The silent shift toward a world where agents browse for us

A few weeks ago, I found myself staring at a chat bubble on a retail website, trying to determine if I was talking to a person, a programmed script, or an autonomous AI agent with the power to access my credit card. There was no 'About' page for this entity and no badge of authenticity. In the era of the human-centric web, we identified destinations by their domain names; in the emerging era of the agentic web, we identify actors by their name service records. We once looked for a padlock icon to gauge a site's legitimacy; we now look for an Agent Name Service manifest to gauge an AI’s authority.

This shift is not just a change in how we talk to computers. It is a fundamental reorganization of the internet's trust model. As enterprises deploy hundreds of AI agents to handle everything from supply chain logistics to customer support, the old ways of verifying identity are breaking down. This week, the Linux Foundation announced the Agent Name Service (ANS), an open-source framework that aims to provide a standardized way to verify what an agent is, who owns it, and what it is allowed to do.

The invisible identity crisis

On an individual level, the friction is already visible. You might have one AI agent in your browser that summarizes articles and another in your email that drafts replies. Under the hood, these agents are often black boxes. When these agents begin to talk to each other—a travel agent bot talking to a hotel’s booking bot—the question of identity becomes a security nightmare. Without a clear identity framework, one agent has no easy way to prove its credentials to another.

The problem is even more acute for large companies. A modern enterprise might have a dozen different AI models from three different vendors, all running through various APIs. Charlie Dai, principal analyst at Forrester, says that the agent identity problem is already emerging in early production deployments. This is especially true where agents interact across organizational boundaries without consistent authentication models. When an agent makes a mistake or a malicious actor spoofs an agent, the lack of an audit trail makes it impossible to assign accountability.

Historically, the tech industry solves these problems by creating a phonebook. For the web, that phonebook is the Domain Name System (DNS), which translates human-readable names like example.com into the IP addresses that computers use. The Linux Foundation is now betting that the same 1980s technology can solve the most modern problem in AI.

Why the old phonebook works for new bots

Through this user lens, the choice to use DNS seems pragmatic rather than disruptive. Most companies already own and manage their domains. By building ANS on top of DNS, the Linux Foundation allows a company like Acme Corp to publish agent identities through domains it already controls, such as agents.acme.com. This avoids the need for a new, centralized registry that could become a proprietary bottleneck or a single point of failure.

Technically speaking, the ANS framework is a federated mechanism for discovery. When an agent wants to interact with another, it queries the DNS records of the owner. These records point to a manifest file that contains the agent's identity and capabilities. This approach is reminiscent of how the web grew in the 1990s. It relies on a distributed architecture where no single company holds all the keys.

Pareekh Jain, principal analyst at Pareekh Consulting, says that one of the biggest advantages of ANS is its reliance on existing internet infrastructure. It makes adoption easier and cheaper for companies because they do not have to build anything new. For a developer, this is the digital equivalent of a home renovation that uses the existing plumbing instead of tearing out the walls. It is a way to manage technical debt before the debt even accrues.

The technical blueprint of agent trust

Zooming out to the industry level, the ANS framework is more than just a naming convention. It incorporates two specific types of identity markers: Decentralized Identifiers (DIDs) and Legal Entity Identifiers (LEIs). A DID allows an agent to prove its identity using cryptography, ensuring that the code has not been tampered with since it was signed. An LEI ties that digital identity to a real-world legal corporation.

In practice, this means an agent can present a digital passport. If a procurement agent from a partner company requests access to your inventory database, your system can check the ANS record. It can verify that the agent is owned by a known partner and that its operational history is authentic. This creates a layer of operational control that has been missing from early AI deployments. Jaishiv Prakash, director analyst at Gartner, says that agent identity has moved from an architectural consideration to an operational control-plane gap.

