Christian Nennemann
e7527ad68e
Critical fixes:
- Fix rating clamp range 1-10 → 1-5 (actual scale)
- Add `ietf ideas convergence` command (SequenceMatcher at 0.75 threshold)
- Fix "628 cross-org ideas" → 130 (verified from current DB) across 8 files
Security fixes:
- Sanitize FTS5 query input (strip special chars + boolean operators)
- Add rate limiting (10 req/min/IP) on Claude-calling endpoints
- Change <path:name> → <string:name> on draft routes
Codebase fixes:
- Add Database context manager (__enter__/__exit__)
- Wire false_positive filtering into queries (exclude by default in web UI)
- Fix Post 3 arithmetic ("~300" → "~409" distinct proposals)
Content & licensing:
- Add MIT LICENSE file
- Add IPR/FRAND notes (BCP 79, RFC 8179) to Posts 03 and 07
- Qualify "4:1 safety ratio" with monthly variation in 6 remaining files
- Add "Data as of March 2026" freeze-date headers to all 10 blog posts
- Hedge causal language in Post 04
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
130 lines
13 KiB
Markdown
130 lines
13 KiB
Markdown
# State of the IETF AI Agent Ecosystem: Where We Are and Where We're Going
|
|
|
|
*A vision document synthesizing 434 drafts, 557 authors, 130 cross-org convergent ideas, and 11 gaps into a picture of the AI agent standards landscape in 2026 and its trajectory through 2028.*
|
|
|
|
*Analysis based on IETF Datatracker data collected through March 2026. Counts and statistics reflect this snapshot.*
|
|
|
|
---
|
|
|
|
## I. The Current State: A Landscape in Formation
|
|
|
|
The IETF's AI agent standardization landscape in March 2026 resembles a city under construction: cranes everywhere, foundations going in, multiple development teams building in parallel -- but no master plan, no zoning, and the safety inspectors have not been hired yet.
|
|
|
|
The numbers tell the story. In nine months, from June 2025 to February 2026, the rate of AI/agent-related Internet-Draft submissions grew rapidly. By February 2026, submissions reached 85 per month, up from single digits in mid-2025. The corpus now contains **434 drafts** from **557 authors** representing **230 organizations**. Our cross-organization analysis found **130 technical ideas** independently proposed by multiple organizations -- genuine consensus signals amid the noise -- and identified **11 standardization gaps**, three of them critical.
|
|
|
|
This is not incremental growth. This is a phase transition, comparable to the IoT draft surge of 2014-2016 or the early web standards push of the mid-1990s. The IETF is being asked to standardize the infrastructure for a new class of internet participant: the autonomous software agent.
|
|
|
|
But the landscape that has emerged is not converging. It is fragmenting.
|
|
|
|
### The Structural Problems
|
|
|
|
**Fragmentation without coordination.** The 434 drafts cluster into at least 42 topically overlapping groups. The most crowded area -- OAuth extensions for AI agents -- has 14 competing drafts, each proposing a different approach to the same problem: how does an autonomous agent authenticate and obtain authorization? In the agent-to-agent communication space, 155 drafts propose protocols with no interoperability layer between them. We found 25 near-duplicate pairs where teams independently wrote essentially the same specification.
|
|
|
|
**Concentration without diversity.** One organization -- Huawei -- accounts for 53 authors and 69 drafts, ~16% of the entire corpus. A single 13-person team within Huawei co-authors 22 drafts at 94% internal cohesion. The broader Chinese institutional ecosystem (Huawei, China Mobile, China Telecom, China Unicom, Tsinghua University, ZTE, BUPT, CAICT, Zhongguancun Lab) collectively fields over 160 authors. Meanwhile, Google, Microsoft, and Apple are largely absent from AI agent protocol work. The standards that will govern how AI agents identify, authenticate, and communicate on the internet are being written by a remarkably narrow group.
|
|
|
|
**Capability without safety.** For every draft addressing AI safety, alignment, or human oversight, approximately four drafts build new agent capabilities. Only 47 of 434 drafts touch safety. Only 34 address human-agent interaction, compared to 155 A2A protocols and 114 autonomous network operations drafts. The two critical gaps we identified -- behavioral verification and failure cascade prevention -- concern what happens when agents fail or misbehave. These gaps have received minimal attention.
|
|
|
|
---
|
|
|
|
## II. The Missing Architecture
|
|
|
|
The deepest problem is not fragmentation or concentration. It is the absence of connective tissue.
