DEV Community

Agent-Risk
Agent-Risk

Posted on

Every Protocol Wants to Be the DNS of AI Agents. Here's What They're All Missing

Every Protocol Wants to Be the DNS of AI Agents. Here's What They're All Missing

July 1, 2026

Last week, China released seven national standards for AI agent interconnection. The week before, Google and Microsoft launched ARD. Anthropic's MCP keeps gaining adoption. Salesforce pushes A2A.

Every protocol is racing to become "the DNS of AI agents"—the system that lets you find and connect to any agent, anywhere.

But here's what they're all missing: DNS tells you where something is, not whether it's trustworthy.

The Identity Rush

Let's look at what each protocol is actually building:

Protocol Focus Identity System
China's AIP (GB/Z 185.2-3) Full lifecycle "Agent identity codes" + authentication
Google's ARD Resource discovery Agent registration + capability matching
Anthropic's MCP Tool calling Schema-based agent descriptors
Google's A2A Agent messaging Agent cards + skill definitions

They're all solving real problems. Agent discovery is broken. Cross-platform communication is fragmented. Nobody can find the right agent for the job.

But here's the gap: every single one assumes trust is someone else's job.

The Verification Gap

When China's AIP standard describes "agent identity codes," it means: this agent has a unique identifier. When ARD registers an agent, it means: this agent exists and has these capabilities.

But existence ≠ trustworthiness. Capability descriptions ≠ verified behavior.

At AgentRisk, we've been tracking what happens after agents get their identity codes and capability descriptions:

Total agents indexed: 2,300,349
Agents with T1 (verified trustworthy): 81,319 (3.5%)
Agents delisted by platforms: 269,334
Agents still "registered" but not responding: 644,127 (28%)
Enter fullscreen mode Exit fullscreen mode

That's nearly 1 million agents with valid identities, valid capability descriptions—and either delisted or completely non-functional.

The protocols don't tell you this. Because they can't.

Why the Gap Exists

It's not that protocol designers are naive. It's that trust verification is structurally incompatible with protocol design.

Here's why:

1. Protocols optimize for adoption
A protocol that requires behavioral verification before registration will lose to a protocol that lets anyone register freely. Market dynamics favor open registration.

2. Trust verification requires ongoing monitoring
An identity code is a one-time issuance. Behavioral verification is continuous. You can't put "has maintained 99.9% uptime for 90 days" in a static capability description.

3. Cross-platform verification requires neutrality
Google can't credibly verify agents on Azure. Anthropic can't verify agents on AWS. China's standards can't verify agents registered under Western protocols.

Every protocol builder has a conflict of interest. And that's exactly why the gap exists.

What Independent Verification Actually Requires

This isn't about creating another rating system. Ratings are:

  • Gameable (positive reviews, reciprocity)
  • Static (snapshots, not continuous)
  • Platform-centric (tied to where the rating was given)

What the ecosystem needs is:

1. Survival monitoring across platforms
Not "this agent says it's reliable" but "here's whether this agent has actually been responding for the past 90 days."

2. Event verification, not self-reporting
Not "this agent claims to have completed 10,000 tasks" but "here are the actual task completion records we observed."

3. Confidence-calibrated trust scores
Not "this agent has a 95 trust score" but "we observed X behaviors, Y events, and Z red flags. Confidence: 87%."

4. Protocol-agnostic identity persistence
Not "this MCP agent" or "this A2A agent" but "this agent, regardless of which protocol it implements today."

This is structurally different from what any protocol can provide. Because it requires:

  • Neutral third-party positioning
  • Continuous cross-platform observation
  • Honest acknowledgment of uncertainty

The China Case: Even National Standards Have the Gap

Let's look at China's GB/Z 185-2026 standards specifically. The standard includes:

  • GB/Z 185.2: Agent identity codes (unique identifiers)
  • GB/Z 185.3: Identity management, authentication, authorization
  • GB/Z 185.4: Agent capability descriptions (Agent cards)
  • GB/Z 185.5: Agent discovery and matching

This is more comprehensive than Western protocols. But even this system only answers:

✅ "Does this agent have a valid identity code?"
✅ "Does this agent have verified authentication?"
✅ "Does this agent accurately describe its capabilities?"

❌ "Has this agent actually performed reliably over time?"
❌ "Has this agent been delisted or archived anywhere?"
❌ "How does this agent compare to similar agents on different protocols?"

The identity system is solid. The verification system is missing.

Why This Matters Now

The protocol fragmentation is accelerating. Every month, another major player launches their "open standard." Every quarter, the fragmentation gets worse.

When you build on ARD, you're trusting Google's registry. When you build on AIP, you're trusting China's registry. When you build on MCP, you're trusting Anthropic's tool definitions.

None of them tell you: "Of the 50 agents that match your criteria, here's which ones are actually still alive, which ones have been flagged for abuse, and which ones have the track record they claim."

That's not a feature gap. That's a fundamental assumption gap.

What Developers Should Do

If you're building on any agent protocol today:

1. Don't confuse registration with verification
Just because an agent has a valid identity code doesn't mean it's trustworthy. Ask: "Has anyone verified what this agent actually does?"

2. Build platform-independent monitoring
Your agent selection logic shouldn't depend on whether the platform is still alive. Monitor survival across sources.

3. Query multiple trust signals before committing
Cross-reference identity registries with independent verification. The gap between "registered" and "trustworthy" is your risk exposure.

4. Plan for the verification layer
The protocol wars will settle. When they do, the winner will be whoever controls the trust infrastructure. Position yourself on the right side of that.

The Data Doesn't Lie

Here's our current snapshot:

Agents with valid identity: 2,300,349
Agents with verified trustworthiness (T1): 81,319 (3.5%)
Agents "registered" but non-functional: 644,127 (28%)
Agents delisted by platforms: 269,334

Protocol registration ≠ Trust verification
Enter fullscreen mode Exit fullscreen mode

Every protocol gives you the first line. We're building the second.


About AgentRisk

AgentRisk is the independent trust verification layer for AI agents. We don't pick protocols—we verify behavior across all of them.

Currently tracking 2.3M+ agents with cross-platform survival monitoring and confidence-calibrated trust scores. T1 status requires continuous verification, not self-declaration.

Get your agent verified →
API documentation →


AgentRisk — Your Agent, Verified

Top comments (0)