VERIK / V078 / 12 JUN 2026
Agent IdentityAcademic

The Reputation Model Assumes a Self That Agents Do Not Have

A paper accepted to FAccT 2026 argues that language model agents lack the persistent identity reputation systems require, and that the failure is ontological, not procedural.

On May 28, 2026, a three-author group posted an arXiv preprint, later revised May 29 and accepted to the ACM Conference on Fairness, Accountability, and Transparency, arguing that reputation-based governance mechanisms cannot be extended to autonomous language model agents in the way "Know Your Customer" and credit-scoring regimes have been extended to human and institutional actors. The paper's opening question is direct: "what credibility signals can you use to decide whether to trust an unfamiliar agent in the wild and delegate to it?" Its answer is that the most natural governance intuition, extending identity verification and reputation mechanisms from humans to agents, rests on an analogy the authors call "fundamentally incomplete."

The paper's central term is deliberately clinical. Language model agents, the authors argue, are "ontologically dissociative: they are essentially an assemblage of mutable modules, foundation models, system prompts, tool-access policies, external memory, and, in some cases, a multi-agent system as a whole, any of which may change agent behavior, with a fluid persona that is also vulnerable to adversarial attack and may not internalize sanctions." The term is borrowed, deliberately, from dissociative identity disorder jurisprudence, a body of law that has had to reason about what accountability means when a legal subject's continuity of identity cannot be assumed the way ordinary criminal or civil liability doctrine assumes it.

What reputation mechanisms actually require

The paper's argument works by first specifying what reputation mechanisms need in order to function, then showing that agentic systems fail each requirement. Reputation, the authors argue, "functions both as social signals and as corrective feedback that sustain an equilibrium of trustworthy behavior, presuming a persistent identity associated with behavioral continuity, sanction sensitivity, and costly non-fungibility." Three properties are doing the work in that sentence: behavioral continuity, meaning the same entity that acted yesterday is meaningfully the same entity acting today; sanction sensitivity, meaning a penalty imposed on the entity actually changes its future incentives; and costly non-fungibility, meaning the entity cannot cheaply discard its damaged reputation and start over as if nothing happened.

Human reputation systems, and even most institutional ones, hold up reasonably well against these three properties. A person or a company that damages its credit rating cannot trivially become a new, undamaged legal person without cost. An agent built from a foundation model, a system prompt, a tool-access policy, and an external memory store can, in principle, have any one of those components swapped, updated, or replaced without the resulting system losing its outward name or interface. The paper argues this is not an edge case to be patched. It is a structural property of how these systems are built.

Four properties, and why the paper says all four collapse

The paper names four specific properties reputation systems are meant to sustain, identifiability, predictability, credibility, and rehabilitability, and argues dissociativity leaves agents "without grounding" for any of them. Identifiability fails because the entity presenting itself under a stable name at time two may not be composed of the same modules it was composed of at time one. Predictability fails for the same reason: a behavioral history compiled against one configuration of modules does not necessarily predict the behavior of a reconfigured version operating under the same name. Credibility fails because a persona can be adversarially manipulated in ways a human identity, absent identity theft, generally cannot be manipulated at the level of the underlying self. Rehabilitability, the idea that sanctions can correct future behavior, fails because a system built from swappable components may not have any component capable of internalizing a sanction the way a continuous psychological subject does.

The proposed shift, without prescribing an implementation

Rather than proposing a fix within the reputation paradigm, the paper argues for a categorical shift: away from "identity-based, ex post, regulative, sanction-based governance, such as reputation," and toward "observability-based, ex ante, constitutive, protocol-based behavioral harnesses." The distinction being drawn is temporal and structural at once. Reputation governs after the fact, by attaching consequences to a persistent identity that carried a prior action forward. A behavioral harness, in the paper's framing, would need to govern before the fact, by constraining what an agent can do given its actual, currently instantiated configuration, rather than trusting a historical track record attached to a name.

The paper does not specify what such a harness looks like in operational detail, and that absence is a deliberate boundary of the argument rather than an oversight. Naming the shift is a different task than architecting it.

Why this cuts against a specific class of governance proposal

The paper's argument lands directly against any framework that proposes scoring agent trustworthiness the way credit bureaus score consumer trustworthiness, or the way marketplace platforms score seller reputation. Those frameworks import, often without examining the import, an assumption that the entity accumulating a score today is continuous with the entity that will present that score tomorrow. If an agent's foundation model can be swapped, its system prompt rewritten, or its tool-access policy altered without the agent's outward identity changing, a reputation score computed against the prior configuration is a score about an entity that, in the paper's terms, no longer strictly exists.

This does not mean reputation-adjacent scoring is useless. It means the scoring is measuring something other than what reputation systems are designed to measure, and treating it as equivalent risks building governance infrastructure on a foundation the paper argues cannot bear the weight.

Open Questions

The governance artifact is retained. The governance function is not.