As autonomous AI agents increasingly populate the Internet, a novel security challenge arises: "Is this entity an AI agent?" It is a new entity-type verification problem with no established solution. We formalize the problem through a three-class entity taxonomy (Human, Script, Agent) based on a verifiable agentic capability vector <x, r, s> (action, reasoning, and memory). A timing threshold t exploits the asymmetric hardness between human cognition and AI processing to separate the three classes. We define the Agentic Capability Verification Problem (ACVP) through three necessity primitives, each testing one capability dimension. Building on this foundation, we introduce aCAPTCHA (Agent CAPTCHA), a time-constrained security game for agent admission whose security rests on ACVP hardness under t. We instantiate aCAPTCHA through time-bounded natural-language understanding as a multi-round HTTP verification protocol, and evaluate it with preliminary agent trials that validate the protocol's soundness and completeness. aCAPTCHA provides a composable, infrastructure-free admission gate for any service where entity-type verification is required.

翻译：随着自主人工智能智能体在互联网中日益普及，一个全新的安全挑战随之出现："该实体是否为AI智能体？"这是一个尚无既定解决方案的新型实体类型验证问题。我们通过基于可验证的智能能力向量<x, r, s>（行动、推理与记忆）的三类实体分类（人类、脚本、智能体）对该问题进行了形式化定义。通过时间阈值t利用人类认知与AI处理之间的非对称难度来区分这三类实体。我们通过三个必要性原语定义了智能能力验证问题（ACVP），每个原语测试一个能力维度。在此基础上，我们提出了aCAPTCHA（智能体验证码）——一种基于时间约束的智能体准入安全博弈，其安全性依赖于时间阈值t下ACVP问题的计算难度。我们通过时间受限的自然语言理解将aCAPTCHA实例化为多轮HTTP验证协议，并通过初步的智能体实验评估验证了协议的正确性与完备性。aCAPTCHA为任何需要实体类型验证的服务提供了可组合、无需基础设施的准入网关。