Linux Foundation announces the Agent Name Service: DNS-based verified identity for AI agents

By Linux Foundation · June 23, 2026.

The Linux Foundation has announced its intention to launch the **Agent Name Service (ANS)**, a new open standard that extends the Domain Name System (DNS) infrastructure to provide verified identity, authentication and discovery to the artificial intelligence agents operating on the internet. The project aspires to become the identity layer of the so-called 'agentic web,' without depending on proprietary registries or centralized control.

**The problem ANS seeks to solve**

As AI agents leave experimentation environments behind and are deployed in enterprise production systems, the industry faces a set of structural problems that no one has yet solved in a standardized way: how does a system know who it is talking to when another agent requests it to execute a task? How does it verify that that agent has the permissions it claims to have? How does it check that its code has not been tampered with since the last review? Without reliable answers to these questions, the proliferation of autonomous agents in enterprise environments generates what security teams call 'shadow AI risk': systems that act on behalf of organizations or users without a neutral mechanism existing to validate their identity, provenance or scope of authorization.

The ANS framework addresses exactly these three axes: **who an agent represents** (identity), **what it can do** (permissions and governance) and **whether its code and operational history remain authentic and unaltered** (integrity and traceability).

**Why DNS and not new infrastructure**

The decision to build ANS on DNS and not on a blockchain, a new federated registry or any other alternative infrastructure is deliberate and has a clear adoption logic. DNS is the addressing infrastructure that has been in production for forty years, processes more than 100 million queries per second worldwide and is already operated by governments, companies, registrars and internet providers. Every registered domain already has a verifiable owner. ANS leverages this existing asset to anchor an agent's identity directly to the domain the deploying organization already owns, eliminating the need for a proprietary namespace or a 'gatekeeper' to grant or revoke identity.

As Wei Chen, Chief Legal Officer of Infoblox, notes: 'The internet's most enduring standards have always been built on open infrastructure that already belongs to everyone. Nothing exemplifies that better than DNS. The Agent Name Service extends DNS to the AI era, allowing any organization to identify its agents through the domain names it already owns, with no proprietary namespace and no intermediary whatsoever.'

The framework also incorporates support for **Decentralized Identifiers (DIDs)** and **Legal Entity Identifiers (LEIs)**, allowing organizations to integrate their existing identity systems into a unified verification model. This backward compatibility is relevant for companies that have already invested in digital identity infrastructure under regulatory frameworks such as eIDAS in Europe.

**Backing ecosystem: big names from day one**

One of the most significant indicators of this announcement's specific weight is the list of organizations publicly backing the initiative with formal statements. Among them stand out:

— **GoDaddy**, the world's largest domain registrar, whose Chief Strategy and Legal Officer, Jared Sine, underscores the philosophical continuity with the open origins of the internet: 'The internet's success did not come from proprietary systems, but from open standards and shared infrastructure.'

— **Cloudflare**, whose CTO Dane Knecht states that the company is fully committed to supporting this open standard 'to ensure that the agentic web is fast, secure and built on a shared foundation of trust.' Cloudflare today manages the DNS traffic of a significant fraction of the internet and has a direct interest in ensuring that agent authentication does not create new friction or attack vectors in its network.

— **Salesforce**, whose president and Chief Engineering Officer Srini Tallapragada frames it from the developer's perspective: 'ANS defines a common identity and verification standard so that developers can move faster with confidence, interoperability and security built in from the start.'

— **Cisco**, which, according to Nathan Jokel, SVP of Corporate Strategy, is contributing to open-standard initiatives at both the IETF and the Linux Foundation: 'The value of this technology will only multiply when the ecosystem is open, decentralized and secure.'

— **DistributedApps.ai**, whose CEO Ken Huang is the lead author of the research paper that gave rise to ANS. Huang states that his biggest concern was that agentic AI systems would proliferate 'without a neutral and trustworthy identity and discovery layer,' creating exactly the shadow AI risks that worry security teams.

— **Infoblox** and **Hashgraph Online** complete the slate of launch signatories.

The participation of GoDaddy and Cloudflare is especially strategic: the former controls millions of domain registrations and the latter operates authoritative DNS servers and resolvers that already process an enormous proportion of global DNS traffic. Their involvement means that ANS could have practical implementation in real infrastructure relatively quickly.

**The market figure that justifies the urgency**

The statement cites World Economic Forum data according to which **82% of executives plan to adopt AI agents in the next one to three years**, despite widespread uncertainty about how to safely evaluate and manage autonomous systems. This figure positions the identity problem not as an academic debate but as a practical and imminent obstacle for massive enterprise adoption. If almost all of the world's large organizations are going to deploy agents in production before 2028-2029, the absence of a verifiable identity standard creates a vacuum that opportunistic actors—both proprietary providers and malicious actors—can fill in ways harmful to the ecosystem.

