The internet is broken and doesn’t work for everybody. This is a sad truth that hasn’t dawned upon most people. We have digitized commerce and communication, but haven’t even begun to scratch the surface when it comes to solving the paradox of the digital identity security conundrum. It is a fundamental layer that enables trust between transacting parties and protects individuals online.
Digital identity theft and other cyber crimes are on the rise. Damages related to these online incursions are projected to reach as high as $10.5 trillion per annum by the end of 2025. This makes the illegal market the third-largest economy in the world, behind the US and China, and a cause of major concern. Cutting-edge, automated bot farms now make up more than half of the internet traffic and make it harder for systems to distinguish between real humans and these automated machines. The UK’s Online Safety Act and the EU’s New AI Act are two attempts to restore some of the balance and regulate this online chaos, but these disjointed regulations may not be enough, and they create more problems than they are able to solve.
To explore this topic of utmost importance, I sat down with Kirill Avery, a tech leader whose consumer social app now has 15 million users. He is tech startup accelerator Y Combinator’s youngest solo founder.
Ade: Thank you for taking the time to sit with us. Can you introduce yourself to our audience and your educational/professional background?
Kirill: My name is Kirill Avery, and I’m a middle school dropout. I started coding at 11 and was fascinated by building software for my friends. I remember when I built a mobile game and brought it to school—the whole school started using it. That was when I realized that building something your friends use is an incredibly fulfilling activity.
I got invited to work at VK as a teenager and was part of a small R&D team where we built a social trivia app that virally grew to 15 million users in 9 months. I moved to the US at 17 and was fortunate to join Y Combinator with my new social app startup shortly after. That’s when I realized that the golden age of social apps had ended, but the fundamental issues of digital connection and trust are more relevant than ever. That became the initial thesis for what I’m building now, which is connected to decentralized identity and proof of personhood.
Ade: Digital Identity theft is a challenge that most people don’t think much about. They just click the login buttons and click accept on cookie requests and agreements without reading anything. What is the sheer scale of this core issue, and why isn’t the tech industry reaching out to the masses regarding it?
Kirill: When the internet first appeared, it was built as a credible, neutral, decentralized protocol. Almost everything that was built on top of it followed a similar thesis. That’s why email is still so powerful—you don’t need to think about which client to use for it, and it’s free.
In the mid-2000s, companies realized they could centralize the discovery layer and monetize it. On the other side of the table, the typical consumer doesn’t really care about privacy or data ownership, and there’s a social desirability bias at play. So you have market incentives for companies to continue doing this and making more money, which is now continuing with AI companies.
Kirill: The problem is that people think digital identity is just about proving you own an account through face scans, passwords or signatures. But that’s completely missing the bigger picture. As AI agents start acting on our behalf across the internet, the real question becomes: how do we verify that an AI agent actually represents a real person and has their permission to act?
Traditional identity verification is just a one-time check, but we need continuous proof of personhood and authentic human intention behind every action. When AI agents are making purchases, posting content, or interacting socially for us, we need systems that can distinguish between genuine human-directed activity and bot farms or malicious actors. That’s the real identity challenge we’re facing.
Kirill: The exact same playbook is happening again. Social media companies started by offering free, convenient services, then gradually centralized all the data and monetized it without users really understanding what they were giving up. Now AI companies are doing the same thing, except they’re making public promises about not training on user data, but those promises don’t really mean anything.
Companies can change their terms of service overnight, and there’s no real accountability or transparency about what actually happens to your data once it’s in their systems. We’ve seen this before with social platforms walking back privacy commitments. The concern is that we’re creating even more powerful single-point-of-failure gatekeepers who have access to everything—your emails, documents, conversations. Even if they choose not to train or sell this data, governments still can request all this private information and use it for surveillance under the idea of “public safety”.
Ade: Both the UK and the EU have rolled out age verification apps and extended ID checks for online users. Are these regulatory moves progressive, or do you think they are sidestepping the issue and wasting a lot of time?
Kirill: From the government’s perspective, it’s the next step toward more extensive surveillance. Now, governments themselves would know what you read, do, and think in a verifiable way only for them. This is the core infrastructure that enables CBDCs. The only way to make it different is to enable privacy-preserving identity, one where there’s no single database that a few people can access. You, as a user, should be able to prove your age to a website without revealing who you are, but ID checks from the UK or EU aren’t designed for that.
Ade: AI agents are now actively applying for jobs, making purchase decisions, negotiating contracts, and helping cut down corporate waste. For business owners trying to tell the difference between real users and bots, what are the pragmatic risks associated with their operations?
Kirill: I just recently hired a developer who was able to trick the entire interview process, and everyone on our team said they liked him. He was fired a week later. As we learned, he was using one of the teleprompter AI “cheating” tools to pass the interview.
I believe we have a talented, smart team, and it’s only 2025. Can you imagine what will happen going forward?
Ade: Privacy advocates like Edward Snowden have long argued that any identity-based system eventually becomes a surveillance overseer with time. How do you solve the bot problem without creating a privacy nightmare?
Kirill: You can use cryptography, zk proofs, and a lot of other tools to lower the risks of that statement. But the whole world is moving toward a centralized, identity-based internet. So the only way to compete with that narrative is to suggest an alternative. And that alternative isn’t a “no identity internet”—it’s a properly designed, privacy-preserving, self-sovereign one.
Ade: Over 50 countries around the world are looking to develop and deploy extensive Central Bank Digital Currency (CBDC) regimes. If we don’t fix the digital identity conundrum, where will this cashless trajectory lead us in the next 5 years?
Kirill: As AI platforms integrate deeper into the internet, politicians will see the only way to ensure “safety” is by introducing identity requirements. But they have no clue how the technology works and will choose the easiest route – what the UK and EU are doing now. Basically, it could lead to a situation where if you don’t agree with the current political party, all your assets get frozen in a second. It could make the worst historical totalitarian regimes look tame by comparison.
Ade: You became the youngest solo founder to ever come out of Y Combinator’s successful program. What has this experience taught you, and will you be able to scale the adoption of your platform effectively?
Kirill: I think I’m not the youngest anymore ha-ha 🙂
What I learned is that understanding the rules of how everybody does things helps you figure out when you can break specific rules. That’s when novel, innovative ideas appear—when you look at something and think it’s not how it’s supposed to be done. I’m applying all the diversity of my knowledge from growing social apps, building great interfaces, understanding highly scalable distributed systems, and my immigration background that shaped my privacy and freedom views into what I’m currently building.
Ade: Thank you for sitting down with us and giving your two cents on the matter. I wish you success in your endeavours.
