TheVortiq
Inteligencia Artificial

Vint Cerf Proposes a Standard to Identify AI Agents on the Internet

The co-creator of TCP/IP seeks to regulate the interaction of autonomous bots on the web

July 18, 2026 · 5 min read

the letter a is placed on top of a circuit board

TL;DR: Vint Cerf is developing a standard to identify AI agents on the internet, similar to robots.txt but more dynamic. It aims to regulate autonomous bot behavior and improve web security.

What Happened?

Vint Cerf, recognized as one of the fathers of the internet for his work on TCP/IP protocols, is developing a standard to identify artificial intelligence agents when they interact on the open web. According to TechCrunch, the project seeks to create a mechanism that allows websites to distinguish between human users and automated agents, thus facilitating the regulation of their access and behavior. Cerf, who is currently vice president and chief internet evangelist at Google, has been working on this initiative since early 2025, according to sources close to the project.

The proposed standard, tentatively named "AI Agent Identification Protocol" (AAIP), is based on the idea that each AI agent should carry a verifiable digital credential specifying its identity, purpose, and behavior policies. This would allow websites to apply specific rules, such as rate limits, access restrictions to certain content, or even charges for intensive use. Unlike robots.txt, which is a static file that bots must voluntarily consult, AAIP would be a dynamic protocol allowing real-time negotiation of interaction conditions.

Why Is It Important?

With the proliferation of AI agents performing tasks such as web scraping, automated shopping, or social media interaction, websites face challenges in security, server load, and access control. An identification standard would allow administrators to set specific policies for these agents, such as limiting request frequency or blocking malicious activities. Additionally, it could lay the groundwork for an ecosystem where AI agents are digital citizens with clear rights and responsibilities.

The historical context is relevant: in 1994, the robots.txt file was created by Martijn Koster as a simple solution for webmasters to indicate to crawlers which parts of a site should not be indexed. However, robots.txt has limitations: it is a static, unauthenticated file, and relies on the goodwill of bots to comply. With the rise of generative AI, companies like OpenAI, Google, and Anthropic have trained their models on data scraped from the web, often without respecting robots.txt restrictions. This has created tensions between content creators and AI companies, leading to lawsuits and debates about fair use of data.

Cerf's standard addresses these limitations by providing an authentication and negotiation mechanism. For example, a website could require an AI agent to identify itself and accept specific terms before accessing its data. This not only protects publishers' rights but could also reduce server load by preventing unauthorized mass requests. According to Cloudflare data, automated bot traffic accounts for approximately 40% of all web traffic, and a significant portion of this is malicious or unwanted.

Consequences and Perspectives

Cerf's initiative could have an impact similar to that of the robots.txt file, but adapted to the AI era. If widely adopted, websites could dynamically negotiate with agents, while AI developers would have to comply with each site's rules. However, doubts remain about technical implementation and voluntary adoption. Speculatively, this standard could be integrated into future versions of HTTP or become an IETF standard.

A historical precedent is the Robots Exclusion Protocol (REP), which evolved from robots.txt to include directives like noindex and nofollow. However, REP remains a non-binding standard. AAIP, on the other hand, could include cryptographic verification mechanisms, such as digital certificates or signed tokens, making impersonation more difficult. This would be similar to how SSL/TLS certificates authenticate websites. However, implementation would require changes in web server software and AI agents, which could take years.

From a market perspective, companies developing AI agents, such as OpenAI, Microsoft, and Google, could benefit from a standard that clarifies the rules of the game, reducing legal risk. On the other hand, small publishers and websites might feel more protected but could also face implementation costs. According to TechCrunch, Cerf has already discussed the project with industry leaders and IETF members, and an initial draft is expected in the coming months.

It is important to note that the project is still in its early stages and no detailed technical specifications have been published. What is known comes from anonymous sources close to Cerf, so some details could change. Additionally, voluntary adoption is a challenge: without a regulatory body enforcing compliance, malicious agents could simply ignore the standard. However, Cerf has suggested that websites could block agents that do not identify themselves, creating an incentive for adoption.

What Readers Should Know

Internet users could benefit from a more secure and less congested web, while companies developing AI agents will need to prepare to comply with new identification rules. The project is still in its early stages, but given Cerf's influence, it is likely to gain traction in the technical community.

For web developers, this could mean needing to update their servers to support the new protocol. For content creators, it would be a tool to control how their data is used by AI. And for end users, a web with fewer malicious bots could translate into faster load times and lower fraud risk.

In summary, Vint Cerf's proposal represents an important step toward regulating the interaction between AI and the open web. While many questions remain about its implementation and adoption, the fact that such an influential figure is driving the project increases the likelihood of it becoming a widely accepted standard. As always in technology, the key will be balancing innovation with protecting the rights of all stakeholders involved.

Keep reading