|
|
|
|
The 434 drafts contain the pieces of an agent ecosystem. What they lack is a shared model of how those pieces fit together. Consider what a deployed multi-agent system actually needs:
|
|
|
|
1. **An execution model**: How are agent tasks organized, sequenced, and tracked? What is the unit of work? How do dependencies between tasks get expressed? Today: no standard. Every draft assumes its own task model.
|
|
|
|
2. **Human oversight primitives**: When does a human need to approve, intervene, or override an agent's decision? How does the override propagate? How is the decision recorded for audit? Today: 34 drafts touch this, none define standard primitives.
|
|
|
|
3. **Error recovery and rollback**: When an autonomous agent makes a bad decision, how do you undo it? When a cascade of failures ripples through an agent network, how do you contain the blast radius? Today: one draft (draft-yue-anima-agent-recovery-networks) partially addresses this. The rest of the 433 ignore it.
|
|
|
|
4. **Protocol interoperability**: With 155 competing A2A protocols, how does an agent speaking Protocol A communicate with an agent speaking Protocol B? Today: zero ideas in the entire corpus for cross-protocol translation. This gap is entirely unaddressed.
|
|
|
|
5. **Assurance profiles**: How does the same agent ecosystem work in a fast development environment (acceptable risk, minimal overhead) AND a regulated production environment (proofs, attestations, compliance)? Today: the discussion is split between safety-oriented drafts and capability-oriented drafts with no bridge between them.
|
|
|
|
These five needs map precisely to the five most critical and high-severity gaps in our analysis. They are not exotic requirements; they are the basic infrastructure that any production agent deployment will need. The fact that 434 drafts have been written without addressing them is the landscape's defining weakness.
|
|
|
|
---
|
|
|
|
## III. What 2027 Will Look Like: Three Scenarios
|
|
|
|
Based on current trajectories, three scenarios emerge for the IETF AI agent ecosystem over the next 18-24 months.
|
|
|
|
### Scenario A: Fragmentation Wins (most likely without intervention)
|
|
|
|
The current trajectory continues. Draft volume doubles again. The OAuth-for-agents cluster grows from 14 to 25+ proposals. No interoperability layer emerges. Working groups adopt a handful of individual drafts but not a cohesive architecture. Safety work remains a sideshow.
|
|
|
|
**Result**: Implementers face a multi-protocol landscape with no clear choices. Large platforms (those with the engineering resources to build their own stacks) proceed anyway, creating de facto standards through market power rather than consensus. The IETF's role diminishes to retroactively documenting what platforms already deployed.
|
|
|
|
**Probability without intervention**: High. This is the default path.
|
|
|
|
### Scenario B: Consolidation Through Working Groups
|
|
|
|
The IETF establishes one or more focused working groups specifically for AI agent architecture (not just individual protocols). These WGs force consolidation: the 14 OAuth proposals get down to 2-3. The 155 A2A protocols get mapped against a common requirements document. Gap-filling work gets explicitly chartered.
|
|
|
|
**Result**: A more coherent landscape emerges by mid-2027. Not a single standard, but a small number of complementary standards with defined interfaces between them. Safety work gets a mandate.
|
|
|
|
**Conditions required**: A champion organization (or coalition) willing to do the coordination work. A BoF or side meeting at an upcoming IETF meeting that gains enough momentum to charter a WG. Active participation from implementers (cloud providers, agent framework builders) who can provide deployment reality checks.
|
|
|
|
**Probability**: Moderate. The raw material exists -- 130 cross-org convergent ideas show that organizations already agree on the building blocks. What is needed is organizational will to connect them.
|
|
|
|
### Scenario C: Architecture-First Design
|
|
|
|
Someone -- a coalition of authors, a proposed WG, or an influential design team -- produces a holistic agent ecosystem architecture document. This document defines the execution model (DAG-based), the oversight primitives (HITL as first-class), the interoperability layer (protocol-agnostic bindings), and the assurance framework (dual regime from relaxed to regulated). Individual drafts then map themselves to roles within this architecture.
|
|
|
|
**Result**: The fastest path to a deployable agent infrastructure. The architecture does not replace existing drafts; it organizes them. The 5-draft ecosystem proposal (AEM/ATD/HITL/AEPB/APAE) outlined in our analysis represents one possible realization of this approach.
|
|
|
|
**Conditions required**: The architecture must build on work that already has momentum (WIMSE, ECT, SPIFFE). It must be protocol-agnostic -- prescribing the execution model and semantics, not the wire format. It must address the dual-regime problem (same model works in K8s and in regulated deployments).
