Key takeaways
- Trust rot is a critical challenge for autonomous agent systems - traditional HTTPS certificates alone cannot provide the version-specific identity and rapid revocation needed for agent-to-agent commerce at scale.
- The ANS framework extends HTTPS with a versioning layer through Private Identity Certificates (PriCC) that cryptographically bind agents to specific code versions, enabling instant trust invalidation when compromises occur.
- A layered trust ecosystem combines foundational identity, operational maturity attestations, and dynamic reputation scoring to create a holistic trust framework that can detect and respond to zero-day exploits and behavioral changes in real-time.
As the agent economy scales toward autonomous commerce, our engineering team identified a critical gap: standard HTTPS certificates cannot provide the version-specific identity and rapid revocation capabilities that multi-agent systems require. Our solution, the Agent Name Service (ANS), adds an event-driven versioning layer to HTTPS, enabling secure agent-to-agent transactions at scale.
HTTPS and the agent today
Many current agent experiences function solely with HTTPS. These include where UIs make generative AI API calls, and where client-side agents leverage tool use. HTTPS provides human-to-machine trust by confirming domain name legitimacy.
Compromised code can execute under valid SSL certificates. Trust rot occurs when SSL/TLS systems fail through unmanaged certificate expirations or ineffective revocation checks. For example, if an e-commerce agent is compromised to manipulate prices but its SSL certificate remains valid, it could process fraudulent transactions for days or weeks before detection. Attackers who exploit zero-day vulnerabilities continue operating until certificates expire or administrators manually revoke them. Certificate revocation requires out-of-band Certificate Authority processes with unpredictable latency.
Trust rot will be more problematic in multi-hop agent chains where autonomous agents delegate tasks: Agent A -> Agent B -> Agent C. For example, when a customer service agent delegates to a payment processing agent, which then routes through a fraud detection agent - if the payment agent is compromised midway through the chain, the fraud detection agent has no way to detect that its input came from a compromised source.
In machine-to-machine contexts, trust rot is a systemic flaw:
| Factor | Human-initiated (HTTPS model) | Autonomous agent (ANS model) |
|---|---|---|
| Exposure/Scaling | One compromised service affects the user and their transaction. | One compromised agent infects the downstream chain. If a payment agent is compromised with valid SSL, it processes fraudulent transactions and passes the risk to shipping agent before any human notices. |
| Mitigation Speed | Manual intervention detects breaches; out-of-band CA processes revoke certificates. | Trust decisions occur in milliseconds. ANS provides a dedicated, rapid emergency path for the owner to bypass grace periods and issue an immediate cryptographic revocation command. |
The alternatives considered
At GoDaddy, as we developed the Web2 ANS framework, we considered using HTTP-based agent directories and relying just on HTTPS certificates. But there were issues.
HTTP directory services, even when federated, must maintain trusted lists of application hosts. Whereas ANS uses DNS as the discovery anchor, utilizing globally decentralized DNS as a universal lookup index.
Standard TLS only proves domain ownership and secures HTTP transport, forcing communication through HTTP layers. DNS functions for any protocol (MCP, A2A, future protocols).
Standard certificates prove domain ownership but cannot provide cryptographic proof for code integrity. While version ambiguity is acceptable for web services, it is unacceptable for autonomous agents executing impactful transactions.
The solutions to the agent identity problem generally falls into two architectural camps: the Web3 model and the ANS/PKI hybrid model. We chose the ANS/PKI model to maximize enterprise compatibility and scalability with existing internet infrastructure.
The Git commit for identity
The ANS system addresses trust rot through event-driven identity invalidation, decoupling security from a time-based schedule. It adds a versioning layer to HTTPS via the second of its two required certificates:
- Public Server Certificate (PubSC): The HTTPS certificate securing the agent's fully qualified domain name.
- Private Identity Certificate (PriCC): The digital passport cryptographically bound to the agent's semantic version (v1.0.1).
The PriCC enables agents to distinguish between trusted code versions or compromised ones. Code changes or capability metadata modifications require new PriCC identity registration.
The ANS system issues an event-driven revocation upon successful deployment of new versions. It enforces grace periods (24-72 hours) for client applications to shift traffic before automatic cryptographic revocation.
SSL ecosystems use Certificate Transparency for tracking certificate issuance. ANS builds from this via its Transparency Log (TL), a public, append-only Merkle Tree structure, for version-granular audit trails. Here's how:
The ANS Registration Authority (RA) seals PriCC issuance and revocation event into the TL. Code changes create new identity events in the TL. This enables forensic analysis, allowing auditors to prove which code version handled which specific transactions.
Closing the application integrity gap
The ANS ecosystem detects code-level behavior through three layers that bridge the gap between PriCC certificates and live agent behavior. The following diagram illustrates this layered, holistic agent trust framework:
Layer 1 provides foundational identity through ANS RA attestation of PriCC integrity and organizational verification using Bronze, Silver, and Gold badges. This cryptographic root of trust verifies agent owners and committed versions. Badge tiers reflect identity validation strength through domain verification and corporate OV/EV checks performed by accredited verifiers.
Layer 2 validates operational maturity through Agent Provider attestations included in the Agent Card and sealed in the TL. These attestations contain claims of adherence to SOC 2 security protocols, HIPAA compliance, or A2SPA integrity standards. Partners use this data to filter agents based on specific legal or security requirements.
Layer 3 monitors dynamic reputation through real-time behavioral data. Independent monitoring services (reputation oracles) consume ANS Pub/Sub feeds to track transaction success rates, response latency, and community flags against malware databases. If zero-day exploits cause agent success rates to plummet, Layer 3 scores drop instantly, allowing client agents to reject connections even though the compromised version's PriCC has not yet been revoked.
The framework maintains ANS standard neutrality while the ecosystem detects and flags behavior changes from zero-day exploits or application bugs through continuous external auditing and trust scoring.
The Dynamic Trust Index combines scores from all three layers, providing continuous assessment of identity compliance, and real-world behavior rather than one-time cryptographic checks.
Discovery and non-repudiation for autonomous commerce
The enhanced ANS standard is the architectural upgrade that makes high-stakes agent-to-agent transactions possible. It delivers value through two distinct, resilient functions: audit trails and Pub/Sub event streams.
- ANS's builds audit trails through two cryptographic proof layers, addressing HTTPS limitations in multi-hop chains. Agents establish channel security (mTLS with PriCC) for identity proof and add Message Security (JWS) for tamper-proof data stamps. In payment disputes, signed, version-bound messages sealed in the TL prove which agent version sent instructions; they also confirm message integrity.
- The ANS RA broadcasts lifecycle events via Pub/Sub event streams. Third parties consume data to build searchable indexes of agents and capabilities. This approach uses DNS as a universal, highly resilient lookup index for the agent economy.
ANS now
The ANS Registry launched its production alpha on October 31, 2025.
By anchoring identity to a version-bound PriCC and public Transparency Logs, ANS creates verifiable, neutral bridges preventing the agentic marketplace fragmentation into proprietary systems. The ANS framework extends HTTPS to meet autonomous commerce demands.
Are you ready to passport your agents?
If you're ready to implement the ANS with your agents, we've got some actions you can take.
- For engineers: The ANS implementation operates live. SDKs release in December 2025. Begin integration planning for verifiable, version-bound identities.
- For businesses: Register agents to establish auditable, discoverable agent identities.
