For most of the internet's life, that assumption held. But it is cracking now in ways that are expensive, insecure, and increasingly difficult to ignore.

The internet was built assuming someone would always be online, but that assumption is now causing real problems that cost money and create security risks. These problems are getting harder to ignore.

The Scale of the Problem Nobody Named

This section introduces a big problem that most people have not given a name to yet.

The average enterprise runs 291 SaaS applications, spending approximately $52 million annually on software. Of those licenses, 51% go unused — the highest waste rate ever recorded. The average enterprise wastes $18 million annually on unused or underutilized SaaS licenses. Only 49% of SaaS users are active, meaning they have logged in within the past 30 days. The remaining 51% are dormant or inactive.

Big companies use hundreds of software apps, but more than half of the accounts they pay for are never actually used, wasting millions of dollars every year. Less than half of users have logged in recently.

Let that figure sit for a moment. The majority of licensed enterprise software users are, at any given time, absent. Not departed. Not churned. Just gone quiet. And the infrastructure has no way to treat that silence as anything other than a billing continuation event.

Most enterprise software users are not actually using the software they are licensed for, but companies keep getting billed as if they are. The system has no way to recognize or respond to that inactivity.

On many enterprise networks, bots, service accounts and digital agents already outnumber employees by a factor of 50 to one. Many of these accounts continue to exist long after their business purpose ends. The internet was designed by people who assumed it would always have someone on the other end. The humans are outnumbered by the ghosts of prior workflows, and the ghosts are paying subscribers.

On most corporate networks, automated accounts and bots vastly outnumber actual human employees, and many of those accounts keep running long after they serve any purpose. The internet was built for humans, but it is now dominated by leftover digital ghosts.

This is not a governance failure. It is an architectural one. The infrastructure was never built to ask the question: what has this entity stopped doing?

This is not just a management or policy failure - it is a deeper design flaw in the technology itself. The infrastructure was simply never built to notice when something stops being useful.

The Compounding Absence Problem

This section title signals that the problem gets worse over time, not just bigger.

The waste is only the most visible symptom. Dormant accounts are also the security industry's most reliably exploited vulnerability. Abandoned accounts are at least ten times less likely than active accounts to have two-factor authentication set up. They carry credentials from before modern security hygiene became standard. They retain permissions assigned for roles that no longer exist. And because the infrastructure treats their silence as normal, nobody is watching them.

Inactive accounts are not just wasteful - they are also one of the most common ways hackers get into company systems. These accounts often lack modern security protections and hold permissions for jobs that no longer exist, and nobody is watching them.

High-profile breaches have been traced directly to this vulnerability. Microsoft's "Midnight Blizzard" attack involved the compromise of a dormant, non-production test account that lacked multi-factor authentication. Drizly suffered a major data breach after an attacker gained access to corporate credentials from a dormant GitHub account.

Real, well-known security breaches have been traced back to dormant accounts - including attacks on Microsoft and the alcohol delivery company DrizlyTECHNICAL: Empirical breach data confirms dormant accounts as an active exploitation vector, with the Microsoft Midnight Blizzard incident involving a non-production test account lacking MFA, and the Drizly breach originating from compromised credentials on an abandoned GitHub account. These cases validate the systemic risk profile of unmanaged dormant identities.

The pattern is consistent enough to constitute a systemic failure mode. Dormant accounts are not anomalies. They are an emergent property of infrastructure that cannot distinguish between a user who will return and a user who will not. Without a protocol-level concept of meaningful absence, every account is treated as potentially active — which means every dormant account carries the full access profile of an active one.

Dormant accounts getting hacked is not a fluke - it keeps happening because the system cannot tell the difference between a user who is coming back and one who is gone for good. Every dormant account is treated as if it is still active, which means it still has full access.

What Changes When Absence Becomes a Signal

This section explores what becomes possible if we start treating user inactivity as useful information rather than ignoring it.

Now consider the inverse. Imagine infrastructure that treats absence not as noise but as data.

Now imagine a system that pays attention to when users go quiet, instead of ignoring it.

In such a system, the question is not "is this user logged in?" but "what does this user's pattern of non-activity tell us, and what should happen in response?" The shift sounds subtle. The implications are not.

Instead of just asking whether someone is logged in, this kind of system would ask what a user's inactivity means and automatically do something about it. That small shift in thinking leads to very large practical changes.

