Vint Cerf's Next Act: ID Cards for AI Agents

Internet pioneer Vint Cerf has joined Innovation Labs to push DNSid, a DNS-anchored identity standard for AI agents, through the IETF after retiring from Google.

Vint Cerf's Next Act: ID Cards for AI Agents

A wooden library card catalog drawer. Source: Unsplash / Erol Ahmed

Vint Cerf spent 21 years as Google's chief internet evangelist and roughly five decades before that co-designing the protocols the internet still runs on. He left Google on July 7. Eight days later, he resurfaced on the advisory council of Innovation Labs, a division of domain registry operator Identity Digital, to help push a proposal called DNSid through the Internet Engineering Task Force. The pitch: give every AI agent a durable identity anchored to a domain name someone actually owns.

TL;DR

  • Vint Cerf joined Innovation Labs' advisory council on July 15, eight days after retiring from Google
  • Innovation Labs, a division of registry operator Identity Digital, authored DNSid, an IETF draft that ties AI agent identity to existing DNS records
  • The draft adds no new DNS record types or resolver changes, layering cryptographic ownership proofs beneath tools agents already use
  • DNSid is one of at least three competing IETF drafts on agent identity; neither Anthropic nor OpenAI has signed on to any of them

From Google to a Domain Registry's Side Project

Cerf's departure from Google wasn't quiet. At the Laude Institute's Open Frontier conference on June 30, he told the room that the rise of autonomous agents would force the industry back toward the kind of open, boring interoperability standards that built the internet in the first place. Two weeks later he put his name behind one.

Innovation Labs is not a household name. It's a unit inside Identity Digital, a company that runs domain registries most people have never heard of but whose infrastructure sits underneath large chunks of the web. Its CTO, Naveed Ihsanullah, authored the DNSid specification and now lists Cerf alongside unnamed leaders from internet infrastructure, cybersecurity, national security, and finance on the project's advisory council. "AI agents now introduce the next architectural challenge," Ihsanullah said in the announcement, framing Cerf's arrival as continuity rather than a new direction.

Cerf's own framing was narrower than Ihsanullah's. "Questions of identity, accountability, and interoperability require the same thoughtful architectural approach that enabled the internet to scale," he said, which is a careful way of saying the problem is real without endorsing DNSid as the only fix.

Portrait of Vint Cerf Vint Cerf, co-designer of TCP/IP, spent 21 years as Google's chief internet evangelist before joining Innovation Labs. Source: commons.wikimedia.org

How DNSid Actually Works

The core idea is narrow by design. Every AI agent gets an identifier that resolves back to a domain the operator already controls, verified through cryptographic signatures rather than a new central authority.

Anchoring Identity to Something That Already Exists

Instead of building a new namespace for agents, DNSid piggybacks on the one that already runs at global scale. An agent's identity record points to a DNS zone, and ownership of that zone is proof of who stands behind the agent. Ihsanullah has described this as building "on the internet's existing coordination layer" rather than competing with it.

No New DNS Machinery Required

The draft is explicit that it introduces no new DNS resource record types, no new opcodes, and no changes to resolvers or authoritative servers. It sits underneath existing identity and authentication systems, using what the spec calls accountable-entity-controlled signatures and an append-only log to track an agent's registration history over time. That's a deliberate design constraint: nothing about DNSid requires ICANN, browser vendors, or resolver operators to change anything before it can be tested.

Here's how DNSid stacks up against the other agent-identity efforts already in play:

ProposalBackerMechanismStatus
DNSidInnovation Labs / Identity DigitalDNS zone ownership + crypto signaturesIETF draft-01, filed June 2026
Agent Identity and Discovery (AID)Independent submissionNew discovery record formatIETF draft-00
Agent Identity Registry SystemIndependent submissionHardware-anchored federated registryIETF draft-00
Astrix (bought by Cisco)CiscoEnterprise credential vaulting for agent keysShipping product, $400M deal

None of these four is anywhere close to a ratified standard, and only one of them is a commercial product you can buy today.

What It Does Not Tell You

DNSid solves a narrower problem than the press release implies. It can tell you which domain owns an agent. It can't tell you what that agent is authorized to do, who's liable when it acts outside its mandate, or how a user is supposed to check an agent's identity before granting it access to a bank account or a code repository. Ihsanullah has said the spec is meant to sit beneath authorization and interaction standards, not replace them, which means the harder governance questions are still unanswered by design.

There's also no consensus in sight. DNSid is competing with at least two other IETF submissions covering the same territory, and standards fights at the IETF routinely take years to resolve, if they resolve at all. Neither OpenAI nor Anthropic, the two labs shipping the most autonomous agents in production right now, appears on Innovation Labs' advisory council or in any of the competing drafts' author lists. Cerf himself won't promise an outcome. Asked whether an agent-driven economy is coming, he said flatly, "I don't think it's inevitable," before adding that people are "fundamentally lazy creatures" who'll hand tasks to agents wherever the option exists.

Server rack in a data center DNSid requires no changes to DNS resolvers or authoritative servers, an intentional constraint meant to ease adoption. Source: unsplash.com


DNSid is a credible answer to a question the industry has mostly ignored: who is accountable when an autonomous agent does something on the open internet. It isn't yet an answer the internet has agreed to use, and Cerf's name on the advisory council buys attention, not adoption. The IETF still has to pick a lane among at least three drafts, and the two companies whose agents would most need this kind of identity layer haven't shown up to the table.

Sources:

Elena Marchetti
About the author Senior AI Editor & Investigative Journalist

Elena is a technology journalist with over eight years of experience covering artificial intelligence, machine learning, and the startup ecosystem.