Agentic AI emerged as a defining theme at RSAC 2026. Among the many questions raised, one stood out during the Center for Cybersecurity Policy & Law’s executive roundtable: How will AI agents discover one another — and who determines whether they can be discovered at all?

The answer is not merely technical. It carries far-reaching implications for security, digital sovereignty, and market competition in what is rapidly becoming the “agentic web.”

Enterprises are rapidly deploying autonomous agents that can negotiate, transact, and coordinate across organizational boundaries. While the industry has made significant progress on agent communication protocols, the discovery infrastructure remains unsettled. This mechanism would enable agents to find one another, verify capabilities, and establish trust before they ever exchange a single message. Without a reliable discovery layer, agent identity and trust cannot be meaningfully established.

Think of it this way: imagine a world of phones with no universal phone book. You can only call someone if you already know their number. If you aren't listed, you simply don't exist. That is where AI agents are today and this discovery infrastructure is needed. 

A fragmented ecosystem

The roundtable convened 25 senior leaders from across the ecosystem — including cloud providers, domain registrars, government representatives, and standards organizations — to assess the current state of agent discovery.

What emerged was a landscape developing in silos:

• Platform-centric models offer end-to-end lifecycle management but limit discovery to agents within the same ecosystem.
• Centralized registries provide directory-style lookup, yet no single registry is comprehensive, and each introduces risks of vendor lock-in.
• Network-integrated approaches embed discovery into telecommunications infrastructure, often concentrating control in network operators, in some cases under state influence.

Each model functions within its own boundaries but none provides a scalable, interoperable solution for cross-platform discovery.

Policy risks on the horizon

The absence of a discovery layer introduces four interconnected policy risks:

1. Sovereignty — Whoever controls discovery controls which agents can be seen. Organizations and nations risk ceding that authority to a handful of platform operators or foreign-controlled registries.
2. Concentration — Without interoperability requirements, the market is trending toward proprietary directories that could use market power to marginalize open alternatives, echoing the platform consolidation we saw in social media.
3. Security — Discovery is the first step in any agent-to-agent interaction. If rogue or unverified agents can be discovered and trusted by default, they can trick systems into sharing sensitive data or executing harmful commands.
4. Technical Divide — New protocols and infrastructure standards risk creating steep adoption barriers. If discovery requires entirely new tooling, the vast majority of enterprises, especially in traditional industries, will be left behind.

An Open Infrastructure Alternative

One of the most encouraging themes from the discussion was the recognition that industry does not need to build agent discovery from scratch. The internet already has a globally deployed, vendor-neutral, battle-tested discovery system: the Domain Name System (DNS).

For over 40 years, DNS has provided open, distributed naming and resolution infrastructure. It is governed by international consensus, operates across every device and network on earth, and is already secured by cryptographic mechanisms like Domain Name System Security Extension (DNSSEC).

The roundtable explored how DNS can be extended or "bootstrapped" to serve as an interoperable discovery layer for AI agents, without any single platform, registry, or government controlling the directory. Proposals like DNS-AID (DNS-Based Agent Discovery), progressing through the IETF, demonstrate that agents can publish their capabilities, protocols, and trust metadata directly in DNS records using existing standards, with no new protocol infrastructure required.

The analogy is straightforward: just as DNS gave every website an address that anyone could find, it can give every AI agent a discoverable identity owned by the organization that operates it, not by a third-party gatekeeper.

A Call to Action for Policymakers

The window for shaping the agent discovery architecture is narrowing. Proprietary models are operational and capturing market share while open, distributed alternatives remain nascent. Without deliberate policy support, the opportunity for an interoperable, sovereignty-preserving model could close.

Policymakers should consider four concrete steps:

1. Require open discovery options — Platforms should be expected to support at least one interoperable discovery standard built on existing, proven infrastructure.
2. Support international standards — Governments should engage with international standards bodies to ensure agent discovery protocols are built on trusted, multi-stakeholder internet infrastructure.
3. Protect sovereign namespaces — Nations and enterprises must retain the ability to own their agent namespaces and enforce their own discovery policies, independent of any single commercial platform.
4. Seed an open ecosystem — Governments can accelerate adoption by funding open-source tools, reference implementations, and developer resources that lower the barrier for organizations to publish, discover, and verify AI agents using open protocols.

Looking Ahead

The conversations at the RSA roundtable made it clear that agent discovery is a foundational policy choice that will shape the security, competition, and sovereignty landscape of the agentic web for decades to come. The technology for an open alternative exists. The standards process is underway. What is needed now is the policy that will support it.

For more information on the Center's work on agentic AI policy, visit www.centerforcybersecuritypolicy.org. To learn more about DNS-AID, visit www.dns-aid.org.