Files
ietf-draft-analyzer/data/reports/gaps.md

63 KiB

Gap Analysis: IETF AI/Agent Draft Landscape

Generated 2026-05-22 10:24 UTC — analyzing 889 drafts, 898 technical ideas

Overview

This report identifies 18 gaps — areas, problems, or technical challenges not adequately addressed by the current 889 IETF AI/agent drafts. Each gap is cross-referenced with related drafts and extracted technical ideas to show partial coverage.

Severity Count
CRITICAL 4
HIGH 9
MEDIUM 5

Safety Deficit

Only 152 of 889 drafts address AI safety/alignment, while 157 focus on A2A protocols and 91 on autonomous operations. The ratio of capability-building to safety is roughly 1:1.


1. Cross-SDO AI Agent Certification

Severity CRITICAL
Category Policy/governance
Drafts in category 259

No unified certification framework exists for AI agents that must comply with multiple standards bodies simultaneously. Organizations deploying AI agents face conflicting requirements across NIST trustworthiness, ISO safety, ETSI security, and ITU network integration standards.

Evidence: Real deployments require simultaneous compliance with safety (ISO), security (ETSI), trustworthiness (NIST), and network standards (ITU), but no cross-recognition framework exists

Keyword matches (drafts mentioning gap topic):

Top-rated in Policy/governance (259 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks

Partially Addressing Ideas

1 extracted ideas touch on this gap:

Idea Draft Type
Domain-Verified Skills Protocol draft-zzn-dvs protocol

2. Real-time AI Agent Liability Attribution

Severity CRITICAL
Category AI safety/alignment
Drafts in category 152

When multiple autonomous AI agents interact and cause harm, no technical standard exists for real-time liability tracking and attribution. Current frameworks address governance but not the technical mechanisms for liability determination during multi-agent failures.

Evidence: Multi-agent systems are being deployed without clear technical mechanisms to determine responsibility when agents interact and cause unintended consequences

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

7 extracted ideas touch on this gap:

Idea Draft Type
A2A Protocol Transport over MOQT draft-a2a-moqt-transport protocol
Dynamic Task Coordination Requirements for AI Agents draft-cui-ai-agent-task requirement
Dynamic Attestation for TLS Sessions draft-jiang-seat-dynamic-attestation mechanism
SLIM protocol for real-time interactive messaging draft-mpsb-agntcy-slim protocol
High-Frequency Action-Integrity Protocol draft-sovereign-haip protocol
AI Network Security Agent draft-yuan-rtgwg-security-agent-usecase architecture
AI Network Traffic Optimization Agent draft-yuan-rtgwg-traffic-agent-usecase architecture

3. Cross-Organization AI Agent Liability Framework

Severity CRITICAL
Category Policy/governance
Drafts in category 259

No unified framework exists for determining legal liability when AI agents from different organizations interact and cause harm. Current standards focus on technical requirements but lack coordinated governance for multi-party agent scenarios.

Evidence: NIST covers risk management and ISO has safety requirements, but no standard addresses liability chains when autonomous agents interact across organizational boundaries

Keyword matches (drafts mentioning gap topic):

Top-rated in Policy/governance (259 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks

Partially Addressing Ideas

64 extracted ideas touch on this gap:

Idea Draft Type
AgentCard Identity Format draft-aevum-agentcard protocol
Intelligent Agent Communication Gateway Architecture draft-agent-gw architecture
Tiered Risk-Based Governance for Autonomous AI Agents draft-aylward-aiga-1 architecture
Tiered Risk-Based Governance for Autonomous AI Agents draft-aylward-aiga-2 architecture
Distributed AI Accountability Protocol draft-aylward-daap-v2 protocol
Zero Trust Runtime Agent Architecture draft-berlinai-vera architecture
Agentic Hypercall Protocol draft-campbell-agentic-http pattern
Context Distribution Optimization Framework draft-chang-agent-context-interaction mechanism

...and 56 more


4. AI Agent Emergency Shutdown Coordination

Severity CRITICAL
Category AI safety/alignment
Drafts in category 152

No standardized protocols exist for coordinating emergency shutdown of interconnected autonomous agents during cascading failure scenarios. Individual shutdown mechanisms exist but not coordinated response.

