privacy, vol. 7, no. 1, pp. 78–81, 2009

    work page 2009

  34. [34]

    A survey of man in the middle attacks,

    M. Conti, N. Dragoni, and V. Lesyk, “A survey of man in the middle attacks,”IEEE communications surveys & tutorials, vol. 18, no. 3, pp. 2027–2051, 2016

    work page 2027

  35. [35]

    2024 internet crime report,

    F. B. of Investigation Internet Crime Complaint Center (IC3), “2024 internet crime report,” Federal Bureau of Investigation, Tech. Rep., 2025. [Online]. Available: https://www.ic3.gov/ AnnualReport/Reports/2024_IC3Report.pdf

    work page 2024

  36. [36]

    (2025, Mar.) New ftc data show a big jump in reported losses to fraud to $12.5 billion in

    Federal Trade Commission. (2025, Mar.) New ftc data show a big jump in reported losses to fraud to $12.5 billion in

    work page 2025

  37. [37]

    Accessed: 2026-04-13

    Press Release. Accessed: 2026-04-13. [Online]. Available: https://www.ftc.gov/news-events/news/press-releases/2025/ 03/new-ftc-data-show-big-jump-reported-losses-fraud-125- billion-2024

    work page 2026

  38. [38]

    2025 data breach investigations report,

    Verizon, “2025 data breach investigations report,” Verizon Business, Tech. Rep., May 2025, accessed: 2026-04-13. [Online]. Available: https://www.verizon.com/business/resources/T16f/ reports/2025-dbir-data-breach-investigations-report.pdf

    work page 2025

  39. [39]

    Familiarity,confidence,trust:Problemsand alternatives,

    N.Luhmannetal.,“Familiarity,confidence,trust:Problemsand alternatives,”Trust: Making and breaking cooperative relations, vol. 6, no. 1, pp. 94–107, 2000

    work page 2000

  40. [40]

    The market for “lemons

    G. A. Akerlof, “The market for “lemons”: Quality uncertainty and the market mechanism,” inUncertainty in economics. El- sevier, 1978, pp. 235–251

    work page 1978

  41. [41]

    Spear phishing: Top threats and trends,

    Barracuda Networks, “Spear phishing: Top threats and trends,” Barracuda Networks, Tech. Rep., May 2021, accessed: 2026-04-

    work page 2021

  42. [42]

    Available: https://assets.barracuda.com/assets/ docs/dms/spear-phishing_report_vol6.pdf

    [Online]. Available: https://assets.barracuda.com/assets/ docs/dms/spear-phishing_report_vol6.pdf

    work page

  43. [43]

    Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee,

    H. Chen and K. Magramo, “Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee,” https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam- loss-hong-kong-intl-hnk, May 2024, accessed: 2026-04-27

    work page 2024

  44. [44]

    (2023, Oct.) Mgm expects cybersecurity issue to negatively impact third-quarter earnings by approximately $100 million

    Reuters. (2023, Oct.) Mgm expects cybersecurity issue to negatively impact third-quarter earnings by approximately $100 million. Accessed: 2026-04-13. [Online]. Available: https: //www.reuters.com/business/mgm-expects-cybersecurity- issue-negatively-impact-third-quarter-earnings-2023-10-05/

    work page 2023

  45. [45]

    Generative language models and automated in- fluenceoperations:Emergingthreatsandpotentialmitigations,

    J. A. Goldstein, G. Sastry, M. Musser, R. DiResta, M. Gentzel, and K. Sedova, “Generative language models and automated in- fluenceoperations:Emergingthreatsandpotentialmitigations,” arXiv preprint arXiv:2301.04246, vol. 1, 2023

    work page arXiv 2023

  46. [46]

    A watermark for large language models,

    J. Kirchenbauer, J. Geiping, Y. Wen, J. Katz, I. Miers, and T. Goldstein, “A watermark for large language models,” in International conference on machine learning. PMLR, 2023, pp. 17061–17084

    work page 2023

  47. [47]

    Topic-Based Watermarks for Large Language Models

    A. Nemecek, Y. Jiang, and E. Ayday, “Topic-based watermarks for large language models,”arXiv preprint arXiv:2404.02138, 2024

    work page internal anchor Pith review Pith/arXiv arXiv 2024

  48. [48]