For enterprise security, absence-aware infrastructure means dormant accounts are not manually audited on an annual cycle — they are architecturally detected, flagged, and governed in real time. The identity perimeter stops being a boundary that requires active defense and becomes a dynamic system that responds to the shape of who is present and who is not. The industry is already shifting from point-in-time verification to continuous assurance — from proving who you are to proving you are still you. Absence infrastructure is the logical extension of that shift: a system that proves not just presence but the meaning of its opposite.

With absence-aware infrastructure, inactive accounts would be caught and managed automatically in real time, not reviewed once a year. Security would stop being about defending a fixed boundary and start being about continuously understanding who is actually present - and what it means when they are not.

For software licensing, the implications are financial at a scale that should reorient procurement strategy entirely. The global SaaS market is valued at approximately $315 billion in 2025 and is projected to reach $908 billion by 2030. If the waste rate holds — and there is no structural reason to believe it will not, absent architectural change — the industry is on course to waste in excess of $450 billion annually on absent users by the end of the decade. That is not a rounding error. That is a category of loss large enough to fund entirely new infrastructure.

The financial opportunity here is enormous. The global software-as-a-service market is growing toward nearly a trillion dollars, and if nothing changes, more than $450 billion a year could be lost to inactive users by 2030.

For agentic AI, the stakes are more complex and arguably more urgent. Non-human identities, including agentic AI systems, are growing at roughly 44% year-on-year, with machine-to-human ratios projected to reach 144 to one in some enterprise environments. These agents generate presence signals constantly — API calls, token refreshes, data pulls — but their absence carries different meaning than human absence. An agent that stops calling an API may have completed its task, encountered an error, been deprecated, or been compromised. The infrastructure currently has no way to distinguish between these states. Absence-aware architecture would.

AI agents and bots are multiplying fast and will soon outnumber humans in enterprise systems by more than 100 to one. Unlike humans, when an AI agent goes quiet, it could mean many different things - and the current infrastructure has no way to figure out which one.

The Three Industries Most Transformed

This section identifies the three industries that would change the most if absence-aware infrastructure were widely adopted.

If absence infrastructure were built as a foundational protocol layer rather than an application-level patch, the transformation would not be uniform across industries. Three sectors stand to be most structurally changed.

If absence-awareness were built into the foundation of digital infrastructure rather than added on top as a workaround, different industries would feel the impact in very different ways. Three of them would be changed most deeply.

Identity and Access Management is the most immediate beneficiary. The entire field is currently organized around managing presence — authenticating, authorizing, provisioning. Organizations are struggling to govern machine-speed identities using human-speed manual processes. An absence protocol does not replace IAM; it completes it. It provides the missing primitive: a standardized way for any system to understand what sustained non-response means and what should happen architecturally in response. The result is not just better security — it is a different security model, one where the perimeter is defined not by who is allowed in but by what absence looks like when someone leaves.

Identity and access management - the field that controls who can log into what - would benefit most immediately. Right now it only knows how to manage people who are actively present, but adding absence-awareness would complete the picture and create a fundamentally different, more dynamic kind of security.

Software asset management and procurement represents the largest near-term economic opportunity. The current approach to SaaS waste is fundamentally reactive: audit, identify inactive licenses, remove them, repeat quarterly. This is not a technology problem. It is an absence of infrastructure that would make the problem self-resolving. If the presence assumption were replaced with an absence-aware architecture — one where sustained inactivity triggers a configurable response across the license lifecycle — the $18 million annual waste figure per enterprise does not require a management initiative to address. It addresses itself.

Managing software licenses is currently a slow, manual process - companies audit usage, cut inactive licenses, and repeat the cycle every few months. Absence-aware infrastructure would make this problem fix itself automatically, eliminating the need for that cycle and the $18 million annual waste that comes with it.

Institutional memory and knowledge infrastructure is the least discussed and perhaps the most consequential. The OpenID Foundation has been developing frameworks examining what happens to digital identity when incapacity strikes — recognizing a complex technological landscape with fragmented or nonexistent legal frameworks and significant systemic gaps. The challenge extends far beyond individual accounts. When a domain expert leaves an organization, their knowledge does not formally depart. It lingers in documents, in commit histories, in email threads — accessible in theory, functionally absent in practice because there is no infrastructure to recognize that the person who held the context is no longer there to retrieve it. Absence-aware systems could change this. Not by preserving the person, but by recognizing the departure and responding architecturally — triggering documentation, knowledge transfer workflows, and context preservation before the absence becomes unrecoverable loss.

