Agent Name Service: A DNS-Inspired Trust Layer for Secure AI Agent Discovery in Kubernetes
A proof-of-concept implementation for the Agent Name Service (ANS) proposes a DNS-inspired trust layer to address secure discovery, identity verification, capability attestation, and policy governance in autonomous AI agent ecosystems. The system integrates Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), policy-as-code enforcement via Open Policy Agent (OPA), and Kubernetes-native patterns such as Custom Resource Definitions (CRDs), admission controls, and service mesh integration. In a demo research environment with a 3-node cluster and a 50-agent workflow simulation, the implementation demonstrated sub-10ms response times. The work is grounded in the ANS protocol specification and presented as an implementation-oriented proof of concept.
Key facts
- ANS is a DNS-inspired trust layer for AI agent discovery and interoperability in Kubernetes.
- The implementation uses DIDs, VCs, OPA, and Kubernetes-native integration patterns.
- Demo environment: 3-node cluster, 50-agent workflow simulation.
- Observed sub-10ms response times in the demo.
- Addresses four gaps: uniform agent discovery, cryptographic authentication, capability proofs, and enforceable policy controls.
- Grounded in the ANS protocol specification by Huang et al. (2025).
- arXiv paper: 2604.26997, announced as cross type.
Entities
Institutions
- arXiv