07/02 2026
392

The prerequisites for large-scale Agent deployment are now largely in place.
The tech scene in mid-June was quite lively, with OpenAI launching a new model, Anthropic grappling with export controls, and intense competition over large model parameters and pricing. Yet amidst all this noise, something significant quietly happened.
Google, in collaboration with Microsoft, NVIDIA, Salesforce, Snowflake, and over a dozen other companies, released an open specification called ARD—Agentic Resource Discovery.
Many, upon reviewing the specification, likened it to the DNS of the Agent world. While that's a bit crude, it captures the essence. However, viewing it merely as a technical standard might underestimate its significance.
Over the past two years, discussions about Agents have focused on the capabilities of individual models and what a single Agent can accomplish. Starting with ARD, the conversation is shifting. The Agent industry is entering the stage of 'ecological interconnection,' a turning point that typically marks a technology's transition from infancy to large-scale adoption.
01 ARD Fills the Missing Piece in the Agent Ecosystem
To understand ARD's significance, we must first review what has been built in the Agent space over the past two years.
Initially, everyone built Agents by writing custom code to hardwire tool integrations. To check the weather, you'd integrate a weather API; to query a database, you'd write a database connector. Adding each capability required code changes, making the process cumbersome and non-scalable. This changed in late 2024 when Anthropic introduced MCP, the Model Context Protocol.
MCP provided a universal USB interface for AI, enabling tools to be plug-and-play as long as they adhered to the MCP standard. Agents could then use them without individual adaptations. The protocol spread rapidly and is now supported by nearly all mainstream Agent frameworks and models.
Having solved the 'how to invoke tools' problem, the next question arose: How do Agents collaborate? Enter the A2A protocol, which defines standard formats for task requests, status synchronization, and result returns between Agents.
Each Agent has a 'business card' outlining its capabilities. Tasks are sent, processed, and results returned, with full lifecycle tracking. A2A functions like the HTTP protocol for the Agent world, enabling cross-system dialogue between Agents from different vendors and platforms.
But a critical piece was still missing.
You had the USB interface and the communication protocol, but how did you know which tools or Agents were available online? Relying on developers to manually add them one by one wasn't feasible.
Current Agent systems require all tools and collaborators to be pre-configured, hardcoded into files or configurations. This works when there are few Agents but becomes impractical as thousands of Agents and tools scatter across domains in the future.
This is where ARD comes in.
According to the specification, any organization can host an ai-catalog.json file on its domain, describing the tools and Agents it offers, along with inputs, outputs, and ownership. Specialized registries crawl these directories and build indexes, much like search engines crawl web pages.
When an Agent needs a capability, it doesn't need prior knowledge of the provider's location. It can simply search the registry, find the resource, verify the publisher's identity, and connect directly.
The foundation of this trust system is domain ownership. Hosting a directory on a domain implies ownership, naturally verifying identity. This design cleverly leverages the internet's decades-old trust model, avoiding the need for a new identity system.
Thus, with three layers of protocols—MCP for tool connections, A2A for Agent communication, and ARD for resource discovery—the underlying logic of Agent interconnection is complete.
These correspond to USB, HTTP, and DNS in internet history. Those familiar with internet development will recognize this structure. The internet truly took off only after foundational protocols like TCP/IP, DNS, and HTTP were established.
The list of companies leading this effort is notable. Besides Google and Microsoft, cloud providers and SaaS giants like Salesforce, ServiceNow, Snowflake, and Databricks are on board, along with infrastructure players like NVIDIA and Cisco and developer ecosystems like GitHub and Hugging Face.
Virtually every major Silicon Valley tech company except OpenAI and Anthropic is involved.
Why are OpenAI and Anthropic absent? The reason is straightforward. Both are pursuing relatively closed ecosystems, developing models, Agent platforms, and tool integrations in-house, keeping capabilities within their own systems. They have little incentive to promote an open discovery protocol.
In contrast, companies like Google and Microsoft have diverse product lines, serve enterprise clients using heterogeneous systems, and stand to benefit more from open interconnection.
These are strategic decisions aligned with each company's position. However, the collective effort of over a dozen giants to promote an open standard carries significant weight. The protocol is licensed under Apache 2.0, fully open-source, and free from control by any single entity.
02 Infrastructure Convergence: Agents Are Finally Moving Beyond Demos
ARD is not an isolated event. Over the past six months, infrastructure in the Agent space has rapidly matured, with significant progress at nearly every level.
At the base level, model capabilities—reasoning, tool invocation, and long-context handling—have improved dramatically year over year. More noteworthy are the engineering advancements beyond the models themselves.
For instance, in early June, Anthropic introduced two enterprise-grade features: scheduled runs and credential vaults.
Scheduled runs allow Agents to operate automatically on a timetable, eliminating the need for external triggers. Nightly data syncs and weekly report generation no longer require separate schedulers. Credential vaults store API keys and credentials outside the model context, injecting them at the network boundary to prevent exposure even if an Agent is compromised. Both features address long-standing enterprise adoption challenges.
Security advancements are even more pronounced.
