The Triggerless Internet: What Online Presence Looks Like When Absence Has Infrastructure

The internet was built assuming someone is always there using it.

The internet was designed by people who assumed it would always have someone on the other end.

This was not a mistake - it just reflected how things were when the internet was being built.

This is not a criticism. It is an observation about the conditions under which the foundational protocols were written. ARPANET connected machines that were on. TCP/IP assumed endpoints that would eventually respond. OAuth tokens expire on inactivity, but expiration is a cleanup function — a janitor arriving after the fact — not an architectural primitive that treats absence as meaningful data. Every layer of the stack that followed inherited the same assumption: that the user is present, active, and generating signal. That the silence between requests is noise, not information.

Every part of the internet was built on the idea that users are active, and silence means nothing.

For most of the internet's life, that assumption held. But it is cracking now in ways that are expensive, insecure, and increasingly difficult to ignore.

That assumption worked for a long time, but it is now causing real problems.

The Scale of the Problem Nobody Named

Most enterprise software licenses go unused, and the industry has not given this problem a name.

The average enterprise runs 291 SaaS applications, spending approximately $52 million annually on software. Of those licenses, 51% go unused — the highest waste rate ever recorded. The average enterprise wastes $18 million annually on unused or underutilized SaaS licenses. Only 49% of SaaS users are active, meaning they have logged in within the past 30 days. The remaining 51% are dormant or inactive.

Enterprises run hundreds of software tools and waste millions on licenses for users who are not active.

Let that figure sit for a moment. The majority of licensed enterprise software users are, at any given time, absent. Not departed. Not churned. Just gone quiet. And the infrastructure has no way to treat that silence as anything other than a billing continuation event.

More than half of software users are simply not there - but billing keeps running anyway.

On many enterprise networks, bots, service accounts and digital agents already outnumber employees by a factor of 50 to one. Many of these accounts continue to exist long after their business purpose ends. The internet was designed by people who assumed it would always have someone on the other end. The humans are outnumbered by the ghosts of prior workflows, and the ghosts are paying subscribers.

Bots and old accounts outnumber real employees, and many keep running long after they should have stopped.

This is not a governance failure. It is an architectural one. The infrastructure was never built to ask the question: what has this entity stopped doing?

This is not a management problem - the infrastructure was never built to notice when something stops being used.

The Compounding Absence Problem

Dormant accounts are also the security industry's most reliable weak point.

The waste is only the most visible symptom. Dormant accounts are also the security industry's most reliably exploited vulnerability. Abandoned accounts are at least ten times less likely than active accounts to have two-factor authentication set up. They carry credentials from before modern security hygiene became standard. They retain permissions assigned for roles that no longer exist. And because the infrastructure treats their silence as normal, nobody is watching them.

Major breaches have been linked directly to dormant accounts with no security protections.

High-profile breaches have been traced directly to this vulnerability. Microsoft's "Midnight Blizzard" attack involved the compromise of a dormant, non-production test account that lacked multi-factor authentication. Drizly suffered a major data breach after an attacker gained access to corporate credentials from a dormant GitHub account.

The infrastructure cannot tell the difference between a user who will come back and one who never will.

The pattern is consistent enough to constitute a systemic failure mode. Dormant accounts are not anomalies. They are an emergent property of infrastructure that cannot distinguish between a user who will return and a user who will not. Without a protocol-level concept of meaningful absence, every account is treated as potentially active — which means every dormant account carries the full access profile of an active one.

Now imagine infrastructure that actually pays attention to when people are not there.

What Changes When Absence Becomes a Signal

Instead of asking if someone is logged in, the system would ask what their absence actually means.

Now consider the inverse. Imagine infrastructure that treats absence not as noise but as data.

In such a system, the question is not "is this user logged in?" but "what does this user's pattern of non-activity tell us, and what should happen in response?" The shift sounds subtle. The implications are not.

The financial waste from unused software could reach $450 billion a year by 2030 if nothing changes.

For enterprise security, absence-aware infrastructure means dormant accounts are not manually audited on an annual cycle — they are architecturally detected, flagged, and governed in real time. The identity perimeter stops being a boundary that requires active defense and becomes a dynamic system that responds to the shape of who is present and who is not. The industry is already shifting from point-in-time verification to continuous assurance — from proving who you are to proving you are still you. Absence infrastructure is the logical extension of that shift: a system that proves not just presence but the meaning of its opposite.

AI agents are growing fast, and when they go quiet, nobody knows why.

For software licensing, the implications are financial at a scale that should reorient procurement strategy entirely. The global SaaS market is valued at approximately $315 billion in 2025 and is projected to reach $908 billion by 2030. If the waste rate holds — and there is no structural reason to believe it will not, absent architectural change — the industry is on course to waste in excess of $450 billion annually on absent users by the end of the decade. That is not a rounding error. That is a category of loss large enough to fund entirely new infrastructure.

Three industries would be most changed if absence became a real part of internet infrastructure.

For agentic AI, the stakes are more complex and arguably more urgent. Non-human identities, including agentic AI systems, are growing at roughly 44% year-on-year, with machine-to-human ratios projected to reach 144 to one in some enterprise environments. These agents generate presence signals constantly — API calls, token refreshes, data pulls — but their absence carries different meaning than human absence. An agent that stops calling an API may have completed its task, encountered an error, been deprecated, or been compromised. The infrastructure currently has no way to distinguish between these states. Absence-aware architecture would.