Evidence: ISO safety standards cover individual machine shutdown but not coordinated multi-agent emergency responses

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

12 extracted ideas touch on this gap:

Idea Draft Type
Distributed AI Accountability Protocol draft-aylward-daap-v2 protocol
Agent-based OAuth Token Revocation draft-chen-oauth-agent-revocation extension
Agentic network architecture for multi-agent coordination draft-chuyi-nmrg-agentic-network-inference architecture
Dynamic Task Coordination Requirements for AI Agents draft-cui-ai-agent-task requirement
Multi-Agent Communication Framework for AIOps draft-fu-nmop-agent-communication-framework architecture
Meta-Layer Coordination Substrate draft-meta-layer-overview architecture
Substrate-Observation Coordination draft-morrison-substrate-observation pattern
Agentic Overlay Network Architecture draft-xu-agentic-overlay-network-architecture architecture

...and 4 more


5. Cross-Domain AI Model Poisoning Detection

Severity HIGH
Category AI safety/alignment
Drafts in category 152

While NIST addresses adversarial ML, no standard exists for detecting model poisoning when AI agents share or federate models across organizational boundaries. Cross-domain poisoning attacks remain undetectable by current frameworks.

Evidence: Federated learning and model sharing are increasing, but poisoning attacks across trust boundaries lack standardized detection mechanisms

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

1 extracted ideas touch on this gap:

Idea Draft Type
MCP-based Intent-Driven Network Troubleshooting draft-zm-rtgwg-mcp-troubleshooting protocol

6. AI Agent Resource Exhaustion Prevention

Severity HIGH
Category Autonomous netops
Drafts in category 91

No standard exists to prevent AI agents from consuming excessive computational, network, or storage resources when operating autonomously. Current traffic management focuses on characterization but not prevention of resource abuse.

Evidence: Autonomous agents can cause denial-of-service through resource overconsumption, but no preventive standards exist beyond basic traffic characterization

Keyword matches (drafts mentioning gap topic):

Top-rated in Autonomous netops (91 drafts):

  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks
  • draft-song-anp-aip (4.6) — Provides best-effort datagram delivery between AI agents identified by agent:// URIs. Serves as narr
  • iso-pas-8800-2024 (4.5) — Addresses safety-related E/E systems using AI technology in series-production road vehicles, coverin
  • draft-cui-nmrg-llm-benchmark (4.3) — Provides comprehensive evaluation framework for LLM-based network configuration agents. Includes emu
  • iso-22733-1-2021 (4.3) — Specifies test methodology for evaluating autonomous emergency braking system performance in car-to-

Partially Addressing Ideas

13 extracted ideas touch on this gap:

Idea Draft Type
SCIM 2.0 Extension for Agents and Agentic Applications draft-abbey-scim-agent-extension extension
AgentCard Identity Format draft-aevum-agentcard protocol
AI Discovery Endpoint draft-aiendpoint-ai-discovery mechanism
Fluid Agentic DeFi Protocol (FADP) draft-fluid-fadp protocol
Events Query Protocol draft-gupta-httpapi-events-query protocol
Agent Directory (AD) draft-jimenez-agent-directory protocol
Micro Agent Communication Protocol (µACP) draft-mallick-muacp protocol
MOQT Binding for A2A and MCP Protocols draft-nandakumar-ai-agent-moq-transport extension

...and 5 more


7. Multi-Modal Agent Authentication

Severity HIGH
Category Agent identity/auth
Drafts in category 202

Current agent identity standards assume single authentication modalities, but real AI agents operate across voice, text, visual, and sensor inputs simultaneously. No standard addresses unified authentication across multiple modalities.

Evidence: Multi-modal AI agents are being deployed without standardized cross-modality authentication, creating security vulnerabilities

Keyword matches (drafts mentioning gap topic):

Top-rated in Agent identity/auth (202 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

19 extracted ideas touch on this gap:

Idea Draft Type
AI Discovery Endpoint draft-aiendpoint-ai-discovery mechanism
Agentic Hypercall Protocol draft-campbell-agentic-http pattern
Dynamic Behavior-Based Authentication and Authorization Requirements draft-chen-ai-agent-auth-new-requirements requirement
AI Agent Metadata Format draft-cui-ai-agent-discovery-invocation extension
HTTP Agent Profile (HAP) draft-dhir-http-agent-profile protocol
AI Agent Protocol Framework draft-hw-protocol-agent protocol
Multi-modal Data Quality Awareness draft-hw-protocol-agent requirement
VWRAP Application-Layer Authentication Model draft-ietf-vwrap-authentication protocol

...and 11 more


8. Real-time Agent Capability Negotiation

Severity HIGH
Category Agent discovery/reg
Drafts in category 84

Autonomous agents need standardized protocols to dynamically discover and negotiate capabilities in real-time interactions. Current discovery mechanisms assume static capability sets and don't handle evolving AI models.

