Vint Cerf's Next Act: ID Cards for AI Agents
Internet pioneer Vint Cerf has joined Innovation Labs to push DNSid, a DNS-anchored identity standard for AI agents, through the IETF after retiring from Google.

A wooden library card catalog drawer. Source: Unsplash / Erol Ahmed
Vint Cerf spent 21 years as Google's chief internet evangelist and roughly five decades before that co-designing the protocols the internet still runs on. He left Google on July 7. Eight days later, he resurfaced on the advisory council of Innovation Labs, a division of domain registry operator Identity Digital, to help push a proposal called DNSid through the Internet Engineering Task Force. The pitch: give every AI agent a durable identity anchored to a domain name someone actually owns.
TL;DR
- Vint Cerf joined Innovation Labs' advisory council on July 15, eight days after retiring from Google
- Innovation Labs, a division of registry operator Identity Digital, authored DNSid, an IETF draft that ties AI agent identity to existing DNS records
- The draft adds no new DNS record types or resolver changes, layering cryptographic ownership proofs beneath tools agents already use
- DNSid is one of at least three competing IETF drafts on agent identity; neither Anthropic nor OpenAI has signed on to any of them
From Google to a Domain Registry's Side Project
Cerf's departure from Google wasn't quiet. At the Laude Institute's Open Frontier conference on June 30, he told the room that the rise of autonomous agents would force the industry back toward the kind of open, boring interoperability standards that built the internet in the first place. Two weeks later he put his name behind one.
Innovation Labs is not a household name. It's a unit inside Identity Digital, a company that runs domain registries most people have never heard of but whose infrastructure sits underneath large chunks of the web. Its CTO, Naveed Ihsanullah, authored the DNSid specification and now lists Cerf alongside unnamed leaders from internet infrastructure, cybersecurity, national security, and finance on the project's advisory council. "AI agents now introduce the next architectural challenge," Ihsanullah said in the announcement, framing Cerf's arrival as continuity rather than a new direction.
Cerf's own framing was narrower than Ihsanullah's. "Questions of identity, accountability, and interoperability require the same thoughtful architectural approach that enabled the internet to scale," he said, which is a careful way of saying the problem is real without endorsing DNSid as the only fix.
Vint Cerf, co-designer of TCP/IP, spent 21 years as Google's chief internet evangelist before joining Innovation Labs.
Source: commons.wikimedia.org
How DNSid Actually Works
The core idea is narrow by design. Every AI agent gets an identifier that resolves back to a domain the operator already controls, verified through cryptographic signatures rather than a new central authority.
Anchoring Identity to Something That Already Exists
Instead of building a new namespace for agents, DNSid piggybacks on the one that already runs at global scale. An agent's identity record points to a DNS zone, and ownership of that zone is proof of who stands behind the agent. Ihsanullah has described this as building "on the internet's existing coordination layer" rather than competing with it.
No New DNS Machinery Required
The draft is explicit that it introduces no new DNS resource record types, no new opcodes, and no changes to resolvers or authoritative servers. It sits underneath existing identity and authentication systems, using what the spec calls accountable-entity-controlled signatures and an append-only log to track an agent's registration history over time. That's a deliberate design constraint: nothing about DNSid requires ICANN, browser vendors, or resolver operators to change anything before it can be tested.
Here's how DNSid stacks up against the other agent-identity efforts already in play:
| Proposal | Backer | Mechanism | Status |
|---|---|---|---|
| DNSid | Innovation Labs / Identity Digital | DNS zone ownership + crypto signatures | IETF draft-01, filed June 2026 |
| Agent Identity and Discovery (AID) | Independent submission | New discovery record format | IETF draft-00 |
| Agent Identity Registry System | Independent submission | Hardware-anchored federated registry | IETF draft-00 |
| Astrix (bought by Cisco) | Cisco | Enterprise credential vaulting for agent keys | Shipping product, $400M deal |
None of these four is anywhere close to a ratified standard, and only one of them is a commercial product you can buy today.
What It Does Not Tell You
DNSid solves a narrower problem than the press release implies. It can tell you which domain owns an agent. It can't tell you what that agent is authorized to do, who's liable when it acts outside its mandate, or how a user is supposed to check an agent's identity before granting it access to a bank account or a code repository. Ihsanullah has said the spec is meant to sit beneath authorization and interaction standards, not replace them, which means the harder governance questions are still unanswered by design.
There's also no consensus in sight. DNSid is competing with at least two other IETF submissions covering the same territory, and standards fights at the IETF routinely take years to resolve, if they resolve at all. Neither OpenAI nor Anthropic, the two labs shipping the most autonomous agents in production right now, appears on Innovation Labs' advisory council or in any of the competing drafts' author lists. Cerf himself won't promise an outcome. Asked whether an agent-driven economy is coming, he said flatly, "I don't think it's inevitable," before adding that people are "fundamentally lazy creatures" who'll hand tasks to agents wherever the option exists.
DNSid requires no changes to DNS resolvers or authoritative servers, an intentional constraint meant to ease adoption.
Source: unsplash.com
DNSid is a credible answer to a question the industry has mostly ignored: who is accountable when an autonomous agent does something on the open internet. It isn't yet an answer the internet has agreed to use, and Cerf's name on the advisory council buys attention, not adoption. The IETF still has to pick a lane among at least three drafts, and the two companies whose agents would most need this kind of identity layer haven't shown up to the table.
Sources:
- Vint Cerf is working on a plan to unleash AI agents on the open internet - TechCrunch
- Internet Architect Vint Cerf Joins Innovation Labs to Advance Open Architecture for AI Agent Accountability - Manila Times / GlobeNewswire
- draft-ihsanullah-dnsid-01 - DNS-Anchored Durable Identity for AI Agents - IETF Datatracker
- draft-nemethi-aid-agent-identity-discovery-00 - Agent Identity and Discovery - IETF Datatracker
- draft-drake-agent-identity-registry-00 - Agent Identity Registry System - IETF Datatracker
- Vint Cerf Retires From Google With a Warning: AI Agents Need Real Protocols - Tech Times
- Innovation Labs by Identity Digital Submits DNS-Anchored Durable Identity Proposal for AI Agents to the IETF - GlobeNewswire
