A new open standard called ARD (Agentic Resource Discovery) is backed by Google, Microsoft, and ten other infrastructure heavyweights. The absence of OpenAI and Anthropic is a structural signal about who writes the rules of the agentic internet.
An AI agent trying to file a support ticket, pull a record from a database, or hand off work to another model faces a basic problem: it has no reliable way to find the right tool, and no reliable way to know whether what it finds is legitimate. That is the discovery gap a new open specification called ARD (Agentic Resource Discovery) is trying to close.
Backed by Google and Microsoft alongside a roster of infrastructure heavyweights that includes GoDaddy, Hugging Face, NVIDIA, Salesforce, ServiceNow, Databricks, Snowflake, GitHub, and Cisco, ARD is positioned as the plumbing layer for publishing, discovering, and verifying AI capabilities across the web. In practice, that means an agent could publish a description of what it can do, and other agents could find and invoke it through a shared, verifiable directory rather than through bespoke integrations written one vendor at a time. The framing in early coverage of the launch is "search engine for agents," but that is a useful metaphor rather than a literal description. ARD is a discovery protocol, not a ranked retrieval product. It is closer to a phone book for callable resources than to Google Search.
The interesting story is not the cooperation. It is the cast.
OpenAI and Anthropic are not on the founding partner list. That absence reads as a structural choice rather than scheduling bad luck. The agentic web is fragmenting along the same fault lines that defined the cloud, the browser, and the mobile stack: whoever controls the discovery layer tends to control who gets reached, by whom, and on what terms. Once a standard becomes load-bearing, late-arriving alternatives rarely displace it. By staying out of this coalition, OpenAI and Anthropic leave the door open to build a competing spec, to join later, or to argue that the agentic web should not route through a directory written largely by infrastructure incumbents. None of those paths are gossip. All of them tell us something about how this layer is being carved up.
ARD also sits next to an earlier effort that the reader may have seen in passing. The Model Context Protocol, or MCP, is a way for a single model to connect to a single tool at a time, usually inside one vendor's stack. ARD is aimed at a different problem: agents finding other agents and tools across organizational and vendor boundaries, at web scale, with some notion of verification. Treating ARD as "just another agent standard" misses the point. The contested layer is the directory, not the connector.
The middle of this story has to hold the critique, not sand it down. A shared discovery layer is also a shared attack surface. If agents are going to look up tools and other agents by consulting a common registry, then a poisoned or spoofed entry in that registry can redirect an agent to a malicious tool, a prompt-injection pivot, or a counterfeit capability that looks legitimate long enough to do damage. The supply-chain risk here is real and structural, not hypothetical: the same mechanism that lets a small team's agent plug into the same plumbing as a Fortune 500 agent also lets a bad entry reach a lot of agents at once. Whether ARD's verification model is strong enough to blunt that risk is the technical question security researchers will be reading the spec to answer, and it is the question a healthy writeup should leave open.
Concentration risk travels with the same road. A standard authored heavily by cloud, data, and infrastructure incumbents can entrench their position in the agentic stack. Builders and buyers can still influence the spec, since it is open, and the door is not closed. But the design choices that get made first tend to be the ones that get lived with longest. The names on the founding list are a signal about which assumptions about identity, verification, and routing are likely to ship in version one.
What to watch next is concrete. Does ARD land at an independent foundation, a Linux Foundation sub-foundation, or a vendor-led working group, and which one shapes the answer to governance questions like how a partner is added or removed. The spec is built on the AI Catalog data model from a Linux Foundation working group and is available now at AgenticResourceDiscovery.org under an Apache 2.0 license — but the precise governance home for the spec itself remains a live question the fact-check should pin down. Do OpenAI and Anthropic publish a competing spec, fork ARD, or join late on terms that change the verification model. Does an independent technical read, from a major cloud security team or a standards body, validate the discovery-layer-as-attack-surface framing or push back on it. And does a small team outside the founding coalition manage to publish a tool through ARD and have it discovered by agents run by companies they have never met. If that last thing works, ARD is doing its job. If it does not, the agentic web is routing through a handful of gatekeepers, and the phone book is doing what phone books usually do.