Evidence: IETF has 84 agent discovery drafts but most focus on registration, not dynamic capability negotiation during active sessions

Keyword matches (drafts mentioning gap topic):

Top-rated in Agent discovery/reg (84 drafts):

  • draft-drake-agent-identity-registry (4.6) — Defines federated registry architecture for persistent, hardware-anchored identities for autonomous
  • draft-song-anp-ans (4.6) — Defines Agent Name System mapping agent:// URIs to network peer identifiers in the ANP suite. Provid
  • iso-37181-2022 (4.5) — Establishes guidelines for introducing and organizing autonomous vehicles on public roads. Addresses
  • iso-37168-2022 (4.2) — Provides implementation guidance for Electric, Connected, and Autonomous Vehicles (eCAVs) in on-dema
  • draft-deforth-arp-reasoning-protocol (4.2) — Defines ARP v2.0, a machine-readable protocol for entities to publish context, corrections, and expe

Partially Addressing Ideas

40 extracted ideas touch on this gap:

Idea Draft Type
A2A Protocol Transport over MOQT draft-a2a-moqt-transport protocol
Dynamic Task Coordination Requirements for AI Agents draft-cui-ai-agent-task requirement
Agent Trust Negotiation Protocol draft-somoza-atn-agent-trust-negotiation protocol
MCP Aggregation Protocol draft-abbott-mcp-ax protocol
Intelligent Agent Communication Gateway Architecture draft-agent-gw architecture
AI-Native Network Protocol (AINP) draft-ainp-protocol protocol
Agentic Data Optimization Layer (ADOL) draft-chang-agent-token-efficient protocol
Multi-Provider AI Inference Extensions draft-chen-nmrg-multi-provider-inference-api extension

...and 32 more


9. Federated AI Agent Training Security

Severity HIGH
Category AI safety/alignment
Drafts in category 152

Standards lack comprehensive security frameworks for federated learning scenarios where multiple AI agents collaborate on model training. Privacy-preserving techniques and poisoning attack prevention are inadequately specified.

Evidence: ITU-T Y.3178 covers federated ML framework but NIST adversarial ML taxonomy doesn't address multi-agent training scenarios

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

30 extracted ideas touch on this gap:

Idea Draft Type
Privacy-Preserving Federated Learning for Multi-Tenant AI Agents draft-kale-agntcy-federated-privacy architecture
AI Traffic Characterization Framework draft-aft-ai-traffic requirement
AI Traffic Characterization Framework draft-ai-traffic requirement
Zero Trust Runtime Agent Architecture draft-berlinai-vera architecture
Cross-Domain Agent Interoperability Framework draft-cui-dmsc-agent-cdi architecture
Agent Identity Registry draft-drake-agent-identity-registry architecture
Agentic AI for Autonomous Network Management draft-hong-nmrg-agenticai-ps requirement
Trust and security framework for structured email draft-ietf-sml-trust requirement

...and 22 more


10. Human Override Verification Protocols

Severity HIGH
Category Human-agent interaction
Drafts in category 70

While human-in-the-loop protocols exist, there's no standard for cryptographically verifying that human overrides of autonomous systems are authentic and authorized, creating security vulnerabilities.

Evidence: IETF has human-in-the-loop confirmation protocols but lack cryptographic verification of human identity and authorization

Keyword matches (drafts mentioning gap topic):

Top-rated in Human-agent interaction (70 drafts):

  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb
  • draft-sato-soos-cap (4.5) — Specifies kernel-enforced prohibition architecture for agentic AI systems with three-tier prohibitio
  • iso-37181-2022 (4.5) — Establishes guidelines for introducing and organizing autonomous vehicles on public roads. Addresses
  • iso-pas-8800-2024 (4.5) — Addresses safety-related E/E systems using AI technology in series-production road vehicles, coverin

Partially Addressing Ideas

1 extracted ideas touch on this gap:

Idea Draft Type
Verified Commerce for Agent Protocols draft-stone-vcap protocol

11. Cross-Domain AI Model Provenance Tracking

Severity HIGH
Category Data formats/interop
Drafts in category 202

Standards lack unified approaches for tracking AI model provenance across different domains and organizations, making it difficult to verify model origins and modifications in complex agent ecosystems.

