Vint Cerf left Google. Then he dropped a bomb: AI agents need identity standards. Not suggestions. Not frameworks. Standards.
He spent 21 years at Google. Now he walks out the door and immediately signals that the current trajectory of AI agents is unsustainable. The man who co-invented TCP/IP sees a fundamental flaw in the architecture of autonomous code. No unique identifiers. No trust layer. Agents talking to agents with no way to know who is who.
Consider the infrastructure behind a single request: DNS, PKI, OAuth. The internet runs on identity. AI agents run on nothing. Cerf wants to fix that. s heart.
Context: The Agent Gap
Vint Cerf does not tweet about memecoins. He does not debate LLM benchmarks. His domain is the structural integrity of the network. When he speaks about identity standards, he is not proposing a product. He is proposing a protocol layer.
The problem is simple: current AI agents have no persistent, verifiable identity. An agent executing a trade, signing a contract, or querying a database cannot prove it is the same agent that did so yesterday. There is no root of trust. This works in controlled environments—OpenAI’s sandbox, a single API key. But multi-agent systems? Cross-platform communication? Auditable actions? Impossible without identity.
Cerf’s ambition is to build the DNS for AI agents. A global directory. A revocation mechanism. A way to say: this agent is who it claims to be, and its actions are attributable.
But ambition and execution rarely align. Based on my experience auditing DeFi composability—where every oracle call and liquidation cascade revealed hidden dependencies—I recognize the pattern. A grand standard proposed by a legendary figure. A governance vacuum. A long tail of edge cases that kill the protocol in production. s heart.
Core: The Systematic Teardown
Let’s dissect this proposal into its constituent failure modes.
Technical Architecture: Unspecified
Cerf has not published a white paper. No GitHub repo. No reference implementation. The community is left speculating: DID? Verifiable Credentials? A new blockchain? The lack of technical specificity is a red flag. Standards are not made by press releases. They are made by code that runs at 99.999% uptime. I have seen this before—during the Solidity gas optimization detour in 2017, I submitted a PR to 0x Protocol that was rejected as 'premature optimization.' The team had no incentive to accept external improvements. Cerf’s proposal faces the same inertia: who will implement the first version? Who will maintain it?
Governance: A Nightmare
Identity standards require a governing body. Who decides which agents get IDs? Who revokes them? How do you handle jurisdictional conflicts? The internet’s DNS is governed by ICANN—a controversial organization with geopolitical tensions. An AI agent identity authority would face even more scrutiny. Assume Cerf wants a neutral foundation. Reality: every major AI company will lobby for control. Google, OpenAI, Microsoft, Meta—each wants their own identity silo. A single standard threatens their moats.
Privacy vs. Traceability: The False Dichotomy
Cerf emphasizes security and interoperability. He does not mention privacy protections. The risk is clear: a universal identity system for AI agents creates a global surveillance network. Every agent action tied to a persistent ID. The data set of all agent interactions becomes the most valuable trove in history. Who owns that data? Can users opt out? Can agents have transient identities?
In my work auditing NFT metadata—where 70% of 'decentralized' assets depended on centralized servers—I learned that infrastructure promises often break when incentives shift. Identity standard is the same. It looks like a public good. It becomes a honeypot. s heart.
Compatibility: Zero
Current AI agent frameworks (LangChain, AutoGPT, CrewAI) do not implement identity. They rely on API keys. That works because the user is the identity. But agent-to-agent interactions require machine-readable credentials. Cerf’s standard expects every framework to adopt a new layer. History suggests fragmentation: some platforms will adopt it, others will fork it, most will ignore it until regulation forces compliance.
Contrarian: What the Bulls Got Right
To be fair, the bulls have a point. without identity, the agent economy will collapse into chaos. We already see the symptoms: bots impersonating each other on trading platforms, fake agents stealing user data, no accountability for buggy autonomous decisions. Cerf is right to sound the alarm.
The timing is strategic. AI agents are still in their infancy. A standard adopted now would be like DNS in the early 1990s—a foundation that enables everything else. Cerf’s credibility could rally the necessary stakeholders: IETF, W3C, governments. His departure from Google removes the conflict of interest. He can now champion a truly open standard.
But the contrarian view must acknowledge what the bulls ignore: standards are not neutral. They encode power dynamics. The choice of technology stack determines who can participate. If the standard relies on blockchain-based DIDs, it excludes traditional cloud agents. If it relies on PKI, it favors legacy certificate authorities. The bulls assume technical consensus will emerge. I assume a messy fork.
Takeaway: The Accountability Question
The core issue is not identity. It is accountability. Who pays when an AI agent executes a bad trade, leaks data, or authors a defamatory statement? Identity is necessary but not sufficient. Cerf’s standard is a piece of the puzzle, not the solution.
History repeats: the internet’s founders gave us TCP/IP, but they did not design spam filters, phishing defenses, or consent frameworks. Those came later, after billions of dollars in damages. Vint Cerf is now trying to preempt the same cycle for AI agents. Admirable. But the infrastructure gods are not kind. They demand that every abstraction layer be tested in live fire.
I will watch for the white paper. I will simulate the identity directory under adversarial conditions. I will check for race conditions, revocation delays, and trust anchor failures. Because code is law until it isn’t. s heart.
The proposal is a Rorschach test for the industry. Those who see clarity will rush to build. Those who see chaos will wait. I am waiting.