Security and identity management would benefit most immediately by finally having a way to handle accounts that go quiet.

The Three Industries Most Transformed

The biggest near-term financial opportunity is making software waste solve itself automatically.

If absence infrastructure were built as a foundational protocol layer rather than an application-level patch, the transformation would not be uniform across industries. Three sectors stand to be most structurally changed.

When experts leave an organization, their knowledge effectively disappears even if their files stay behind.

Identity and Access Management is the most immediate beneficiary. The entire field is currently organized around managing presence — authenticating, authorizing, provisioning. Organizations are struggling to govern machine-speed identities using human-speed manual processes. An absence protocol does not replace IAM; it completes it. It provides the missing primitive: a standardized way for any system to understand what sustained non-response means and what should happen architecturally in response. The result is not just better security — it is a different security model, one where the perimeter is defined not by who is allowed in but by what absence looks like when someone leaves.

The internet was built to grow, not to manage what happens when people leave.

Software asset management and procurement represents the largest near-term economic opportunity. The current approach to SaaS waste is fundamentally reactive: audit, identify inactive licenses, remove them, repeat quarterly. This is not a technology problem. It is an absence of infrastructure that would make the problem self-resolving. If the presence assumption were replaced with an absence-aware architecture — one where sustained inactivity triggers a configurable response across the license lifecycle — the $18 million annual waste figure per enterprise does not require a management initiative to address. It addresses itself.

A triggerless internet would not be smaller - it would be more honest about the full life of digital presence.

Institutional memory and knowledge infrastructure is the least discussed and perhaps the most consequential. The OpenID Foundation has been developing frameworks examining what happens to digital identity when incapacity strikes — recognizing a complex technological landscape with fragmented or nonexistent legal frameworks and significant systemic gaps. The challenge extends far beyond individual accounts. When a domain expert leaves an organization, their knowledge does not formally depart. It lingers in documents, in commit histories, in email threads — accessible in theory, functionally absent in practice because there is no infrastructure to recognize that the person who held the context is no longer there to retrieve it. Absence-aware systems could change this. Not by preserving the person, but by recognizing the departure and responding architecturally — triggering documentation, knowledge transfer workflows, and context preservation before the absence becomes unrecoverable loss.

The technology to do this already exists - what is missing is a standard that makes absence a real part of the internet.

The Lean Internet Argument

Getting there is not one big invention - it is a series of design decisions at every level of the stack.

There is a philosophical dimension to this that the engineering literature tends to elide.

Near-term work is in identity management; longer-term work is in writing the actual protocol standard.

The internet as currently architected is optimized for growth. More users, more signals, more data, more presence. Every monetization model, every engagement metric, every platform algorithm assumes that the goal is to increase the volume of active presence signals. The result is an internet that is very good at capturing attention and very poor at managing its absence. It scales up gracefully. It does not scale down at all.

This does not require rebuilding the internet - it just requires adding absence as a real design concept.

A triggerless internet — one built on absence infrastructure as a foundational primitive — is not a smaller internet. It is a leaner one. It is an internet that can account for the full lifecycle of digital presence, not just its active phase. One where the silence between signals carries as much architectural weight as the signals themselves. One where the departure of a user, an agent, or an institution triggers a governed response rather than an ungoverned accumulation of dormant state.

The real question is whether this gets built properly as infrastructure or just patched together as workarounds.

This is not a speculative technology. The components exist. Continuous authentication frameworks are production-ready. Identity lifecycle management tools can be automated. Absence detection at the application layer already happens in churn prediction models across every major SaaS platform. What does not exist is the protocol-level primitive that would make absence a first-class citizen of internet architecture — standardized, cross-platform, and as foundational as the presence signals that currently dominate the stack.

An internet that understands absence will be more secure, more efficient, and more truthful.

What Gets Built First

That internet does not exist yet.

The path from here to there is not a single breakthrough. It is an accumulation of design decisions made at the protocol and platform level that collectively shift the architectural assumption from presence as default to presence and absence as dual primitives.

But it will.

The near-term work happens at the IAM layer — lifecycle governance for non-human identities, automated absence detection for dormant accounts, configurable response triggers for sustained inactivity. The medium-term work happens at the platform layer — SaaS vendors building absence-aware licensing models, enterprise systems integrating inactivity signals into knowledge management workflows. The long-term work is the protocol layer itself: an RFC that defines what absence means at the network level, and what the infrastructure should do in response.

None of this requires a paradigm shift in how the internet is built. It requires an addition — a new design primitive that treats the shape of what is missing with the same architectural seriousness as the shape of what is present.

The question for the next generation of internet infrastructure is not whether to build this. The economics alone make the answer obvious. The question is whether it gets built as a patch — another layer of application-specific workarounds on top of an architecture that was never designed for it — or as infrastructure. As a protocol. As a primitive.

The internet that treats absence as signal will be fundamentally more secure, more efficient, and more honest about the full shape of human presence online — including what it looks like when it ends.

That internet does not exist yet.

It will.