Evidence: NIST covers synthetic content provenance but not comprehensive model provenance across organizational boundaries

Keyword matches (drafts mentioning gap topic):

Top-rated in Data formats/interop (202 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks
  • iso-iec-22989-2022 (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel
  • draft-williams-netmod-lm-hierarchy-topology (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L

Partially Addressing Ideas

9 extracted ideas touch on this gap:

Idea Draft Type
Human-Anchored Agent Identity Model draft-beyer-agent-identity-architecture architecture
Crovia Seal draft-crovia-seal protocol
EAT Profile for AI Agent Attestation draft-messous-eat-ai extension
Cryptographic AI Inference Provenance Chain draft-mw-spice-inference-chain mechanism
Cryptographic Content Provenance Chain draft-mw-spice-intent-chain mechanism
Protocol Layer Prompt Engineering Specification (PLPES) draft-reilly-plpes protocol
Agent Public Key Infrastructure (APKI) draft-sharif-apki-agent-pki architecture
ML Model Description Framework iso-iec-awi-25623 framework

...and 1 more


Severity HIGH
Category Policy/governance
Drafts in category 259

No framework exists for recognizing when AI agents can act with legal standing versus when they require human principals. This creates uncertainty in contract formation and legal obligations.

Evidence: Legal recognition gaps mentioned in governance discussions but no technical standards address digital identity for legal standing

Keyword matches (drafts mentioning gap topic):

  • iso-18497-3-2024 (score 3.0) — ISO 18497-3:2024: Agricultural machinery and tractors — Safety of partially auto
  • draft-sovereign-satp (score 2.5) — Sovereign Autonomous Trust Protocol (SATP) v1.0
  • draft-kim-nmrg-2nmai5g (score 2.1) — Native Network Management using Artificial Intelligence over an Adaptive B5G Net
  • draft-sovereign-svtp (score 3.2) — Sovereign Verification & Trust Protocol (SVTP) v1.0
  • iso-17757-2017 (score 2.6) — ISO 17757:2017: Earth-moving machinery and mining — Autonomous and semi-autonomo
  • draft-sharif-openid-agent-identity (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents

Top-rated in Policy/governance (259 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks

Partially Addressing Ideas

65 extracted ideas touch on this gap:

Idea Draft Type
AI Agent Architecture for Network Digital Twin draft-zhao-nmrg-ai-agent-for-ndt architecture
AgentCard Identity Format draft-aevum-agentcard protocol
Tiered Risk-Based Governance for Autonomous AI Agents draft-aylward-aiga-1 architecture
Tiered Risk-Based Governance for Autonomous AI Agents draft-aylward-aiga-2 architecture
Distributed AI Accountability Protocol draft-aylward-daap-v2 protocol
Dynamic Behavior-Based Authentication and Authorization Requirements draft-chen-ai-agent-auth-new-requirements requirement
Agent-based OAuth Token Revocation draft-chen-oauth-agent-revocation extension
Dynamic Task Coordination Requirements for AI Agents draft-cui-ai-agent-task requirement

...and 57 more


13. Inter-Standards-Body Protocol Mapping

Severity HIGH
Category Data formats/interop
Drafts in category 202

Critical gaps exist in mapping between protocols from different standards bodies (IETF networking, ISO safety, ITU-T AI frameworks), preventing cohesive implementation of agent systems that must comply with multiple standards.

Evidence: Each standards body develops protocols in isolation with minimal cross-referencing or compatibility requirements

Keyword matches (drafts mentioning gap topic):

Top-rated in Data formats/interop (202 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks
  • iso-iec-22989-2022 (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel
  • draft-williams-netmod-lm-hierarchy-topology (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L

Partially Addressing Ideas

6 extracted ideas touch on this gap:

Idea Draft Type
Model Context Protocol over MOQT draft-jennings-ai-mcp-over-moq protocol
Model Context Protocol over MOQT draft-jennings-mcp-over-moqt protocol
Model Context Protocol over MOQT draft-mcp-over-moqt protocol
MOQT Binding for A2A and MCP Protocols draft-nandakumar-ai-agent-moq-transport extension
LISP for AI Agent Networking draft-wang-lisp-ai-agent extension
ALTO-based Service Flow to Network Resource Mapping draft-xsaopig-nmop-service-flow-modal-mapping architecture

14. Agent Behavior Drift Detection

Severity MEDIUM
Category AI safety/alignment
Drafts in category 152

No technical standard exists for detecting when AI agents' behavior drifts from their original training or intended function over time. Current standards address initial validation but not ongoing behavioral monitoring.

