c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3fb17100d74b99f1d67326b96e4463a508ec8b07
ietf-draft-analyzer/data/reports/blog-post.md
Christian Nennemann d6beb9c0a0 v0.3.0: Gap-to-Draft pipeline, Living Standards Observatory, blog series 
Gap-to-Draft Pipeline (ietf pipeline):
- Context builder assembles ideas, RFC foundations, similar drafts, ecosystem vision
- Generator produces outlines + sections using rich context with Claude
- Quality gates: novelty (embedding similarity), references, format, self-rating
- Family coordinator generates 5-draft ecosystem (AEM/ATD/HITL/AEPB/APAE)
- I-D formatter with proper headers, references, 72-char wrapping

Living Standards Observatory (ietf observatory):
- Source abstraction with IETF + W3C fetchers
- 7-step update pipeline: snapshot, fetch, analyze, embed, ideas, gaps, record
- Static GitHub Pages dashboard (explorer, gap tracker, timeline)
- Weekly CI/CD automation via GitHub Actions

Also includes:
- 361 drafts (expanded from 260 with 6 new keywords), 403 authors, 1,262 ideas, 12 gaps
- Blog series (8 posts planned), reports, arXiv paper figures
- Agent team infrastructure (CLAUDE.md, scripts, dev journal)
- 5 new DB tables, schema migration, ~15 new query methods

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 00:48:57 +01:00

11 KiB
Raw Blame History

The IETF's AI Agent Gold Rush: 260 Drafts, 403 Authors, and a 4:1 Safety Deficit

An automated analysis of every AI/agent Internet-Draft submitted to the IETF

The Internet Engineering Task Force is in the middle of an AI agent standardization sprint. We built an automated analyzer to fetch, categorize, and rate every AI- and agent-related Internet-Draft currently in the IETF pipeline. The numbers tell a story of breakneck activity, deep geopolitical concentration, and a worrying gap between the protocols being built and the safety guardrails that should accompany them.

Here's what we found.

By the Numbers

  • 260 Internet-Drafts related to AI agents
  • 403 unique authors from 184 distinct organizations
  • 1,262 technical ideas extracted and classified
  • 12 standardization gaps identified (3 critical)

The drafts span eight categories. The biggest clusters are data formats and interoperability (102 drafts), agent identity and authentication (98), and agent-to-agent communication protocols (92). Safety and alignment? Just 36 drafts. Human-agent interaction? Only 22.

That's a 4:1 ratio of capability-building to safety work.

Who's Writing These Drafts

The organizational leaderboard is striking. Huawei leads by a wide margin: 39 authors contributing to 45 drafts. The next largest contributors are independent researchers (16 authors, 21 drafts) and Cisco (23 authors, 20 drafts).

Chinese-linked institutions dominate the top ranks. Huawei, China Mobile, China Telecom, China Unicom, Tsinghua University, ZTE Corporation, Zhongguancun Laboratory, BUPT (Beijing University of Posts and Telecommunications), and CAICT collectively account for over 120 authors. While IETF drafts don't carry national flags, the concentration of authorship from organizations in a single country is notable.

Western tech companies have a comparatively thin presence. Ericsson has 2 authors on 7 drafts. Nokia has 2 authors on 5. Amazon has 6 authors on 6 drafts. Google, Apple, and Microsoft are largely absent.

The Team Bloc Pattern

When we analyzed co-authorship patterns, a clear structure emerged: persistent team blocs — groups of authors who co-sign most or all of the same drafts together.

We detected 33 team blocs covering 102 of 403 authors (25%). Each bloc is a group where members share at least 70% pairwise draft overlap. The largest is a 13-person Huawei team that co-authors 22 drafts together at 94% internal cohesion. Five core members — Bing Liu, Nan Geng, Zhenbin Li, Qiangzhou Gao, and Xiaotong Shang — appear on 17-21 drafts each, and virtually all of their work overlaps.

Other significant blocs include:

Team Members Shared Drafts Cohesion
Huawei (main team) 13 22 94%
Ericsson + Inria + Univ. of Murcia 5 6 100%
Five9 + Bitwave 2 6 100%
China Telecom + BUPT + Tsinghua 6 5 100%
Zhongguancun Lab + Tsinghua 4 5 94%
ISI, R.C. ATHENA 4 4 100%
Nokia 2 4 100%

This matters because raw "collaboration pair" analysis is misleading without accounting for team structure. When five people co-author 17 drafts, you get 10 pairwise edges that all show 17 shared drafts — drowning out the more interesting cross-team connections. Once we filter out intra-bloc pairs, the real cross-pollination picture emerges: it's sparse. The top cross-team pair (Jonathan Rosenberg and Cullen Fluffy Jennings, bridging Five9/Bitwave and Cisco) shares only 3 drafts. Most cross-team pairs share just 1.

Cross-Organization Collaboration

The strongest cross-org links are:

Org A Org B Shared Drafts
China Unicom Huawei 6
Bitwave Five9 6
Tsinghua University Zhongguancun Laboratory 5
Ericsson Inria 4
Cisco Sandelman Software Works 4
China Mobile ZTE Corporation 4

The Chinese organizations form a tightly linked ecosystem. Huawei collaborates with China Unicom (6 shared drafts), China Mobile (4), China Telecom (3), CAICT (3), and Telefonica (3). The academic institutions — Tsinghua, BUPT, Zhongguancun Lab — form their own cluster with overlapping authorship into the telecom operators.