**Direct implications for agentic AI**

In the context of agentic AI, the identity problem is deeper than in traditional applications because agents act autonomously, can chain calls to other agents (multi-agent architectures), handle credentials and sensitive data, and execute actions with real consequences in external systems. The attack vector known as 'prompt injection' or 'agent hijacking'—where an agent is manipulated into acting on behalf of an unauthorized actor—is structurally mitigated if a standard mechanism exists for any recipient of a request to verify the identity of the sending agent before executing any action.

Agent-to-agent communication protocols such as MCP (Model Context Protocol, by Anthropic) or A2A (Agent-to-Agent, by Google) are already gaining adoption, but none on its own solves the identity layer: they describe how to communicate, not how to verify who you are. ANS could act as an orthogonal complement to these protocols, providing the 'who am I' layer that they presuppose but do not define.

**Open governance under the Linux Foundation**

That the project is hosted by the Linux Foundation and not by, for example, a consortium led by a cloud provider or a cybersecurity company has relevant governance implications. The Linux Foundation has a proven vendor-neutral model in critical infrastructure projects (Linux, Kubernetes, OpenSSF, SPDX). No individual actor can impose technical or commercial decisions on the standard, which reduces the risk that ANS becomes a lock-in vector disguised as an open standard.

The technical repository will be available in the GitHub organization **https://github.com/agentnameservice**, and the project is actively seeking participation from companies, AI developers, infrastructure providers and security researchers. At this moment the announcement is one of 'intent to launch,' which implies that the standard is in early stages of formalization and that there is still room for contributions that shape its architecture.

**Comparison with parallel initiatives**

As sector context, this is not the first time the industry has tried to create identity infrastructure for non-human entities operating on the internet. The OAuth 2.0 standard and its extensions (such as mTLS or DPoP) already allow authenticating API clients, but they are designed for applications, not for agents with persistent identity and accumulated reputation. The W3C has developed the Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) specification, which ANS incorporates as one of its support layers. What ANS adds is the specific anchoring to DNS and a discovery model designed for the scale and operational needs of autonomous agents.

The IETF (Internet Engineering Task Force) also has active working groups on agent authentication and security in multi-agent protocols, and Cisco explicitly mentions contributing to both the IETF and the Linux Foundation, which suggests that ANS and the IETF's work are designed to be complementary rather than competitive.

**Risks and critical factors for success**

The biggest risk for ANS is that of any infrastructure standard: fragmentation. If the major model providers (OpenAI, Google, Anthropic, Meta) or the major hyperscalers (AWS, Azure, GCP) do not adopt the standard or develop their own proprietary agent-identity solutions, ANS could remain a niche standard with limited adoption outside the open-source ecosystem.

Another risk is the speed of the sector's evolution. Infrastructure standards take years to mature and to achieve stable reference implementations. The agentic AI market is evolving in cycles of months. There is a danger that by the time ANS reaches technical maturity, the ecosystem will have developed ad hoc solutions entrenched enough that migrating to a standard becomes costly.

Finally, there is a challenge of operational complexity: for ANS to work in practice, agent operators will need to publish and maintain additional DNS records for their agents, manage cryptographic key rotations and maintain audit records of operational history. This adds real operational burden that smaller organizations may find off-putting.

**Regulatory perspective**

From the standpoint of the EU AI Act, which came into gradual application starting in 2024, high-risk AI systems require governance documentation, decision traceability and audit mechanisms. A standard like ANS, which provides auditable identity verification, code integrity and operational history, is directly relevant to compliance with these requirements. European companies deploying AI agents in high-risk categories (hiring, credit, essential services) could find in ANS a compliance tool as well as a technical security tool.

**Impact for developers and companies**

For development teams building multi-agent systems, ANS potentially offers the possibility of delegating the identity problem to standard infrastructure instead of implementing ad hoc solutions for each integration. For corporate security teams, it offers an auditable mechanism to inventory which agents are operating on behalf of the organization and with what permissions, directly addressing the 'shadow agent' problem. For AI platform providers (agent frameworks, orchestrators, agent marketplaces), it provides a standard base on which to build verification functionality without having to deal with identity infrastructure from scratch.

**Outlook**

The ANS initiative represents a mature moment in the evolution of agentic AI: the sector is moving from debating what agents can do to debating how they are deployed in a secure and governable way. The bet on DNS as a foundation is a sign of pragmatism: instead of building technical utopias, ANS chooses the infrastructure that already works at global scale and extends it. If it manages to attract reference implementations from the major internet infrastructure players—Cloudflare and GoDaddy are already on board—and if the IETF validates the technical approach, ANS has a real chance of becoming the de facto standard for agent identity on the internet. The next milestone to watch will be the publication of the complete technical specifications and the first reference implementations in the GitHub repository.