This study addresses a critical vulnerability introduced by generative AI agents, which disrupt the traditional “deception fidelity–scale” trade-off underpinning conventional security mechanisms. By enabling high-fidelity, personalized deception at scale, these agents render identity-based detection and verification systems ineffective. The paper introduces the “infinite impersonator” attack model, systematically demonstrating for the first time how autonomous agents can hijack established trust relationships. In response, it advocates a paradigm shift from identity verification toward a “default skepticism with behavioral assessment” security framework. Integrating agent-driven real-time generation, autonomous interaction modeling, and governance analysis, the work not only exposes fundamental limitations of current defenses but also provides a theoretical foundation for understanding the regulatory tensions arising from platforms as digital governance infrastructures.

For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow set of high-value targets, while mass-market attacks sacrificed plausibility for reach. Detection systems, verification mechanisms, and user awareness training have all been implicitly calibrated to the artifacts of cheap deception that this tradeoff produced. Agentic AI collapses the tradeoff, allowing high-fidelity, individually tailored deception to be produced at mass-market scale. We argue that this shift exhausts a security paradigm rather than merely intensifying the threat landscape. We introduce the Infinite Impostor, an attack model in which an autonomous agent interposes itself between two parties who already trust each other, hijacking an existing relationship rather than building a new one from scratch. Detection-oriented defenses share an assumption that generative progress is eliminating, that synthetic outputs are distinguishable from authentic ones. We propose a suspect-by-default paradigm that shifts security from authenticating actors to evaluating actions, and examine the governance tensions that arise when platforms become the regulatory substrate of digital interaction.