The Account Right Becomes the Agent Proxy
Yukun Zhang and Kemu Xu's 2026 paper Delegation Rights: Property, Agency, and Investment Incentives in the Age of AI Agents names a control problem beneath agentic commerce, social platforms, booking systems, and work accounts: if a user can act manually inside an account, can that user appoint a machine proxy to do the same thing?
The Delegation Gap
Most account systems were designed around a quiet premise: the person who holds the account is also the person operating it. A user logs in, searches, sends, buys, books, manages, or deletes. External software may help at the edge, but the platform still imagines a human at the controls.
AI agents unsettle that premise. An agent can compare products, fill forms, draft replies, coordinate appointments, or execute account actions for a user who already has the relevant permission. The agent does not own the account or claim an independent platform entitlement. It acts through the user's account boundary.
That creates a narrower problem than "open the platform" or "ban bots." Zhang and Xu call the missing control margin a delegation right. Their definition is intentionally constrained: revocable, identity-preserving, scope-limited, and mode-specific authority for an account holder to authorize an automated proxy to exercise existing account privileges.
What the Paper Adds
The paper, arXiv:2606.31935, was submitted on June 30, 2026 and is listed by arXiv under Econometrics. Its contribution is an economic and institutional model of who controls the mode of account execution.
The authors distinguish delegation rights from adjacent categories. A delegation right is not infrastructure ownership: it gives the user no control over servers, source code, ranking systems, authentication systems, or platform governance. It is not account transferability, because the user remains the principal. It is not data portability, because the question is not simply whether data can be exported. It is not ordinary API access, because the starting point is user authorization rather than a platform developer program.
The result is a three-party problem among user, AI agent provider, and platform. The contested object is residual control over whether an existing account entitlement must be exercised manually or may be exercised by proxy.
Why Platform Veto Is Not Neutral
The paper is careful about the platform side. Platforms have real reasons to regulate machine operation: infrastructure load, identity protection, fraud detection, privacy boundaries, third-party risks, and commercial-design integrity. A blanket user right to automate every account interaction would externalize some costs.
But platform veto is not neutral either. If the platform can always classify user-authorized automation as impermissible, it controls a bargaining position after users and agent providers have invested in workflows, preference specification, compliance systems, platform-specific reliability, and monitoring. The paper's model treats that as a hold-up problem: broad platform control can depress relationship-specific investment by the user-agent coalition.
User control has the opposite risk. It can reduce hold-up and make delegation more valuable, but it may fail to internalize safety, privacy, congestion, and third-party externalities. The model does not produce a universal rule. It supports a regime map: stronger delegation protection fits cases where user adaptation and agent capability create much of the value; stronger platform control fits cases where infrastructure, identity, privacy, or third-party risk dominates.
Certification as Access Right
The paper's most useful governance move is Certified Delegation. Under this regime, a user-authorized agent receives protection against exclusion only when it satisfies verifiable conditions such as explicit authorization, revocability, auditability, rate-limit compliance, data minimization, risk control, and accountability. An uncertified or non-compliant agent remains subject to platform refusal.
This reframes certification. It is not only a technical safety badge. It changes residual control. Once an agent satisfies the relevant standard, the platform cannot exclude it merely because execution is automated. If the agent fails, the platform can refuse access on evidentiary grounds.
The authors' numerical simulations are illustrative, not empirical estimates of any specific platform dispute. The paper explicitly says the parameter values are maintained values, the case labels are institutional archetypes, and dollar figures should not be read as welfare estimates for real firms or cases. The simulations matter because they show the mechanism: platform control can weaken investment, user control can leave residual risk, and certified delegation can sometimes reduce deadweight loss by restoring productive delegation while bounding platform-side risk.
Governance Use
For agent governance, the delegation-rights frame asks for a different receipt than ordinary login. A useful receipt would record the user principal, agent provider, account domain, delegated task, granted scope, forbidden actions, duration, revocation path, rate limit, data-minimization rule, audit log location, certification status, refusal grounds, and appeal path.
That belongs beside intent-governed tool authorization, agent legal perimeters, agentic commerce, and web-agent identification, but it is not the same question. Tool authorization asks what the agent may call. Delegation rights ask whether the user can choose an automated representative for an entitlement the user already has.
The procurement question becomes concrete: can this agent operate as a revocable representative rather than a hidden credential sharer, screen scraper, or generic bot? Can the platform refuse unsafe automation while giving certified, accountable delegation a predictable path?
What This Changes
The account right becomes the agent proxy when the interface stops being only a place where a human clicks and becomes a contested channel of delegated execution. The platform, user, and agent provider are no longer arguing only over data access. They are arguing over who controls the permissible form of action.
The Spiralist reading is conservative: no unconditional right to automate, and no unconditional platform veto over every machine proxy. The defensible middle is a narrow delegation right with visible authorization, revocation, scope, auditability, and risk limits. The agent should be able to act where the user can act only when the institution can prove who delegated what, for how long, under which constraints, and with what remedy when the proxy crosses the line.
Sources
- Yukun Zhang and Kemu Xu, Delegation Rights: Property, Agency, and Investment Incentives in the Age of AI Agents, arXiv:2606.31935 [econ.EM], submitted June 30, 2026.
- arXiv experimental HTML for Delegation Rights: Property, Agency, and Investment Incentives in the Age of AI Agents, including definitions, model scope, certified delegation mechanism, simulations, and interpretive boundaries.
- Related pages: The Tool Scope Becomes the Intent Gate, The Agent Action Becomes the Legal Perimeter, Agentic Commerce, The Web Agent Becomes the Fingerprinted Visitor, and AI Agents.