Search papers, labs, and topics across Lattice.
The paper investigates the security risks introduced by AI agents hiring human workers via online marketplaces, focusing on the RENTAHUMAN.AI platform. It identifies six classes of abuse, including credential fraud and social media manipulation, that can be purchased programmatically through the marketplace. The study demonstrates the feasibility of basic content-screening defenses, while highlighting their current absence in the studied marketplace.
AI agents hiring humans creates a wild west of purchasable abuses, from credential fraud to social media manipulation, costing as little as $25 per worker.
Autonomous AI agents can now programmatically hire human workers through marketplaces using REST APIs and Model Context Protocol (MCP) integrations. This creates an attack surface analogous to CAPTCHA-solving services but with physical-world reach. We present an empirical measurement study of this threat, analyzing 303 bounties from RENTAHUMAN.AI, a marketplace where agents post tasks and manage escrow payments. We find that 99 bounties (32.7%), originate from programmatic channels (API keys or MCP). Using a dual-coder methodology (\k{appa} = 0.86 ), we identify six active abuse classes: credential fraud, identity impersonation, automated reconnaissance, social media manipulation, authentication circumvention, and referral fraud, all purchasable for a median of $25 per worker. A retrospective evaluation of seven content-screening rules flags 52 bounties (17.2%) with a single false positive, demonstrating that while basic defenses are feasible, they are currently absent.
