Vint Cerf co-invented the internet's plumbing. Now he wants to build the identity layer for AI agents. He's leaving Google to do it. That's the narrative. Here's the reality: without a verifiable, decentralized, and cryptographically auditable ledger, his standard is just another permission slip signed by a central authority.
The ledger remembers what the marketing forgets.
Cerf's vision is ambitious. AI agents need digital identities to prevent fraud, ensure accountability, and enable secure machine-to-machine communication. The problem is ancient: how do you trust an entity you've never met? The internet solved this with public key infrastructure (PKI) and certificate authorities. But PKI rotted from the inside—delegated trust, compromised roots, and a handful of companies holding the keys. Cerf's proposal risks repeating the same mistakes in a high-frequency, autonomous agent economy.
Context: The Agent Apocalypse
The AI industry is rushing to deploy autonomous agents. OpenAI's Assistants API, Microsoft Copilot, Anthropic's Claude—each creates its own identity silo. Agents from different ecosystems cannot verify each other. Fraud is trivial: a malicious agent impersonates a legitimate one, extracts user data, or signs a transaction. Cerf's standard aims to solve this by providing a universal identity layer, much like DNS resolved the problem of remembering IP addresses.
But DNS is centralized. ICANN controls the root. A government pressure can seize a domain. If Cerf's identity standard follows a similar hierarchical model, it becomes a single point of failure—and a target for regulatory capture.
Core: Deconstructing the Identity Promise
Trace every byte back to the genesis block. That's the principle. For an AI agent identity to be trustworthy, it must be rooted in an immutable, censorship-resistant source. In my forensic analysis of the NFT metadata mirage (2021), I found 90% of Bored Ape traits pointed to off-chain, fragile AWS S3 buckets. The same flaw applies to identity: if the certificate authority is compromised, all identities under it are worthless.
A robust identity standard for AI agents must include: - Decentralized Identifiers (DIDs) rooted on a blockchain or distributed ledger. This anchors the identity to a timestamped, public record. - Verifiable Credentials (VCs) signed by issuer keys that can be revoked on-chain. Not a central registry, but smart contract logic. - Proof of Ownership: the agent must prove it controls the private key associated with its DID at every interaction. Not a session cookie, but a cryptographic signature.
During my Solidity traceability break (2017), I learned that smart contract flaws often hide in external calls. Here, the external call is to a central identity provider. If that provider lies, the agent identity is a phantom.
Metadata is not ownership; it is merely a pointer.
Cerf's initiative, if it relies on traditional PKI with a root authority, will create a pointer, not proof. The actual trust must be verifiable by anyone, anywhere, without asking permission. That is only achievable with an open, permissionless ledger.
The Oracle Problem, Revisited
DeFi's Achilles' heel is oracle latency. Chainlink solves decentralization with centralized nodes—a joke I've spelled out before. AI agent identity faces a similar latency problem: how fast can you verify an identity across thousands of agents? If verification requires querying a central server, you reintroduce single-point failure and latency, exactly when agents need sub-second trust.
During my audit of an Imperfect Finance protocol in 2020, I found that reward distribution algorithms diluted holders by 40% within six months. The hype masked the math. Here, the hype around Cerf's identity standard masks the math of trust propagation. A naive implementation will choke under agent density.
Contrarian: What the Bulls Got Right
To be fair, Cerf's initiative could be the crucial first step toward AI accountability. Without a standard, every agent is anonymous. Anonymity enables fraud, manipulative behavior, and unaccountable decisions. The European AI Act already mandates traceability for high-risk systems. Cerf's identity layer directly addresses that regulatory requirement.
Moreover, Cerf's departure from Google signals independence. He no longer serves a single corporation's walled garden. His credibility as an internet pioneer can rally support from standards bodies (IETF, W3C) and open-source communities. If he anchors the standard on open protocols like DIDs and Verifiable Credentials, it could become the TCP/IP of agent identity.
But independence does not guarantee technical soundness. The devil is in the governance. Who gets to issue root keys? Who decides which identities are revoked? If the governance falls to a board of incumbents (Google, Amazon, Microsoft), the standard becomes an oligarchy's tool to exclude competitors.
Greed optimizes for yield, not for survival.
Survival of the open internet requires that no single entity controls identity. Cerf must design the system such that even he cannot revoke an identity without consensus.
Takeaway: A Call for On-Chain Proof
Cerf's identity standard is a high-leverage intervention. Executed correctly, it could enable a secure, interoperable agent economy. Executed poorly, it creates a new layer of centralization that will be exploited the moment it matters.
I will be watching one signal: whether the standard mandates on-chain anchoring of DIDs and revocation lists. If it settles for a centralized certificate authority model, it deserves the same scrutiny I applied to FTX's commingled wallets—trace the ledger, count the bytes, expose the illusion of trust.
Code does not lie, but developers do. And standards are written by developers.
The internet's first identity layer (PKI) failed because trust became delegated to corporations. The second chance is here. If Cerf builds it on a blockchain-anchored trust root, we might finally get an identity system that can survive the next century. If not, history will repeat—this time in agent-to-agent signatures.