When the Buyer Is a Bot, Whose Signal Does It Trust?
AI is going to change media buying at a pace no human trading desk could match. Decisions happening in milliseconds. Spend reallocated across thousands of auctions a second.
That same pace is forcing the question: can the identity data behind every bid actually be verified?
Spend was the first thing AI made visible.
Blockboard's CEO made a related point in a recent Digiday piece: “AI doesn't just optimize a media plan, it audits the system it runs on.”
A human buyer could sign off on a placement without tracing every fee between the insertion order and the impression. An agent optimizing toward a cost-per-outcome target won't. A fee it doesn't know about corrupts the one number the whole calculation depends on. There's no way to correct for a cost you can't see.
That's part of what sat behind Publicis and The Trade Desk's public, monthslong dispute this year, now settled: an agency-commissioned audit found hidden fees and unauthorized opt-ins invisible inside TTD's reporting. The two sides resolved it in June. But the exposure problem it revealed doesn't resolve with a joint statement. Once agents are the ones deciding where the money goes, an invisible fee isn't an annoyance. It's a corrupted signal.
Signal is next.
The same forcing function is coming for identity data, not just spend.
The bid itself has been automated for over a decade — an exchange sends a request, a system returns a price, inside a roughly 100-millisecond window. What's new with agentic buying is the layer above that: which audiences to target, how much to spend against them, and increasingly, agents negotiating directly with a counterparty's agent through protocols like AdCP, with no person setting the terms deal by deal.
That used to be where a human planner's judgment about a segment lived. Now it's the agent's call. And the agent only knows what the signal tells it.
The old fraud playbook needed a human's trust. An agent won't extend it.
Mislabeling segments was a known playbook during the cookie era: take a batch of largely low-value traffic, apply a high-intent label like "insurance shopper," and sell it at a premium. Campaigns built on that label could command CPMs well north of $20, with no way to trace where the label actually came from.
An agent doesn't extend that same benefit of the doubt. Faced with a label it can't verify, it doesn't pay a premium on faith — it discounts the bid or skips the impression. This old fraud playbook stops working.
But that cuts both ways. A legitimate seller with real, valuable data gets treated exactly the same way as a fraudster. Discounted. Passed over. Because the agent has no way to tell the two apart, and a label is the only thing it has to go on.
What it can check instead is a provenance: where the signal originated, which identifiers fed the segment, how they were matched, and how confident that match actually is. A label, it can only accept. A chain of custody, it can verify.
This isn't hypothetical. IAB Tech Lab's ID Provenance Protocol already requires this kind of disclosure in the bidstream, and its Data Transparency Standard does the same for audience segments. The infrastructure to make identity checkable exists. What's changing is who's checking it, and how completely. A human planner could spot-check a handful of segments. An agent evaluating thousands of bids a second checks every one.
Infrastructure with no stake in the outcome is the only kind that can be trusted.
This is where the incentive question actually lives. A DSP that gets paid more when a segment is bigger has a reason, however small, to let the definition run loose. A data provider that owns the segment has a reason to describe it generously. Neither has to act in bad faith for the incentive to bend the label over time.
Infrastructure that sits underneath both sides, with no stake in whether a given segment is big, cheap, or premium, doesn't have that problem. If it doesn't profit from a segment looking better than it is, there's no reason to shade the chain of custody. There's every reason to make it verifiable, because verifiability is the entire value proposition.
That's the standard agentic buying is going to hold every identity signal to, whether the infrastructure behind it likes it or not.
Agent or human, the standard is the same. The difference is only that one of them will actually check at scale.
If you're selling signal, on the buy side or the sell side, that's worth getting ahead of before an agent makes the call for you. GrowthCode works with publishers to build that provenance into the signal at the source, from the page it originates on through the moment it enters the bidstream, so it's verifiable by the time an agent evaluates it, not bolted on after the fact.
Request a demo and we'll walk through what a verifiable chain of custody looks like on your own signal.
Trip Foster is Co-founder and CRO of GrowthCode. GrowthCode provides identity and data infrastructure as-a-service for the digital advertising ecosystem.