This gap is often filled by 'clunky' manual workarounds today. Developers often hard-code permissions or rely on brittle API keys that are difficult to rotate. The Linux Foundation seeks to prevent these proprietary silos through open standards—the ANS framework uses DNS to ensure that no single tech giant controls the registry of agents. This reflects a broader shift in the software industry away from the 'walled gardens' of the early 2010s and toward a more interconnected, albeit complex, ecosystem.

The security risks of a forty year old foundation

Paradoxically, the greatest strength of ANS is also its most significant vulnerability. DNS is a legacy protocol. It was not originally designed for the high-security requirements of autonomous AI agents. Charlie Dai cautions that DNS is susceptible to spoofing, hijacking, and latency issues. If a hacker hijacks a company's DNS records, they could potentially point to a malicious agent manifest and trick other systems into trusting a rogue AI.

To mitigate this, the framework is not intended to be a standalone solution. Jaishiv Prakash suggests that enterprises should complement ANS with Identity and Access Management (IAM) systems and AI gateways. This is the 'belts and suspenders' approach to software architecture. You use the public phonebook (ANS) to find the agent, but you still check its ID at the door using private security controls.

From a developer's standpoint, this adds a layer of complexity to the deployment pipeline. Every time an agent's code is updated, its system prompt hash or its capabilities change, and the manifest must be updated. If the DNS records do not propagate quickly enough, the agent might be locked out of the systems it needs to access. This is the digital friction that occurs when modern, agile AI software meets the rigid infrastructure of the old web.

A market in the standards discovery phase

ANS is not the only player in this space. The industry is currently in what analysts call the 'standards discovery' phase. Several other projects are competing for the same territory. There is the Model Context Protocol (MCP), which focuses on how agents connect to tools. There is AGNTCY, a Cisco-led project that provides a broader infrastructure stack for messaging and observability. Then there is DNS-AID, another Linux Foundation project that helps agents advertise their capabilities.

This fragmentation is common in the early stages of a tech revolution. Just as there were once many different protocols for email before SMTP became the standard, there are now many different ways to identify an agent. Amit Jena, AI development manager at Kanerika, notes that enterprises do not have to build anything new yet, but they should keep a close eye on which standard gains the most traction.

For now, the overlap in these frameworks is expected. We are watching the industry try to decide what the 'identity card' of the future should look like. Some projects focus on the hardware level, some on the networking level, and some, like ANS, on the discovery layer. Consequently, the engineers chose to build on existing infrastructure to lower the cost of adoption while the industry works toward a consensus.

Reclaiming control over the autonomous web

Ultimately, the success of the Agent Name Service depends on whether enterprises value transparency over speed. It is easy to deploy a 'shadow AI' agent that just works, but it is much harder to deploy one that is auditable, verified, and secure. We are moving away from a web where we browse for information and toward a web where agents act on our behalf. In this new world, the map is as important as the destination.

As a user, you can start to notice this shift by looking for signs of identity in the tools you use. The next time you interact with an AI, ask yourself: Who owns this agent? What permissions does it have? Is there a manifest I can see? Digital literacy in 2026 is no longer about knowing how to search Google. It is about knowing how to verify the autonomous systems that are searching on your behalf.

We are currently building the invisible infrastructure of the next decade. By grounding these new AI agents in the familiar, federated world of DNS, we have a chance to keep the internet open. The goal is to ensure that the agentic web remains a tool for humans rather than an opaque system of proprietary bots talking in the dark.

Sources

Linux Foundation official announcement and ANS framework documentation.
Forrester Research report on AI agent identity and production deployments by Charlie Dai.
Gartner Research analysis on agent identity and operational control-plane gaps by Jaishiv Prakash.
Pareekh Consulting industry notes on DNS-based infrastructure adoption by Pareekh Jain.
Cisco AGNTCY project repository and technical overview for multi-agent systems.
Anthropic Model Context Protocol (MCP) specification and developer documentation.
Kanerika development manager insights on enterprise AI deployment by Amit Jena.