Evidence: AI agents deployed in production environments change behavior over time, but no standardized drift detection mechanisms exist

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

13 extracted ideas touch on this gap:

Idea Draft Type
Agent Event Behaviour Analysis Framework draft-sharif-aeba protocol
AI Network Security Agent draft-yuan-rtgwg-security-agent-usecase architecture
Distributed AI Accountability Protocol draft-aylward-daap-v2 protocol
Post-Discovery Authorization Handshake draft-barney-caam protocol
Evidence-based Autonomy Maturity Model draft-berlinai-vera mechanism
Intent-Based Just-in-Time Authorization draft-chen-agent-decoupled-authorization-model architecture
Dynamic Behavior-Based Authentication and Authorization Requirements draft-chen-ai-agent-auth-new-requirements requirement
Proof-of-Behavior Protocol draft-dembowski-agentledger-proof-of-behavior protocol

...and 5 more


15. AI Agent Training Data Provenance Verification

Severity MEDIUM
Category Data formats/interop
Drafts in category 202

No standard exists for AI agents to verify and communicate the provenance of their training data to other agents or humans during interactions. This creates trust and compliance issues in regulated industries.

Evidence: Regulated industries require training data provenance for AI decisions, but agents lack standardized mechanisms to communicate this information

Keyword matches (drafts mentioning gap topic):

Top-rated in Data formats/interop (202 drafts):

  • draft-kroehl-agentic-trust-aae (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono
  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • itu-t-y-3172 (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks
  • iso-iec-22989-2022 (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel
  • draft-williams-netmod-lm-hierarchy-topology (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L

Partially Addressing Ideas

79 extracted ideas touch on this gap:

Idea Draft Type
EAT Profile for AI Agent Attestation draft-messous-eat-ai extension
Verifiable Agent Conversation Format draft-birkholz-verifiable-agent-conversations protocol
Warrant Certificate Authority (WCA) draft-bondar-wca architecture
Agentic Reasoning Protocol v1 draft-deforth-arp protocol
Blockchain-Anchored Integrity for AI Provenance draft-reilly-sentinel-protocol mechanism
PAIT Token-Level Inference Provenance draft-vasylenko-pait-protocol protocol
AgentCard Identity Format draft-aevum-agentcard protocol
AI Traffic Characterization Framework draft-aft-ai-traffic requirement

...and 71 more


16. AI Agent Resource Consumption Accounting

Severity MEDIUM
Category Model serving/inference
Drafts in category 54

No standardized methodology exists for measuring and accounting for computational resources consumed by autonomous agents across different infrastructure providers. This creates billing and resource management challenges.

Evidence: ISO electronic fee collection standards exist for simple systems, but no equivalent for complex AI agent resource usage across cloud providers

Keyword matches (drafts mentioning gap topic):

Top-rated in Model serving/inference (54 drafts):

Partially Addressing Ideas

17 extracted ideas touch on this gap:

Idea Draft Type
SCIM 2.0 Extension for Agents and Agentic Applications draft-abbey-scim-agent-extension extension
AgentCard Identity Format draft-aevum-agentcard protocol
AI Discovery Endpoint draft-aiendpoint-ai-discovery mechanism
Semantic Context Compression for Agent Communication draft-benzing-accp protocol
Context Distribution Optimization Framework draft-chang-agent-context-interaction mechanism
Agentic Reasoning Protocol v1 draft-deforth-arp protocol
Fluid Agentic DeFi Protocol (FADP) draft-fluid-fadp protocol
Events Query Protocol draft-gupta-httpapi-events-query protocol

...and 9 more


17. Multi-Modal AI Agent Communication Standards

Severity MEDIUM
Category A2A protocols
Drafts in category 157

Current protocols focus on text-based agent communication but lack standards for agents that communicate through multiple modalities (text, voice, images, sensor data) simultaneously in coordinated interactions.