European cross-org collaboration exists but is thinner: Ericsson partners with Inria and the University of Murcia on lightweight authentication protocols (EDHOC, EAP). The U.S. picture is fragmented, with small startup pairs (Five9 + Bitwave on agent communication protocols) and Cisco's collaboration with Sandelman Software Works on IoT device identity.

What's Being Built

The 1,262 extracted technical ideas break down as:

  • 488 mechanisms — concrete technical solutions (authentication flows, routing algorithms, token formats)
  • 217 architectures — system designs and reference models
  • 179 protocols — full protocol specifications
  • 169 patterns — reusable design approaches
  • 99 extensions — additions to existing standards (OAuth, SCIM, DNS)
  • 93 requirements — formal requirement documents

The most recurring idea across the corpus is Multi-Agent Communication Protocol, appearing in 8 separate drafts — a clear sign of fragmentation where multiple teams are tackling the same problem independently.

The highest-rated drafts (scored on novelty, maturity, overlap, momentum, and relevance on a 1-5 scale) are:

  1. draft-aylward-daap-v2 (4.8) — Comprehensive AI agent accountability protocol with authentication, monitoring, and enforcement
  2. draft-guy-bary-stamp-protocol (4.6) — Cryptographic delegation and proof system for AI agent task execution
  3. draft-drake-email-tpm-attestation (4.6) — Hardware attestation for email using TPM verification chains
  4. draft-ietf-lake-app-profiles (4.6) — Canonical CBOR representation for EDHOC application profiles

The average score across all 260 drafts is 3.38. The range runs from 1.6 (draft-liu-access-collaboration-agent) to 4.8.

The 12 Gaps

Our gap analysis compared the existing 260 drafts and 1,262 ideas against what would be needed for real-world deployment of autonomous AI agent systems. We found 12 gaps — areas where standardization work is missing or inadequate.

Critical Gaps (3)

1. Agent Behavior Verification. No mechanisms to verify that deployed agents actually behave according to their declared policies. The gap between stated capabilities and runtime behavior validation is entirely unaddressed. Only 36 of 260 drafts touch safety/alignment.

2. Agent Resource Management. No framework for managing computational resources, memory, and processing power across distributed AI agents. Drafts focus on communication but ignore resource contention.

3. Agent Error Recovery and Rollback. No standards for cascading failure handling or rollback mechanisms for autonomous decisions. One draft (draft-yue-anima-agent-recovery-networks) begins to address this; the rest ignore it.

High-Priority Gaps (6)

  • Cross-Protocol Translation — With 92 competing A2A protocols, there's no interoperability framework. Zero technical ideas found addressing this.
  • Multi-Agent Consensus Mechanisms — No frameworks for groups of agents to resolve conflicting decisions without human intervention.
  • Human Override and Intervention — Only 22 human-agent interaction drafts vs. 60 autonomous operations drafts. No emergency override protocols.
  • Agent Lifecycle Management — Registration is covered but versioning, updates, and graceful retirement are not.
  • Cross-Domain Security Boundaries — Identity management exists but cross-domain trust isolation does not.
  • Dynamic Trust and Reputation — Static certificates can't scale to long-running agent ecosystems.

Medium-Priority Gaps (3)

  • Agent Performance Monitoring — No observability standards for production agent deployments.
  • Agent Explainability Standards — No protocols for agents to explain their decisions.
  • Agent Data Provenance — 102 data format drafts but no provenance tracking.

The Safety Deficit

The most concerning finding is the structural imbalance between capability and safety work. The numbers:

Focus Area Drafts
A2A protocols 92
Autonomous operations 60
Agent identity/auth 98
AI safety/alignment 36
Human-agent interaction 22

For every draft addressing how to keep AI agents safe, roughly four drafts are building new capabilities for those agents. The human oversight category — arguably the most important for preventing autonomous systems from causing harm — receives the least attention of any major category.

The three critical gaps (behavior verification, resource management, error recovery) all relate to what happens when autonomous agents fail or misbehave. These are precisely the scenarios where absent standards will hurt the most.

What It All Means

The IETF's AI agent standards landscape in early 2026 looks like a gold rush: lots of activity, heavy investment from a concentrated set of players, and a focus on staking claims rather than building infrastructure.

Three observations stand out:

1. The fragmentation problem is real. Eight separate drafts proposing multi-agent communication protocols. Ninety-two A2A protocol drafts with no interoperability layer. The most common technical idea in the entire corpus appears in just 8 of 260 drafts. Teams are working in parallel, not together.

2. Authorship concentration creates standards risk. When 13 people from one organization co-author 22 drafts at 94% cohesion, the standards process risks reflecting a single implementation perspective. The IETF's strength is rough consensus from diverse implementors. That diversity is thin here.

3. The safety work needs to catch up. The 4:1 capability-to-safety ratio is not sustainable. Before these protocols reach deployment, the community needs answers to questions like: How do you verify an agent is doing what it claims? How do you roll back an autonomous decision? How does a human stop a misbehaving agent?

The IETF has navigated technology gold rushes before — the early web, IoT, DNS security. In each case, the lasting standards came from diverse coalitions focused on interoperability and safety, not from the fastest drafters. The AI agent wave will likely follow the same pattern. The question is whether the safety work catches up before the protocols ship.

Analysis conducted using a custom IETF Draft Analyzer that fetches drafts via the Datatracker API, rates them using Claude, extracts technical ideas, detects collaboration patterns, and identifies standardization gaps. Data current as of March 1, 2026. All 260 drafts, 403 authors, and 1,262 ideas are available in the project's SQLite database.

Reference in New Issue View Git Blame Copy Permalink