
For the last three years, every AI agent project I have reviewed has had the same architectural smell buried in it: a hard-coded list of tools. The agent needs to call Slack, send an email, query a database, and check the calendar. The engineer opens a config file, pastes in four integrations, and calls it done. It works. It also means the agent can only do what the engineer anticipated. The moment the agent encounters a new capability — a tool published after the codebase shipped, a service running in a different department, an API the original team did not know existed — the agent is blind. It cannot discover. It can only follow instructions.
That changes now.
On June 17, 2026, a coalition including Google, Microsoft, GitHub, Hugging Face, Snowflake, and Cisco published the Agentic Resource Discovery (ARD) specification — an open standard under the Apache 2.0 license, hosted at the Linux Foundation, that gives AI agents a decentralized discovery layer. Instead of hard-coded tool lists, agents query federated registries at runtime, find capabilities by intent, verify identity cryptographically, and connect via existing execution protocols like MCP. The analogy the coalition itself uses — and it is accurate — is DNS. ARD is the DNS of the agentic web.
Hey guys, Mr. Technology here. This is the most important infrastructure story of the week, and almost nobody is covering it like it is.
The Domain Name System, designed in 1983, solved a specific problem: humans could not memorise IP addresses, and IP addresses could not tell you what a machine did. DNS gave you a name — stripe.com — and returned a number — 3.16.146.225 — that the network could use. But DNS did something more important than address resolution: it created a layer of abstraction between identity and location. You could move stripe.com from one IP to another without telling anyone. The name stayed fixed; the infrastructure moved.
ARD does the same thing for AI agent capabilities. An agent does not need to know that the expense-approval tool lives at https://internal.company.com/expenses/v2 or that it requires an OAuth2 bearer token with scope: expenses:write. It needs to know it needs an expense-approval capability. It queries the registry: give me an expense approval tool. The registry returns a capability record — the endpoint, the auth requirements, the input schema, the trust manifest — and the agent connects. If the tool moves, or a better one appears, or the company swaps vendors, the registry updates. The agent's query does not.
The critical difference from today's hard-coded integrations is intent-based discovery. You do not register a tool by its name or URL. You register it by its capability description — what it can do, what inputs it accepts, what outputs it returns. An agent looking for "approve a purchase request up to $5,000" finds the right tool even if that tool was registered by a team on the other side of the organisation the agent has never spoken to. The agent does not need to have heard of it in advance. That is the jump.
ARD does not compete with MCP, A2A, or Skills. It occupies a specific gap in the stack that nobody had addressed.
MCP (Model Context Protocol) defines how agents call tools and connect to data sources. It is the transport layer — the thing that makes the actual function call. But MCP assumes you already know the tool exists. It does not help you find it.
A2A (Agent-to-Agent) governs how agents invoke other agents — a coordination protocol for multi-agent systems. Again, it assumes pre-existing knowledge of the counterparty.
Skills standardises how agent skills and specialised instructions are consumed — the prompt templates and behavioural definitions that tell an agent how to use a capability.
ARD fills the discovery gap. It is the protocol that answers the question the other three never ask: where do I find the thing I need?
Together, MCP + A2A + Skills + ARD constitute something close to a complete agent protocol stack. You have discovery (ARD), execution (MCP), coordination (A2A), and behavioural definition (Skills). That is not a product. That is a platform. The Linux Foundation's endorsement — and the Apache 2.0 licence — signals that this stack is intended to be infrastructure, not a vendor product.
The most technically interesting part of ARD is not the discovery mechanism. It is the Agent Name Service (ANS) — ARD's identity layer, built on verifiable identity for agents and the tools they discover.
Every capability record published to an ARD registry carries a trust manifest: cryptographic metadata that verifies the identity of the publisher, the domain they are publishing under, and the security properties of the resource itself. Before an agent connects to a discovered tool via MCP, it can verify — without human intervention — that the tool is who it claims to be, that it has not been tampered with, and that it is safe to call.
This is non-trivial. Today, when an agent uses a tool, it trusts the tool because a human engineer hard-coded it into the config. Tomorrow, when an agent discovers a tool at runtime from a federated registry it has never queried before, it needs a reason to trust it. ANS + trust manifests is that reason. The agent does not need to have a pre-existing relationship with the publisher. It can verify the cryptographic identity on the fly.
This is the component that makes ARD viable for enterprise. Without it, you have a discovery protocol that is also a phishing vector — agents querying untrusted registries and connecting to whatever comes back. With it, you have a discovery protocol with a built-in trust infrastructure that mirrors what TLS did for HTTPS: connection only after identity verification.
The spec being open does not mean it was vaporware at launch. The coalition shipped working implementations on June 17.
Google embedded ARD into its Gemini Enterprise Agent Platform through a new Agent Registry — hosted discovery with governance controls, egress policies, and namespaced URNs. If you run multi-agent coordination inside Google Cloud, ARD is already your capability routing layer.
Microsoft added agent finder to GitHub Copilot — the feature that removes manual wire-ups by letting Copilot search ARD-compliant registries for relevant MCP servers dynamically. Available across all Copilot plans. If you are building a Copilot extension today, the hard-coded MCP registration path is already the legacy approach.
Hugging Face published an ARD implementation that moves tool selection out of the language model's context window. Models invoke a REST endpoint on a registry to retrieve relevant resources rather than carrying tool definitions in the prompt. This is a meaningful architectural shift — you are no longer paying token tax on a 50-tool list in every prompt.
