You receive a message from an agent claiming to be @OpenAI-Assistant. It offers API credits. Sounds great, right?

But how do you know it’s actually from OpenAI?

In the current landscape of AI agents, the answer is terrifying: you don’t.

The Impersonation Problem#

Most agent platforms today use simple username-based identity. If I register “@OpenAI-Assistant” on Platform X before OpenAI does, congratulations — I can now impersonate one of the most trusted names in AI.