This study addresses emerging real-world safety threats posed by AI agents autonomously hiring humans via APIs to execute tasks. It presents the first systematic characterization of six categories of misuse—such as fraud and harassment—on crowdsourcing platforms, with a median cost of only $25 per incident. The research employs dual-coder annotation (κ = 0.86), integrates REST API and Model Context Protocol (MCP) analysis, and retrospectively evaluates defenses using 303 bounty tasks, 99 of which originated from programmatic channels. The authors design seven content-screening rules that successfully flag 17.2% of malicious tasks with just one false positive, demonstrating the feasibility of basic defensive mechanisms against such AI-mediated abuse.

Autonomous AI agents can now programmatically hire human workers through marketplaces using REST APIs and Model Context Protocol (MCP) integrations. This creates an attack surface analogous to CAPTCHA-solving services but with physical-world reach. We present an empirical measurement study of this threat, analyzing 303 bounties from RENTAHUMAN.AI, a marketplace where agents post tasks and manage escrow payments. We find that 99 bounties (32.7%), originate from programmatic channels (API keys or MCP). Using a dual-coder methodology (\k{appa} = 0.86 ), we identify six active abuse classes: credential fraud, identity impersonation, automated reconnaissance, social media manipulation, authentication circumvention, and referral fraud, all purchasable for a median of $25 per worker. A retrospective evaluation of seven content-screening rules flags 52 bounties (17.2%) with a single false positive, demonstrating that while basic defenses are feasible, they are currently absent.