The Linux Foundation says that it intends to launch the Agent Name Service (ANS), an open standard that extends DNS to give AI agents a way to prove who they are.
In practice, that means being able to look up an agent and check who's actually operating it, what it's cleared to do, and whether anything in its code or history has changed.
Citing a research paper, the Linux Foundation says 82% of executives plan to adopt AI agents within the next one to three years, and most still have no reliable way to authenticate or govern them once they're running in production.
Right now, nothing stops an agent from claiming to be support-agent.acme.com as there is no way for anyone to check if that's true.
Finding the right one is just as hard. Nothing today links an agent's name and capabilities to a specific, verified version you can actually reach. ANS is built to address both problems at once.
How does it work?
Every agent registered under ANS gets a DNS-style name with a version number built in, something like ans://v1.0.0.my-agent.example.com. That name only comes with an identity certificate once the agent's domain passes the same DNS and ACME checks a website goes through to get an ordinary TLS certificate.
Every registration, renewal, or revocation gets recorded in a tamper-evident log (append-only Merkle log), so nobody can edit an agent's history after those events. A separate offline tool called ans-verify can check those records without even needing a live connection to the registry.
And before you assume this is something new they cooked up, it is not. GoDaddy already had ANS up and running months before the Linux Foundation got involved, building on an existing IETF draft.
Rather than build new certificate and DNS systems from the ground up, GoDaddy's engineers reused infrastructure they already had in production. That is the same certificate service handling over 100 million active SSL and TLS certificates, plus their existing DNS systems.
What's already live?
The agentnameservice organization on GitHub currently hosts eight repositories. The main one is ans, an MIT-licensed Go codebase that implements the whole stack, including the registry, the logging, and the verifier as a working reference anyone can run.
It's still early days, of course, but the whole stack reportedly comes up in around 60 seconds with nothing more than Go, openssl, curl, and jq installed.
