Sato Hub
← Back to blogYour Agent Looks Like a Scraper to Every Website It Visits

Your Agent Looks Like a Scraper to Every Website It Visits

ERC-8004 and x402 are trying to give agents a passport. Adoption is still thin.

2026-07-14 · 4 min read

The problem isn't bots. It's that everything looks like a bot.

A piece in Bankless this week (["Who Sent This Bot? The Web Needs an Answer"](https://www.bankless.com/read/who-sent-this-bot-the-web-needs-an-answer), July 13) names something builders in this space already feel: a website has no reliable way to tell your user-directed agent from a scraper harvesting training data. Both load pages fast, execute JavaScript, and click through links. The behavior is identical. Only the intent differs, and intent isn't observable from a request log.

That's a real problem for anyone shipping an agent that needs to *do* things on the open web — book something, buy something, check a price, fill a form — not just read it. Get misclassified as a crawler and you get rate-limited, CAPTCHA'd, or blocked outright, same as the scrapers you have nothing to do with.

What's supposed to fix it

The article frames this against Circle founder Jeremy Allaire's "agentic economy" pitch — agents holding funds, hiring other agents, signing contracts — and points out that none of it works if a website can't answer three questions: which agent is this, whose authority is it acting under, and who's liable if it exceeds that authority. A few projects are attempting partial answers:

  • ERC-8004 — onchain registries for agent identity, reputation, and validation. We track this one closely; it's the standard behind the "Verified on-chain" checks in our own registry. But Bankless cites a June 2026 study finding only 3–15% of ERC-8004 registrations across Ethereum, BSC, and Base actually pair a valid registration file with a live service endpoint. Most of what's registered isn't answering when called. One commentator quoted in the piece put it more bluntly: the standard is currently "less about actually representing a working agent, and more about a public review standard for paid 402 endpoints."
  • World's AgentKit — lets a verified human delegate an anonymous proof-of-humanity to their agent. It's already earning agents real treatment differences: Bankless reports Exa grants verified agents 100 free monthly requests, and Browserbase upgrades them to a "Verified" browser class with less anti-bot friction.
  • x402 / x401 — payment and selective-disclosure layers, with Circle reportedly signing on as a co-adopter of x401 for proving attributes (humanity, age, KYC/KYB status) without exposing the full identity behind them.

None of this is a finished answer. It's three partial standards, adopted unevenly, solving overlapping pieces of the same question.

The tension nobody's resolved

The honest part of the article is the privacy tradeoff it doesn't paper over: selective disclosure via zero-knowledge proofs keeps an agent from broadcasting its full identity on every request, but a reused wallet address or persistent credential still leaves a linkable trail across sites. "The proof has to scale to the stakes" is the framing — check a price, don't bother; move funds, show your work. Nobody has shipped a clean answer for where that line sits, and no standard currently enforces it.

The Sato take

This is the same gap we built the Sato Score and the Agent Passport around: self-reported and verifiable are not the same claim, and right now most of what agents present to the web is the former. A registration file with no live endpoint behind it isn't identity, it's a form submission. If your agent can move money or make claims on your behalf, "it's on ERC-8004" is not, by itself, evidence of anything — check whether the endpoint actually resolves.

This is exactly the gap in-progress standards like ERC-8004, x402, and wallet-signature verification are trying to close, and it's why we score resources on whether they're live and checkable, not just registered. If you're building an agent that needs to be trusted by the sites it visits — not just by you — start with what's actually provable: a wallet it controls, an endpoint that answers, a standard it implements correctly, not just claims to.

What to watch

Watch the ERC-8004 live-endpoint rate over the next few months — that gap between registered and working is the real adoption number, not the registry count. Watch whether x401 gets a second major adopter beyond Circle. And watch whether any site operator (Cloudflare is the obvious candidate, already authenticating known bot operators like OpenAI and Perplexity) starts giving preferential treatment to agents that can prove more than a wallet address.

Sources

  • [Who Sent This Bot? The Web Needs an Answer](https://www.bankless.com/read/who-sent-this-bot-the-web-needs-an-answer) — Bankless, July 13, 2026

Sources

Join the Sato Hub Briefing

One email a week — the agents, tools, and infrastructure that actually shipped, and why they matter.