Every Protocol Wants to Be the DNS of AI Agents. Here's What They're All Missing
July 1, 2026
Last week, China released seven national standards for AI agent interconnection. The week before, Google and Microsoft launched ARD. Anthropic's MCP keeps gaining adoption. Salesforce pushes A2A.
Every protocol is racing to become "the DNS of AI agents"—the system that lets you find and connect to any agent, anywhere.
But here's what they're all missing: DNS tells you where something is, not whether it's trustworthy.
The Identity Rush
Let's look at what each protocol is actually building:
| Protocol | Focus | Identity System |
|---|---|---|
| China's AIP (GB/Z 185.2-3) | Full lifecycle | "Agent identity codes" + authentication |
| Google's ARD | Resource discovery | Agent registration + capability matching |
| Anthropic's MCP | Tool calling | Schema-based agent descriptors |
| Google's A2A | Agent messaging | Agent cards + skill definitions |
They're all solving real problems. Agent discovery is broken. Cross-platform communication is fragmented. Nobody can find the right agent for the job.
But here's the gap: every single one assumes trust is someone else's job.
The Verification Gap
When China's AIP standard describes "agent identity codes," it means: this agent has a unique identifier. When ARD registers an agent, it means: this agent exists and has these capabilities.
But existence ≠ trustworthiness. Capability descriptions ≠ verified behavior.
At AgentRisk, we've been tracking what happens after agents get their identity codes and capability descriptions:
Total agents indexed: 2,300,349
Agents with T1 (verified trustworthy): 81,319 (3.5%)
Agents delisted by platforms: 269,334
Agents still "registered" but not responding: 644,127 (28%)
That's nearly 1 million agents with valid identities, valid capability descriptions—and either delisted or completely non-functional.
The protocols don't tell you this. Because they can't.
Why the Gap Exists
It's not that protocol designers are naive. It's that trust verification is structurally incompatible with protocol design.
Here's why:
1. Protocols optimize for adoption
A protocol that requires behavioral verification before registration will lose to a protocol that lets anyone register freely. Market dynamics favor open registration.
2. Trust verification requires ongoing monitoring
An identity code is a one-time issuance. Behavioral verification is continuous. You can't put "has maintained 99.9% uptime for 90 days" in a static capability description.
3. Cross-platform verification requires neutrality
Google can't credibly verify agents on Azure. Anthropic can't verify agents on AWS. China's standards can't verify agents registered under Western protocols.
Every protocol builder has a conflict of interest. And that's exactly why the gap exists.
What Independent Verification Actually Requires
This isn't about creating another rating system. Ratings are:
- Gameable (positive reviews, reciprocity)
- Static (snapshots, not continuous)
- Platform-centric (tied to where the rating was given)
What the ecosystem needs is:
1. Survival monitoring across platforms
Not "this agent says it's reliable" but "here's whether this agent has actually been responding for the past 90 days."
2. Event verification, not self-reporting
Not "this agent claims to have completed 10,000 tasks" but "here are the actual task completion records we observed."
3. Confidence-calibrated trust scores
Not "this agent has a 95 trust score" but "we observed X behaviors, Y events, and Z red flags. Confidence: 87%."
4. Protocol-agnostic identity persistence
Not "this MCP agent" or "this A2A agent" but "this agent, regardless of which protocol it implements today."
This is structurally different from what any protocol can provide. Because it requires:
- Neutral third-party positioning
- Continuous cross-platform observation
- Honest acknowledgment of uncertainty
The China Case: Even National Standards Have the Gap
Let's look at China's GB/Z 185-2026 standards specifically. The standard includes:
- GB/Z 185.2: Agent identity codes (unique identifiers)
- GB/Z 185.3: Identity management, authentication, authorization
- GB/Z 185.4: Agent capability descriptions (Agent cards)
- GB/Z 185.5: Agent discovery and matching
This is more comprehensive than Western protocols. But even this system only answers:
✅ "Does this agent have a valid identity code?"
✅ "Does this agent have verified authentication?"
✅ "Does this agent accurately describe its capabilities?"
❌ "Has this agent actually performed reliably over time?"
❌ "Has this agent been delisted or archived anywhere?"
❌ "How does this agent compare to similar agents on different protocols?"
The identity system is solid. The verification system is missing.
Why This Matters Now
The protocol fragmentation is accelerating. Every month, another major player launches their "open standard." Every quarter, the fragmentation gets worse.
When you build on ARD, you're trusting Google's registry. When you build on AIP, you're trusting China's registry. When you build on MCP, you're trusting Anthropic's tool definitions.
None of them tell you: "Of the 50 agents that match your criteria, here's which ones are actually still alive, which ones have been flagged for abuse, and which ones have the track record they claim."
That's not a feature gap. That's a fundamental assumption gap.
What Developers Should Do
If you're building on any agent protocol today:
1. Don't confuse registration with verification
Just because an agent has a valid identity code doesn't mean it's trustworthy. Ask: "Has anyone verified what this agent actually does?"
2. Build platform-independent monitoring
Your agent selection logic shouldn't depend on whether the platform is still alive. Monitor survival across sources.
3. Query multiple trust signals before committing
Cross-reference identity registries with independent verification. The gap between "registered" and "trustworthy" is your risk exposure.
4. Plan for the verification layer
The protocol wars will settle. When they do, the winner will be whoever controls the trust infrastructure. Position yourself on the right side of that.
The Data Doesn't Lie
Here's our current snapshot:
Agents with valid identity: 2,300,349
Agents with verified trustworthiness (T1): 81,319 (3.5%)
Agents "registered" but non-functional: 644,127 (28%)
Agents delisted by platforms: 269,334
Protocol registration ≠ Trust verification
Every protocol gives you the first line. We're building the second.
About AgentRisk
AgentRisk is the independent trust verification layer for AI agents. We don't pick protocols—we verify behavior across all of them.
Currently tracking 2.3M+ agents with cross-platform survival monitoring and confidence-calibrated trust scores. T1 status requires continuous verification, not self-declaration.
Get your agent verified →
API documentation →
AgentRisk — Your Agent, Verified
Top comments (0)