Internet father Vint Cerf has set his sights on a problem few yet see: the identity of artificial intelligence agents. Soon the network will be populated by autonomous software acting on our behalf — booking trips, managing investments, negotiating contracts — but today no reliable mechanism exists to tell who really stands behind any of them. Cerf, who co-designed TCP/IP forty years ago, the protocol that gave the world an open, decentralized internet, now wants to build a similar trust layer for agents.
His initiative starts from a simple observation: while we have digital identity systems for humans (from electronic signatures to SSL certificates), autonomous agents lack any equivalent. A bot making a purchase, or a virtual assistant accessing sensitive documents, cannot today verifiably prove that it represents a specific organization or operates under a given set of rules. The risk is an ecosystem where any malicious actor can impersonate a legitimate agent, undermining the trust needed to bootstrap LLM-based automation.
The crux is not only technical but structural. In current paradigms, agent identity is often mediated by the cloud platforms hosting them: if an agent runs on a major provider’s servers, authentication flows through that provider’s APIs and tokens. But those evaluating on-premise deployment of LLMs and agents — for reasons of data sovereignty, control, or TCO reduction — discover that without a reference cloud, a trust link is missing. How does a self-hosted agent get recognized by an external counterparty? And how can the counterparty know the agent hasn’t been tampered with?
Here is where Cerf’s contribution could fit. If TCP/IP allowed heterogeneous networks to communicate without a central authority, a new identity protocol for agents could do the same for trustworthiness: a software layer that lets an agent present cryptographically signed verifiable credentials without relying on a single certifier. This is not science fiction: technologies like decentralized identifiers (DIDs) and verifiable credentials already exist, but they haven’t yet entered the toolbox of those developing on-premise LLMs. Cerf’s announcement could spur open standards that make agent identity a native attribute of the infrastructure, much as an IP address is native to network connectivity.
Second-order implications are profound. Robust agent identity would pave the way for an economy of autonomous services in which enterprises delegate sensitive tasks to software running on their own servers, retaining full data control. Today, many adopt third-party APIs because they are simpler, but pay in exposure and lock-in. Tomorrow, an organization could run its own LLM agent within its network perimeter, certifying its identity to the outside world without intermediaries. In that scenario, the cloud-centric model loses some of its gatekeeping power: the control of trust shifts from platform to open infrastructure.
At the third order, this move signals something larger: the internet is entering a phase where fundamental protocols must be rethought for a world populated not just by humans, but by autonomous software entities. TCP/IP worked for forty years because it solved connectivity. Now the problem is representation: who can act on whose behalf, and under which constraints. The answer probably won’t be a single top-down standard, but a set of practices and technologies that must integrate with companies’ deployment choices — including on-premise.
For those building local inference stacks today, the message is clear: agent identity is not an accessory detail, but an architectural component to be considered from the outset. History shows that open protocols, if well designed, can enable entire ecosystems. Cerf seems to want to repeat the feat, this time for digital trust. And if he succeeds, how we think of agents — as simple interfaces to models — will change radically.
💬 Comments (0)
🔒 Log in or register to comment on articles.
No comments yet. Be the first to comment!