The stack is consolidating — except for discovery
The agentic AI stack crystallized in 2025 with surprising speed:
| Layer | Winner | Scale | Status |
|---|---|---|---|
| Tool connectivity | MCP | 97M+ monthly SDK downloads | Industry standard |
| Agent communication | A2A | 150+ organizations | Consolidating |
| Coding agent context | AGENTS.md | 60,000+ repos | Adopted |
| Infrastructure | AGNTCY | 75+ companies | Growing |
| Discovery | ??? | Fragmented | Open |
Every layer has a clear leader or clear consolidation path — except discovery. That's the $50 billion question.
The marketplace fragmentation problem
Right now there are 10+ major agent marketplaces, each a walled garden:
- MCP Registry (
registry.modelcontextprotocol.io) — MCP servers only, frozen at v0.1 - OpenAI GPT Store — 3M+ custom GPTs, OpenAI-locked
- Google Agentspace — folded into Gemini Enterprise, proprietary
- Salesforce AgentExchange — Salesforce ecosystem only
- Fetch.ai Almanac — requires blockchain transactions
- AGNTCY Agent Directory — P2P DHT, infrastructure-focused
- HuggingFace Agents — model-centric, not protocol-aware
An agent listed on the GPT Store is invisible to Salesforce AgentExchange users. An MCP server has no way to discover A2A agents. Every new marketplace multiplies the connectors needed — complexity rises quadratically.
The players
Tier 1: Institutional Backing
AGNTCY (Cisco / Linux Foundation) is the primary threat. 75+ companies including Cisco, Dell, Google Cloud, Oracle, and Red Hat. Full stack: OASF (agent schemas), Agent Directory (P2P DHT via libp2p), Identity service (cryptographic verification). Production code exists. The weakness: P2P DHT requires dedicated node software, and the architecture is Cisco-centric.
AAIF (OpenAI + Anthropic + Block / Linux Foundation) controls MCP, AGENTS.md, and Goose. Supporting members: Google, Microsoft, AWS, Bloomberg, Cloudflare. They haven't addressed discovery yet, but scope expansion is expected in 2026 H2. If AAIF builds discovery natively, it becomes the default through infrastructure embedding alone.
Tier 2: Standards Track
ANS (OWASP GenAI Security Project) takes a DNS-inspired approach with PKI identity, protocol adapters, and zero-knowledge proofs. IETF draft submitted (draft-narajala-ans). Conceptual only — no production deployment.
IETF agent:// (draft-narvaneni, versions -00 through -02) defines a five-layer URI scheme. Ted Hardie recommended "significant refactoring" at IETF 123. Non-WG-forming BoF only.
BANDAID (draft-mozleywilliams-dnsop-bandaid-00) proposes SVCB records with DNSSEC + DANE. Standards Track, modern DNS foundation.
Tier 3: Format Competitors
JSON Agents / PAM (jsonagents.org) — ajson:// scheme with JSON Schema 2020-12, seven capability types, framework mappings. Closest existing format to what DUADP's .ajson targets.
Oracle Open Agent Specification — "ONNX for agents." Integrating with AGNTCY's OASF. Oracle + AGNTCY combined is a credible threat.
DIF Trusted AI Agents WG (launched September 2025) — delegation chains, authorization boundaries using DIDs and VCs. Specification-drafting phase.
OpenID Foundation OIDC-A — October 2025 whitepaper warns OAuth 2.0 "reveal significant cracks when agents begin operating with greater autonomy."
What DUADP brings that nobody else has
Every competitor addresses a piece. None addresses the full stack:
| Capability | AGNTCY | ANS | Oracle | AAIF | DUADP + OSSA |
|---|---|---|---|---|---|
| Discovery | P2P DHT | DNS hierarchy | No | MCP Registry only | Federated gossip |
| Identity | Crypto verification | PKI + ZKP | No | No | GAID + W3C DID |
| Authorization | No | No | No | No | Cedar policies |
| Trust tiers | No | No | No | No | 5-level model |
| Compliance mapping | No | No | No | No | SP 800-53 |
| Token efficiency | No | No | No | No | Manifest-driven |
| Multi-protocol | No | Protocol adapters | OASF bridge | MCP only | A2A + MCP + OSSA |
| Zero-infrastructure nodes | No | Conceptual | No | No | Static JSON file |
The OSSA contract layer is unique. Nobody else combines governance, compliance, trust, and token efficiency in a single schema.
Our bet: federated beats both centralized and P2P
Email won with federation. Mastodon/ActivityPub proved it works for social. DNS itself is federated.
P2P sounds ideologically pure but creates operational barriers (dedicated software, peer table maintenance, bootstrap problems). Centralized registries are easy but create vendor lock-in and single points of failure.
Federation lets any web server participate with a JSON file while still enabling sophisticated discovery through gossip propagation. The "any system can be a node" principle means the barrier to entry is zero — and that's how you get network effects.
Whoever controls discovery influences an agent's attack surface. — Infoblox DNS-AID proposal
We'd rather nobody controls it. That's why it has to be federated.
The clock is ticking
MCP went from release to industry standard in 13 months. The discovery layer will consolidate on a similar timeline. NIST CAISI is actively soliciting the kind of specification DUADP represents. The AAIF will expand scope. AGNTCY is growing.
12-18 months. That's the window.
Read the full technical analysis: DUADP and the Race to Become DNS for AI Agents. See the DUADP specification and NIST alignment.