If a malicious user is attacking a site via an agent, the current solution is to block the agent and everyone else using that agent, because the valid requests are indistinguishable from the malicious requests. If the agent passes on a token identifying the users, you can just block agent requests using the malicious user's token.