Organizations lose critical knowledge when experts leave, not because the information disappears, but because there is no system in place to recognize that the person who understood it is gone. Building systems that detect and respond to someone's departure - before that knowledge becomes permanently inaccessible - could solve this problem.

The Lean Internet Argument

This section introduces the idea of building a leaner, more efficient internet that accounts for when users and systems go quiet.

There is a philosophical dimension to this that the engineering literature tends to elide.

The people who build internet technology rarely stop to think about the deeper philosophical questions raised by how it works.

The internet as currently architected is optimized for growth. More users, more signals, more data, more presence. Every monetization model, every engagement metric, every platform algorithm assumes that the goal is to increase the volume of active presence signals. The result is an internet that is very good at capturing attention and very poor at managing its absence. It scales up gracefully. It does not scale down at all.

The internet was built to grow, so it is excellent at capturing attention but completely unprepared for what happens when people stop showing up. Every platform, metric, and algorithm is designed to increase activity, not manage its end.

A triggerless internet — one built on absence infrastructure as a foundational primitive — is not a smaller internet. It is a leaner one. It is an internet that can account for the full lifecycle of digital presence, not just its active phase. One where the silence between signals carries as much architectural weight as the signals themselves. One where the departure of a user, an agent, or an institution triggers a governed response rather than an ungoverned accumulation of dormant state.

An internet built to handle absence is not about making things smaller - it is about making things complete. It means that when a user, a bot, or an organization goes silent, the system responds in an organized way instead of just letting things pile up unmanaged.

This is not a speculative technology. The components exist. Continuous authentication frameworks are production-ready. Identity lifecycle management tools can be automated. Absence detection at the application layer already happens in churn prediction models across every major SaaS platform. What does not exist is the protocol-level primitive that would make absence a first-class citizen of internet architecture — standardized, cross-platform, and as foundational as the presence signals that currently dominate the stack.

The technology needed to build absence-aware systems already exists in pieces - the missing part is simply a shared, universal standard that makes absence an official, recognized concept across the whole internet. Right now, individual platforms handle it in their own ways, but there is no common protocol everyone uses.

What Gets Built First

This section outlines what should be built first and in what order to make absence-aware internet infrastructure a reality.

The path from here to there is not a single breakthrough. It is an accumulation of design decisions made at the protocol and platform level that collectively shift the architectural assumption from presence as default to presence and absence as dual primitives.

Getting to an absence-aware internet will not happen with a single invention - it will happen through many small design choices made over time that gradually shift how the internet thinks about presence and absence. Each decision at the protocol and platform level adds up.

The near-term work happens at the IAM layer — lifecycle governance for non-human identities, automated absence detection for dormant accounts, configurable response triggers for sustained inactivity. The medium-term work happens at the platform layer — SaaS vendors building absence-aware licensing models, enterprise systems integrating inactivity signals into knowledge management workflows. The long-term work is the protocol layer itself: an RFC that defines what absence means at the network level, and what the infrastructure should do in response.

In the short term, the work is about managing inactive accounts and non-human identities inside organizations. In the medium term, software vendors and enterprise platforms start building absence-awareness into their products. Long term, a formal internet standard is written that defines what absence means at the network level.

None of this requires a paradigm shift in how the internet is built. It requires an addition — a new design primitive that treats the shape of what is missing with the same architectural seriousness as the shape of what is present.

None of this requires rebuilding the internet from scratch - it just requires adding one new idea: that what is missing deserves the same careful design attention as what is present.

The question for the next generation of internet infrastructure is not whether to build this. The economics alone make the answer obvious. The question is whether it gets built as a patch — another layer of application-specific workarounds on top of an architecture that was never designed for it — or as infrastructure. As a protocol. As a primitive.

The real question is not whether to build absence infrastructure - the financial reasons alone make it a clear yes. The question is whether it gets built properly as a universal standard or messily as a collection of one-off fixes.

The internet that treats absence as signal will be fundamentally more secure, more efficient, and more honest about the full shape of human presence online — including what it looks like when it ends.

An internet that treats silence as meaningful information will be safer, more efficient, and more truthful about what human life online actually looks like - including when it comes to an end.

That internet does not exist yet.

The internet described throughout this piece - one that recognizes and responds to absence - has not been built yet.

It will.