This work proposes the first formal formulation of the AI Agent Capability Verification Problem (ACVP), aimed at distinguishing among humans, automated scripts, and AI agents endowed with action, reasoning, and memory capabilities. To address this, the authors introduce a tripartite entity discrimination framework based on a capability vector ⟨x, r, s⟩ and a temporal threshold t, and design aCAPTCHA—a composable, infrastructure-free protocol that embeds asymmetrically hard verification games within HTTP interactions via multi-round, time-constrained natural language understanding tasks. Preliminary experiments demonstrate that aCAPTCHA achieves both completeness and soundness, effectively and accurately differentiating the three classes of entities.

As autonomous AI agents increasingly populate the Internet, a novel security challenge arises:"Is this entity an AI agent?"It is a new entity-type verification problem with no established solution. We formalize the problem through a three-class entity taxonomy (Human, Script, Agent) based on a verifiable agentic capability vector(action, reasoning, and memory). A timing threshold t exploits the asymmetric hardness between human cognition and AI processing to separate the three classes. We define the Agentic Capability Verification Problem (ACVP) through three necessity primitives, each testing one capability dimension. Building on this foundation, we introduce aCAPTCHA (Agent CAPTCHA), a time-constrained security game for agent admission whose security rests on ACVP hardness under t. We instantiate aCAPTCHA through time-bounded natural-language understanding as a multi-round HTTP verification protocol, and evaluate it with preliminary agent trials that validate the protocol's soundness and completeness. aCAPTCHA provides a composable, infrastructure-free admission gate for any service where entity-type verification is required.