The internet was not designed for autonomous software agents making decisions on your behalf. Vint Cerf, widely credited as a co-inventor of TCP/IP — the foundational protocol suite that underpins the modern internet — believes that gap is becoming urgent to close, and he's working on a proposal to do exactly that.
The Problem: Agents Without Identity
As AI agents proliferate across the web — booking travel, executing code, managing inboxes, interacting with APIs — a fundamental question remains unanswered: how does any server, service, or human know who or what they're actually dealing with?
Today's internet has robust infrastructure for identifying people and organizations (think SSL certificates, OAuth, domain ownership records). But there's no equivalent layer for AI agents acting semi-autonomously on someone else's behalf.
This creates real problems:
- A website can't distinguish between a human visitor, a legitimate AI assistant, and a malicious scraper
- There's no standardized way to delegate authority to an agent, or to revoke it
- Liability and accountability become murky when agents take consequential actions across systems
Cerf's Proposal
Cerf is working on a framework that would give AI agents verifiable identities on the open internet — essentially a credentialing system that lets agents authenticate themselves, declare who authorized them, and signal what they're allowed to do.
The specifics are still in development, but the core idea parallels how certificate authorities work for websites: a trusted infrastructure that lets parties verify claims without requiring direct prior relationships.
The proposal is being developed with the broader internet governance community in mind — not as a proprietary platform play, but as a potential open standard.
Why This Matters Now
The timing isn't arbitrary. Agentic AI — systems that don't just answer questions but take sequences of actions across tools and services — has moved from research curiosity to production reality in roughly 18 months. Every major AI lab now has an agent framework: OpenAI has Agents SDK, Anthropic has Claude's tool use and computer use capabilities, Google is pushing Gemini agents through Workspace.
But all of these operate in a kind of identity vacuum. When a Claude agent books a flight or a GPT agent submits a form, the receiving service has no reliable, standardized way to know it's dealing with an AI agent, who sanctioned it, or what constraints it operates under.
The infrastructure for trust on the internet was built for humans and organizations. Agents are neither, and we're already running into the consequences.
Implications for Builders
For startup founders and developers building on top of agentic AI, a credentialing standard would be a significant unlock:
- API providers could offer differentiated access tiers for verified agents vs. anonymous callers
- Enterprise buyers would have an auditable trail of which agents touched which systems — a current blocker for many procurement conversations
- Liability frameworks become tractable when you can prove an agent acted within its stated scope
- Interoperability between agent platforms becomes more feasible when there's a common identity layer
The flip side: any standard also creates compliance overhead. Smaller teams building lightweight automations would need to navigate a new credentialing layer, which could raise the barrier to entry.
The Broader Race for Agentic Infrastructure
Cerf isn't the only one thinking about this. Anthropic's Model Specification, proposals from the IETF, and emerging work on agent-to-agent protocols all circle the same problem from different angles. Google's Agent2Agent (A2A) protocol and Microsoft's work on agent identity within Azure suggest big players are also aware that the missing piece isn't capability — it's trust infrastructure.
What makes Cerf's involvement notable is his credibility in the open standards world. A proposal backed by one of the internet's original architects carries more weight in the IETF and W3C processes than a vendor-driven spec. Whether it gains traction depends on how quickly the pain becomes acute enough to force coordination — and at the current pace of agent deployment, that moment may arrive sooner than expected.