Evidence: IETF A2A protocols are primarily text-based, while real-world agents increasingly use multi-modal interfaces

Keyword matches (drafts mentioning gap topic):

Top-rated in A2A protocols (157 drafts):

  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-williams-netmod-lm-hierarchy-topology (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L
  • draft-song-anp-ans (4.6) — Defines Agent Name System mapping agent:// URIs to network peer identifiers in the ANP suite. Provid
  • draft-song-anp-aitp (4.6) — Message-framed invocation transport protocol above AIP for AI agents. Provides method-aware framing
  • draft-song-anp-aip (4.6) — Provides best-effort datagram delivery between AI agents identified by agent:// URIs. Serves as narr

Partially Addressing Ideas

55 extracted ideas touch on this gap:

Idea Draft Type
AgentCard Identity Format draft-aevum-agentcard protocol
Intelligent Agent Communication Gateway Architecture draft-agent-gw architecture
AI-Native Network Protocol (AINP) draft-ainp-protocol protocol
Agent-to-Agent Communication in Transportation Networks draft-an-nmrg-i2icf-cits pattern
Semantic Context Compression for Agent Communication draft-benzing-accp protocol
Agentic Data Optimization Layer (ADOL) draft-chang-agent-token-efficient protocol
Agent Envelope Exchange (AEE) JSON envelope format draft-cowles-aee protocol
Agentic Reasoning Protocol v2 draft-deforth-arp-reasoning-protocol protocol

...and 47 more


18. AI Agent Behavioral Audit Trail Standards

Severity MEDIUM
Category AI safety/alignment
Drafts in category 152

While logging exists, there's no standardized format for comprehensive behavioral audit trails that can track decision-making processes across different AI agent architectures and be used for post-incident analysis.

Evidence: ETSI has AI security testing but lacks standardized audit trail formats for behavioral analysis

Keyword matches (drafts mentioning gap topic):

Top-rated in AI safety/alignment (152 drafts):

  • draft-cowles-volt (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra
  • draft-aylward-daap-v2 (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and
  • draft-sato-soos-hem (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove
  • draft-guy-bary-stamp-protocol (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou
  • draft-drake-email-tpm-attestation (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb

Partially Addressing Ideas

25 extracted ideas touch on this gap:

Idea Draft Type
Proof-of-Behavior Protocol draft-dembowski-agentledger-proof-of-behavior protocol
SCITT AI Agent Profile draft-emirdag-scitt-ai-agent-execution extension
Compliance-oriented agent memory model draft-gaikwad-aps-profile pattern
Delegated Agent Authorization Protocol draft-mishra-oauth-agent-grants protocol
Vorim Agent Identity Protocol (VAIP) draft-nyantakyi-vaip-agent-identity protocol
Agent Audit Trail Standard draft-sharif-agent-audit-trail protocol
Distributed AI Accountability Protocol draft-aylward-daap-v2 protocol
Cryptographically Verifiable DAG for Agent Transactions draft-bates-atp protocol

...and 17 more


Cross-Cutting Analysis

Gaps by Category

Category Drafts Gaps Gap Topics
a2a protocols 157 1 Multi-Modal AI Agent Communication Standards
agent discovery/reg 84 1 Real-time Agent Capability Negotiation
agent identity/auth 202 1 Multi-Modal Agent Authentication
ai safety/alignment 152 6 Real-time AI Agent Liability Attribution; AI Agent Emergency Shutdown Coordination; Cross-Domain AI Model Poisoning Detection; Federated AI Agent Training Security; Agent Behavior Drift Detection; AI Agent Behavioral Audit Trail Standards
autonomous netops 91 1 AI Agent Resource Exhaustion Prevention
data formats/interop 202 3 Cross-Domain AI Model Provenance Tracking; Inter-Standards-Body Protocol Mapping; AI Agent Training Data Provenance Verification
human-agent interaction 70 1 Human Override Verification Protocols
model serving/inference 54 1 AI Agent Resource Consumption Accounting
policy/governance 259 3 Cross-SDO AI Agent Certification; Cross-Organization AI Agent Liability Framework; Autonomous Agent Legal Standing Recognition

Recommendations

Based on the gap analysis, the highest-impact areas for new standardization work:

  1. Runtime behavior verification — The most critical safety gap. Agents declare policies but nothing validates compliance at runtime.
  2. Error recovery and rollback — Autonomous operations need standardized failure handling before real deployment at scale.
  3. Protocol interoperability layer — 92 competing A2A protocols need a translation/negotiation framework to avoid fragmentation.
  4. Dynamic trust systems — Static certificates cannot scale to long-running agent ecosystems. Trust must be earned and revocable.
  5. Human emergency override — The 7:1 ratio of autonomous capability to human oversight drafts is concerning for production deployments.