|
|
|
|
**Probability**: Lower, but this is the scenario that produces the best outcome.
|
|
|
|
---
|
|
|
|
## IV. What Builders Should Do Today
|
|
|
|
For anyone building agent systems, deploying multi-agent workflows, or participating in IETF standards, the data suggests five concrete actions:
|
|
|
|
### 1. Watch the execution model space
|
|
|
|
The most critical missing piece is a shared execution model for agent tasks. Execution Context Tokens (ECT, draft-nennemann-wimse-ect) are the most promising candidate -- they define a JWT-based DAG for tracking task execution, building on WIMSE. If ECT gains WG adoption, it becomes the substrate on which orchestration, recovery, and audit are built. Monitor this draft.
|
|
|
|
### 2. Build human oversight in now, not later
|
|
|
|
The 34-vs-155 human-agent-to-A2A ratio is not just a standards problem; it is an engineering problem. Systems being designed today without human override primitives will need to be retrofitted. The CHEQ protocol (draft-rosenberg-aiproto-cheq) and the LLM-assisted network management framework (draft-cui-nmrg-llm-nm) both propose HITL models. Pick one and build to it, or design your own -- but do not ship agent systems without override capability.
|
|
|
|
### 3. Assume protocol diversity, design for translation
|
|
|
|
The 155-protocol landscape is not going to consolidate to one protocol. Design agent systems with protocol abstraction layers. Assume that agents in your ecosystem will eventually need to communicate with agents speaking different protocols. The gateway pattern (draft-agent-gw, draft-li-dmsc-macp) is emerging as the pragmatic solution.
|
|
|
|
### 4. Invest in error recovery
|
|
|
|
The near-total absence of error recovery standards means you are on your own. Draft-yue-anima-agent-recovery-networks offers a task-oriented recovery framework; the ECT DAG model provides rollback semantics. Implement checkpointing and rollback in your agent workflows now. When the standards catch up, you will be ahead.
|
|
|
|
### 5. Participate in the standards process
|
|
|
|
The landscape's concentration problem is only solved by broader participation. If your organization deploys AI agents, you have a stake in how these standards develop. The most impactful contribution right now is gap-filling: behavior verification, resource management, error recovery, and cross-protocol translation. These are areas where new drafts would face minimal competition and maximal impact.
|
|
|
|
---
|
|
|
|
## V. The 2028 Endgame
|
|
|
|
Two years from now, the IETF AI agent landscape will have resolved into one of two equilibria.
|
|
|
|
In the first equilibrium, the landscape looks like today's microservices ecosystem: a chaotic but functional collection of protocols, libraries, and frameworks, held together by platform-specific integrations and de facto standards from the largest cloud providers. The IETF's work exists but is incomplete, and the real interoperability happens at higher layers (agent frameworks like LangChain, Semantic Kernel, or their successors). Safety is bolted on after deployment.
|
|
|
|
In the second equilibrium, the landscape looks more like the web: a layered architecture where identity (like TLS), communication (like HTTP), and semantics (like HTML) are cleanly separated, with standardized interfaces between them. Agents identify via WIMSE, execute via ECT-based DAGs, communicate via protocol-agnostic bindings, and operate under assurance profiles that scale from development to regulated production. Safety is built in, not bolted on.
|
|
|
|
The data we have analyzed -- 434 drafts, 130 cross-org convergent ideas, 11 gaps, 18 team blocs -- contains the building blocks for the second equilibrium. The question is whether the IETF community organizes itself to assemble them before market reality imposes the first.
|
|
|
|
The history of internet standards suggests that both happen: a messy market reality emerges first, followed by standards that rationalize and improve it. The web started with browser wars and incompatible HTML, then converged on HTML5. Mobile started with a zoo of protocols, then converged on LTE/5G. The AI agent ecosystem may follow the same path.
|
|
|
|
But the gap between "messy first deployment" and "rationalized standards" matters enormously for safety. When the thing being standardized is autonomous software that makes decisions, executes actions, and interacts with humans and infrastructure, getting the safety architecture wrong during the messy phase has consequences that are harder to fix retroactively.
|
|
|
|
The ~4:1 aggregate ratio (averaging ~4:1 but varying from 1.5:1 to 21:1 month-to-month) is the number to watch. If it narrows -- if safety and oversight work accelerates to match capability work -- the second equilibrium becomes achievable. If it stays at ~4:1 or widens, the first equilibrium is where we land, and the safety work becomes remediation rather than prevention.
|
|
|
|
The drafts are being written. The race is on. The outcome depends on whether coordination catches up to creativity.
|
|
|
|
---
|
|
|
|
*Analysis based on 434 IETF Internet-Drafts, 557 authors, 130 cross-org convergent ideas, and 11 identified gaps, current as of March 2026. Written by the Architect agent as input for the blog series and as a standalone reference document.*
|