OWASP released its Top 10 security risks for Agents earlier this year, systematically addressing issues like prompt injection, excessive authorization, and third-party tool supply chain risks. Vendors have responded with sandboxing, permission isolation, and operation auditing capabilities.
Many enterprises previously hesitated to adopt Agents due to concerns about accountability for autonomous decisions. As security safeguards are gradually implemented, these concerns are easing.
Development frameworks and toolchains are also maturing. From LangChain's early dominance to the current diversity of AutoGen, CrewAI, Dify, and Coze—each with its focus on single-Agent, multi-Agent collaboration, or low-code platforms—developers now have more choices than ever. The cost of building a functional Agent has dropped significantly.
Together, these advancements mean Agents are finally capable of real-world work.
Gartner's forecasts illustrate the point: By the end of 2025, less than 5% of global enterprise applications will embed Agents; by the end of 2026, that figure will jump to 40%.
An eightfold increase in a year is rare in enterprise software history. The market is growing just as rapidly, with Grand View Research projecting a global AI Agent market worth tens of billions of dollars by 2026, growing at a nearly 50% CAGR.
However, the reality of implementation is less glamorous than the numbers suggest.
Enterprise adoption is polarized. Some leading companies have integrated Agents into production workflows for customer service, R&D, and supply chain management, achieving tangible efficiency gains. Many more have purchased large model accounts, built a few demos, and then stalled on integration with existing systems, ensuring security and compliance, and managing hundreds or thousands of Agents.
These challenges are unsurprising, given the prior lack of infrastructure. For Agents to penetrate business processes deeply, they must locate internal systems, securely invoke data, and collaborate with other Agents—tasks that require more than individual models can provide. They need a supporting ecosystem of standards and tools.
Now, that ecosystem is rapidly taking shape. ARD fills the resource discovery gap, complementing MCP and A2A, while security, scheduling, and memory modules complete the picture. The prerequisites for large-scale Agent deployment are largely in place.
This resembles the internet in the mid-1990s. TCP/IP was mature, web standards were emerging, browsers existed, and the number of websites exploded. It's not that no one was building the internet before; it's that infrastructure advancements drastically reduced access costs, enabling a quantum leap in participants.
The Agent industry is at that tipping point. Over the past two years, we've seen countless impressive demos that faltered in production. The next year or two may see many of these demos evolve into real products.
03 Post-Turning Point: Industry Competition Dynamics Will Shift
With infrastructure in place, industry dynamics will change.
Previously, the first to build a functional Agent held sway. Future competition will hinge on standards shifting from 'existence' to 'usability, security, and scalability.'
First, the ecosystem landscape will be reshaped.
Once open protocols are widespread, 'connectivity' will no longer be a barrier. If your Agent can integrate with 100 tools, so can others—standard protocols make it straightforward. The real barriers will shift in two directions:
Downward, to basic model reasoning capabilities and platform engineering; upward, to vertical industry knowledge and scenario depth.
The middle layer will be squeezed. Companies lacking model capabilities or industry expertise, relying solely on repackaging open-source frameworks into generic Agent platforms, will struggle. Greater standardization erodes the middle layer's value, much like how cloud computing disrupted middleware vendors.
Next, security and governance will shift from nice-to-have to must-have.
Previously, many dismissed Agent security as overkill—after all, it's just a chatbot. But as Agents begin executing business processes, invoking systems, manipulating data, and issuing instructions, security becomes critical.
OWASP's listed risks are not theoretical; real attacks have occurred: prompt injection altering Agent behavior, malicious tools stealing data, and even Agents attacking each other to spread malicious instructions.
Henceforth, enterprises selecting Agent products will demand robust permission controls, comprehensive audit trails, sandbox isolation, and integration with existing security systems. Products lacking these capabilities will struggle to compete.
Finally, the rivalry between open and closed ecosystems will enter a new phase.
ARD represents the open route led by Google and Microsoft, while OpenAI and Anthropic pursue a relatively closed approach. Each has strengths and weaknesses: open ecosystems foster participation, rapid development, and compatibility but struggle with consistency and experience control; closed ecosystems offer unified experiences and security but have limited resource integration.
History has seen this before. In the PC era, Windows was closed, while the internet was open; in mobile, iOS was closed, while Android was open. Neither model fully prevails; they coexist, each dominating different domains.
The Agent space will likely follow suit: closed ecosystems will appeal to scenarios demanding security and consistency, while open ecosystems will dominate those requiring broad capability integration and customization.
For developers and enterprises, the key is understanding both ecosystems' traits and choosing based on their scenarios. There's no need to fixate on who will win; both will endure, with connections and conversions between them.
The concept of Agents has existed for years, long before large models gained prominence. Yet only now do we see a viable path to large-scale adoption—not because models suddenly became smarter, but because the supporting infrastructure has gradually fallen into place.
Turning points are rarely singular events but quiet qualitative shifts resulting from many small advancements. ARD is a vital piece of that puzzle, but not the last. More standards, tools, and practices will emerge, transforming Agents from isolated 'digital toys' into productivity tools integrated across industries.
This article is original to Xinmou. For authorization requests or business collaborations, please contact us.
— END —