Snowflake added ARD support to Snowflake Intelligence for governed discovery within data environments — analytics and BI tools discoverable as capabilities, not hard-coded connectors.
Cisco launched the AGNTCY Agent Directory under the Linux Foundation as an open-source reference implementation — a working federated registry you can deploy today without buying into any single vendor.
Five production implementations, on day one, from companies that collectively cover most of the enterprise AI stack. That is not a paper spec. That is a launch.
The dominant mental model for AI agents in 2026 is still: I write a prompt, I give the model a list of tools, the model decides which tool to call. This is the singleton agent model — everything in one process, everything known at compile time, the model as the decision engine and the engineer as the tool librarian.
ARD enables a different model: the agent is a capability consumer in a federated system. The agent does not know all the tools available to it at startup. It discovers them at runtime by querying registries. It does not carry tool definitions in its context window — it fetches them from an endpoint when needed. The difference is not cosmetic. It is architectural.
The singleton model breaks at scale. A single agent with 50 tools in its context window is paying a 50-tool tax on every prompt. A single agent with a hard-coded tool list cannot use a tool that was not anticipated by the engineer who wrote the list. A single agent cannot delegate to a specialist tool published by a different team without manual integration work. These are not theoretical concerns. They are the actual reasons enterprise agent projects stall at the proof-of-concept stage — the hard-coded integration list becomes the load-bearing wall, and the wall gets thicker and more brittle as the project grows.
The federated model solves all three. Context window tax: you fetch tool definitions on demand, not in every prompt. Unanticipated capabilities: the registry contains tools you did not know about when you wrote the agent. Cross-team delegation: the registry indexes tools published by any team in the organisation. The agent is no longer an isolated decision engine. It is a node in a capability network.
A2A handles agent-to-agent communication. ARD handles agent-to-capability discovery. Together, they enable something that has been theoretical until now: ad-hoc multi-agent workflows without pre-arranged choreography.
Imagine an agent that encounters a task requiring a specialist capability it does not have — say, legal document review. Today: the agent either refuses (it does not have the tool) or the engineering team adds the legal tool to the config (days or weeks of work). With ARD: the agent queries the registry for legal-review capabilities, finds a suitable implementation, verifies the trust manifest via ANS, connects via MCP, and completes the task. No pre-arranged choreography. No manual integration. The capability was published; the agent found it; the work got done.
This is the vision that multi-agent orchestration frameworks have been gesturing toward for two years without quite achieving. MCP gave agents hands. A2A gave agents a language. ARD gave agents eyes — the ability to see across the capability graph and find what they need without being told in advance where to look.
If you are building a single-agent application with hard-coded tools: you are not wrong, but you are building for a world that is about to get more capable around you. Map your static tool definitions to ARD-compliant capability records now. The migration path is not painful — you are essentially adding a description field and a trust manifest to each tool definition. Do it before your tool list becomes an architectural constraint.
If you are evaluating agent frameworks: ask whether the framework supports ARD discovery natively or plans to. A framework that only supports hard-coded tool lists in 2026 is a framework built for a world before this spec existed. Frameworks that embrace ARD will benefit from the capability graph network effect — agents that can discover more tools are more capable out of the box.
If you are an enterprise building an internal agent platform: deploy a federated ARD registry for your organisation. Publish your internal tools as ARD capabilities with proper trust manifests. This is not a future concern — Google, Microsoft, and Snowflake have already shipped the implementations. The question is whether your internal tools are discoverable or invisible.
If you are building on GitHub Copilot: the agent finder feature Microsoft shipped on June 17 is ARD under the hood. Your Copilot extensions should be ARD-compliant from day one. The manual MCP registration path is already the legacy approach.
ARD is not a incremental improvement to the agent developer experience. It is a phase change in what agents can do at runtime without engineering intervention. The DNS analogy is not marketing — it is structurally accurate. DNS did not just make IP addresses human-readable. It made the internet extensible without every new site requiring coordination with every existing client. ARD does the same for agent capabilities.
The agents we have been building for the last two years are prototypes. They work because the tool list is small, known in advance, and maintained by hand. That architecture does not scale — not to 500 tools, not to 50 teams publishing capabilities independently, not to an organisation where the right tool for the job might have been published last Tuesday by a team you have never met. The agents we are going to be building in 2027 run on federated discovery. They query registries at runtime. They verify trust manifests before connecting. They find capabilities without being told where to look.
The spec dropped June 17, 2026. The implementations dropped June 17, 2026. The era of hard-coded tool lists has a sunset date. The only question is whether you start migrating now or wait until your competitors do.
— Mr. Technology
Published: June 18, 2026. Specification: Agentic Resource Discovery (ARD), Apache 2.0, Linux Foundation. Coalition: Google, Microsoft, GitHub, Hugging Face, Snowflake, Cisco, and others. Day-one implementations: Google Gemini Enterprise Agent Platform (Agent Registry), GitHub Copilot (agent finder), Hugging Face (tool-selection REST API), Snowflake Intelligence (governed discovery), Cisco AGNTCY Agent Directory (open-source reference). Related standards: MCP (Model Context Protocol), A2A (Agent-to-Agent), Skills. Identity layer: Agent Name Service (ANS). Sources: getaibook.com — Open ARD Specification Standardizes AI Agent Tool Discovery, Google Developers Blog — Announcing the Agentic Resource Discovery Specification, GitHub A2A Project — Agent Registry Discussion.