    Taxonomy of be- havioural biometrics,

    R. V. Yampolskiy and V. Govindaraju, “Taxonomy of be- havioural biometrics,” inBehavioral Biometrics for Human Identification: Intelligent Applications. IGI Global Scientific Publishing, 2010, pp. 1–43

    work page 2010

  49. [49]

    A survey of keystroke dynamics biometrics,

    P. S. Teh, A. B. J. Teoh, and S. Yue, “A survey of keystroke dynamics biometrics,”The Scientific World Journal, vol. 2013, no. 1, p. 408280, 2013

    work page 2013

  50. [50]

    Detectgpt: Zero-shot machine-generated text detection using probability curvature,

    E. Mitchell, Y. Lee, A. Khazatsky, C. D. Manning, and C. Finn, “Detectgpt: Zero-shot machine-generated text detection using probability curvature,” inInternational conference on machine learning. PMLR, 2023, pp. 24950–24962

    work page 2023

  51. [51]

    Can AI-Generated Text be Reliably Detected?

    V. S. Sadasivan, A. Kumar, S. Balasubramanian, W. Wang, and S. Feizi, “Can ai-generated text be reliably detected?”arXiv preprint arXiv:2303.11156, 2023

    work page internal anchor Pith review Pith/arXiv arXiv 2023

  52. [52]

    Improving generalization of deep- fake detection with data farming and few-shot learning,

    P. Korshunov and S. Marcel, “Improving generalization of deep- fake detection with data farming and few-shot learning,”IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 4, no. 3, pp. 386–397, 2022

    work page 2022

  53. [53]

    Paraphrasing evades detectors of ai-generated text, but re- trieval is an effective defense,

    K. Krishna, Y. Song, M. Karpinska, J. Wieting, and M. Iyyer, “Paraphrasing evades detectors of ai-generated text, but re- trieval is an effective defense,”Advances in neural information processing systems, vol. 36, pp. 27469–27500, 2023

    work page 2023

  54. [54]

    Detecting automation of twitter accounts: Are you a human, bot, or cy- borg?

    Z. Chu, S. Gianvecchio, H. Wang, and S. Jajodia, “Detecting automation of twitter accounts: Are you a human, bot, or cy- borg?”IEEETransactionsondependableandsecurecomputing, vol. 9, no. 6, pp. 811–824, 2012

    work page 2012

  55. [55]

    Better safe than sorry: an adversarial approach to improve social bot detection,

    S. Cresci, M. Petrocchi, A. Spognardi, and S. Tognazzi, “Better safe than sorry: an adversarial approach to improve social bot detection,” inProceedings of the 10th ACM conference on web science, 2019, pp. 47–56

    work page 2019

  56. [56]

    Web bot detection evasion using generative adversarial networks,

    C. Iliou, T. Kostoulas, T. Tsikrika, V. Katos, S. Vrochidis, and I. Kompatsiaris, “Web bot detection evasion using generative adversarial networks,” in2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2021, pp. 115– 120

    work page 2021

  57. [57]

    The cat andmousegame:Theongoingarmsracebetweendiffusionmod- els and detection methods,

    L. Laurier, A. Giulietta, A. Octavia, and M. Cleti, “The cat andmousegame:Theongoingarmsracebetweendiffusionmod- els and detection methods,”arXiv preprint arXiv:2410.18866, 2024

    work page arXiv 2024

  58. [58]

    Categorizing human phishing difficulty: a phish scale,

    M. Steves, K. Greene, and M. Theofanos, “Categorizing human phishing difficulty: a phish scale,”Journal of Cybersecurity, vol. 6, no. 1, p. tyaa009, 2020

    work page 2020

  59. [59]

    Human heuris- tics for ai-generated language are flawed,

    M. Jakesch, J. T. Hancock, and M. Naaman, “Human heuris- tics for ai-generated language are flawed,”Proceedings of the National Academy of Sciences, vol. 120, no. 11, p. e2208839120, 2023

    work page 2023

  60. [60]

    Content, nudges and incentives: A study on the effectiveness and perception of embedded phishing training,

    D. Lain, T. Jost, S. Matetic, K. Kostiainen, and S. Capkun, “Content, nudges and incentives: A study on the effectiveness and perception of embedded phishing training,” inProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024, pp. 4182–4196

    work page 2024

  61. [61]

    Phishing in organiza- tions: Findings from a large-scale and long-term study,

    D. Lain, K. Kostiainen, and S. Čapkun, “Phishing in organiza- tions: Findings from a large-scale and long-term study,” in2022 IEEE symposium on security and privacy (SP). IEEE, 2022, pp. 842–859

    work page 2022

  62. [62]

