RSS

Block the Abuse, Not the Future

twapi1 pts0 comments

Block the abuse, not the future · Joost.blog Skip to content ⌕ search the archive

Block the abuse, not the future<br>Published · June 2, 2026 3 min readBy Joost de Valk

This week I shipped an MCP so AI agents could read specification.website. Also this week, one of my hosts shipped a CAPTCHA on another of my sites. To keep the agents out. Only one of us is reading the room.

Why I shipped the MCP

Making a site legible to agents is becoming table stakes. Agents are readers, and they act on behalf of readers who are starting to buy through them. An MCP is the cheapest possible front door. If I ask Claude for an MCP to find X, it will find one. If you do not have one, it finds someone else’s.

That is the whole reason to ship one. I have been building it by design for a while now. The same stateless server, the same content negotiation on the same URL, the same discovery wired into every response. The cost is small. The payoff is being one of the candidates the agent considers, instead of being absent from the shortlist.

Why the CAPTCHA enrages me

Anti-AI CAPTCHAs treat every agent as an attacker. They do not distinguish between a script scraping a customer database and a paying user’s assistant fetching a page on their behalf. They break legitimate automation, mine included. They punish your own paying customers, who, like the rest of us, are starting to delegate tasks to agents. And they read as a host fighting the tide rather than serving it.

The “smart blocking” defense

A host might answer to this that they are not blanket-blocking. They are doing it the smart way: scoring requests, challenging only what looks suspicious, letting good actors through.

Except they are not. I get challenged on real requests, on my own sites. Real humans, real customers, sitting in front of a “prove you are not a robot” puzzle before they can read a page they came to read.

The cost of serving a cached page is never higher than the cost of turning a customer away with a CAPTCHA.

The economic bet

Attention and buying intent are shifting toward agent-mediated traffic. Walling agents out optimizes for the human-only web that is shrinking, not the agent-plus-human web that is growing. It is the same misread that pushed publishers off the open web into walled platforms. The difference: this time the platform the host is betting against is not a social network. It is software running on the reader’s own machine.

The honest counter

There is a real objection here. Agents do impose cost and abuse risk. Server bills are real. Scraper floods are real. A site getting crawled to death by a model trainer with no business relationship to the owner is a real problem.

The answer is:

Authenticate agents. There is a standard for this: Web Bot Auth, built on RFC 9421, lets a bot sign each request with a key you can verify. That tells you exactly who is on the other end, which is more information than a CAPTCHA ever produces.

Give them a sanctioned door: an MCP, an API, a paid tier with higher limits. The agent traffic worth having will use the door. The traffic worth blocking will keep doing what it already does.

Finally, rate-limit them, per identity, per origin, per route, the same way you rate-limit humans.

Block the abuse, not the future.<br>Reply or shareBlueskyLinkedInWhatsAppEmail

Filed under<br>AI<br>Strategy

Related writing<br>From the archive

May 22, 2026 · 10 min<br>Agent-ready by design<br>I retrofitted this blog to be agent-ready, then built cocktail.glass from an empty repo with AI agents as a first-class audience from the first commit. Here's what changes when agent-ready is a design input instead of a renovation: one source of truth, Markdown negotiation, a stateless MCP server, and discovery in every response.<br>April 7, 2026 · 9 min<br>Defending the open web is not enough<br>Anil Dash calls it the endgame for the open web, and he's right. But the structural collapse has already started. The indie web is mostly gone, the winners have already left, and defense alone won't fix it. The question isn't how to protect what remains. It's what to build next.<br>May 21, 2026 · 6 min<br>What's a visitor in the age of AI?<br>In the 24 hours before I started writing this post, Plausible told me joost.blog had 254 visitors. My server logs told me 536 fetches over the same window came from on-demand AI bots like ChatGPT-User and Claude-User. Those bots only fire because a human, in real time, asked an AI a question. Is the real number 254, 790, or something else? I genuinely don't know, and I think that's the more interesting story.

Esc

agents real agent abuse from block

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.