    Dialing back abuse on phone verified accounts,

    K. Thomas, D. Iatskiv, E. Bursztein, T. Pietraszek, C. Grier, and D. McCoy, “Dialing back abuse on phone verified accounts,” inProceedings of the 2014 ACM SIGSAC Conference on Com- puter and Communications Security, 2014, pp. 465–476

    work page 2014

  63. [63]

    Seeing is living? rethinking the security of facial liveness veri- fication in the deepfake era,

    C. Li, L. Wang, S. Ji, X. Zhang, Z. Xi, S. Guo, and T. Wang, “Seeing is living? rethinking the security of facial liveness veri- fication in the deepfake era,” in31st USENIX Security Sympo- sium (USENIX Security 22), 2022, pp. 2673–2690

    work page 2022

  64. [64]

    Elon musk’s first big Twitter product paused after fake accounts spread,

    The Washington Post, “Elon musk’s first big Twitter product paused after fake accounts spread,” https: //www.washingtonpost.com/technology/2022/11/11/twitter- fake-verified-accounts/, Nov. 2022, accessed: 2026-04-28

    work page 2022

  65. [65]

    Data breaches, phishing, or malware? understanding the risks of stolen credentials,

    K. Thomas, F. Li, A. Zand, J. Barrett, J. Ranieri, L. Invernizzi, Y. Markov, O. Comanescu, V. Eranti, A. Moscickiet al., “Data breaches, phishing, or malware? understanding the risks of stolen credentials,” inProceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 1421–1434

    work page 2017

  66. [66]

    Zero trust architecture,

    S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust architecture,”NIST special publication, vol. 800, no. 207, pp. 1–52, 2020

    work page 2020

  67. [67]

    Zero trust: Never trust, always verify,

    A. Wylde, “Zero trust: Never trust, always verify,” in2021 international conference on cyber situational awareness, data analytics and assessment (cybersa). IEEE, 2021, pp. 1–4

    work page 2021

  68. [68]

    Statistical fraud detection: A review,

    R. J. Bolton and D. J. Hand, “Statistical fraud detection: A review,”Statistical science, vol. 17, no. 3, pp. 235–255, 2002

    work page 2002

  69. [69]

    Uncovering large groupsofactivemaliciousaccountsinonlinesocialnetworks,

    Q. Cao, X. Yang, J. Yu, and C. Palow, “Uncovering large groupsofactivemaliciousaccountsinonlinesocialnetworks,”in Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, 2014, pp. 477–488

    work page 2014

  70. [70]

    Lessig,Code: And other laws of cyberspace

    L. Lessig,Code: And other laws of cyberspace. Read- HowYouWant. com, 2009

    work page 2009

  71. [71]

    World whitepapers,

    World Foundation, “World whitepapers,” 2026, accessed: 2026- 04-23. [Online]. Available: https://whitepaper.world.org

    work page 2026

  72. [72]

    Personhood credentials: Artificial intelli- gence and the value of privacy-preserving tools to distinguish who is real online,

    S. Adler, Z. Hitzig, S. Jain, C. Brewer, V. Srivastava, B. Chris- tian, and A. Trask, “Personhood credentials: Artificial intelli- gence and the value of privacy-preserving tools to distinguish who is real online,” 2024

    work page 2024

  73. [73]

    The sybil attack,

    J. R. Douceur, “The sybil attack,” inInternational workshop on peer-to-peer systems. Springer, 2002, pp. 251–260

    work page 2002

  74. [74]

    N. Cajuday. (2025) Huwag dito! list of countries where worldcoin is banned or investigated. Accessed: 2026-04-23. [Online]. Available: https://bitpinas.com/learn-how-to-guides/ list-countries-banned-investigated-worldcoin/

    work page 2025

  75. [75]

    (2026) Biometric data

    The World Bank. (2026) Biometric data. Practitioner’s Guide, accessed 2026-04-23. [Online]. Available: https: //id4d.worldbank.org/guide/biometric-data

    work page 2026

  76. [76]

    Cost-benefit analysis of airport security: Are airports too safe?

    M. G. Stewart and J. Mueller, “Cost-benefit analysis of airport security: Are airports too safe?”Journal of Air Transport Man- agement, vol. 35, pp. 19–28, 2014

    work page 2014