A new industry initiative aims to give AI agents their own specialized search engine, enabling them to dynamically discover and connect to tools, skills, and other agents across networks. Called Agentic Resource Discovery (ARD), the open standard is backed by a coalition of major technology companies including Google, Microsoft, GoDaddy, Hugging Face, NVIDIA, Salesforce, ServiceNow, Databricks, Snowflake, GitHub, and Cisco. The announcement positions ARD as a foundational layer for the emerging agentic web, where autonomous AI agents will need to find and verify resources without human intervention.
The discovery gap holding agentic AI back
Artificial intelligence agents have become increasingly capable, but their utility has been limited by a fundamental problem: they can only use resources that have been explicitly wired into them. Ramanathan Guha, Technical Fellow at Microsoft, notes that "AI can only use what it's been explicitly wired to use. Everything else may as well not even exist." This lack of discoverability has forced developers to pre-configure every tool and data source an agent might need, creating brittle systems that cannot adapt to new contexts.
Previous efforts like Anthropic's Model Context Protocol (MCP) addressed part of the puzzle by standardizing how AI systems communicate with servers and share data. MCP provides a uniform way for agents to interact with any properly configured server—but it does not help agents find those servers in the first place. ARD is designed to fill that gap, acting as a discovery layer that sits before invocation. As one analogy suggests, if MCP makes apps possible, ARD is the app store that helps agents find and evaluate those apps.
A search engine for the agentic web
The problems ARD aims to solve are reminiscent of the early web before search engines dominated. In those days, users relied on manually curated directories like Yahoo to find websites. The process was incomplete and slow; if a site wasn't listed, it might as well not exist. ARD provides a similar leap forward for agentic AI, creating a standardized way for agents to query for capabilities across organizational and platform boundaries.
However, ARD is not a search engine in the traditional sense—a human-facing interface that returns ranked results. Instead, it is a framework for discovery services. Some services will be general-purpose, indexing public catalogs of AI tools. Enterprises can also deploy private registries that control access to internal resources. As Rao Surapenani, VP and GM of Business Applications at Google Cloud, explains, "The true potential of agentic AI has been limited by silos. By removing centralized gatekeepers, we're empowering any agent to discover, trust, and utilize resources across platforms, unlocking a new era of interoperability."
How catalogs and registries work
ARD's architecture is built around two primary components: catalogs and registries. Catalogs are JSON files named ai-catalog.json hosted at a published path on an organization's domain. These files describe the AI capabilities—tools, skills, agents, MCP servers—that the organization makes discoverable. Each entry includes metadata about the capability, such as its purpose, input/output schema, and authentication requirements.
Registries act as search engines for this agentic web. They crawl catalogs, index the contents, and return matching capabilities to querying agents. The discovery process is designed to be lightweight: a registry verifies that a catalog is hosted on the claimed domain, which serves as the cryptographic foundation for identity and trust. Microsoft's Guha notes that "this gives ARD an architectural property closer to DNS than to ordinary web search." Just as DNS delegates authority for domain names, ARD delegates authority for AI resources to the domain owners.
This hierarchy is intentional. By anchoring trust in domain ownership, ARD avoids the need for a central authority or a single giant database of all AI resources. Instead, anyone who controls a domain can publish a catalog, making the system decentralized and permissionless. Enterprises can also create private registries that only index internal catalogs, ensuring sensitive resources remain behind corporate firewalls.
Security implications and concerns
While ARD's domain-based trust model offers simplicity and scalability, it also introduces new attack surfaces. If an attacker compromises a domain—through DNS hijacking, server intrusion, or code pipeline manipulation—they could modify the ai-catalog.json file to point agents to malicious tools. Such a compromise would be high-leverage, because ARD catalogs are designed to be widely indexed and trusted.
To mitigate these risks, ARD includes several security features. In production settings, registries can use cryptographic trust metadata to verify the integrity of catalog entries. Google's blog post also mentions "Agent Identity, trust manifests, egress policies, and pinned tools" as enterprise controls. These allow organizations to whitelist specific catalogs, restrict which agents can use discovered resources, and enforce audit trails.
Nevertheless, the open-web nature of ARD means that ordinary security best practices remain essential. Domain owners must secure their infrastructure, implement code signing for catalog updates, and monitor for unauthorized changes. As one security analyst notes, "ARD may improve discovery and verification, but it does not eliminate the need for authorization, governance, allowlists, code review, monitoring, and policy enforcement." The added high-value target should be a source of concern for anyone adopting ARD.
Reference implementations
Several partners have already built reference implementations demonstrating ARD's potential. GitHub launched "Agent Finder," which lets GitHub Copilot discover and call MCP servers, skills, tools, and agents at runtime from a public or private registry. This allows developers to extend Copilot's capabilities dynamically, without manual configuration.
Hugging Face introduced "Discover Tool," another ARD reference implementation that offers semantic search across thousands of skills and MCP servers. Users can query for a capability—like "transcribe audio" or "analyze sentiment"—and the tool returns relevant resources with metadata to help agents decide which to use.
Google has announced support for ARD through its Agent Registry in the Gemini Enterprise Agent Platform, with native integration slated for the coming months. This will allow agents built on Gemini to discover and invoke resources from any ARD-compatible catalog, further expanding the ecosystem.
An open spec and an open invitation
The ARD specification is available now, licensed under Apache 2.0, and built on the AI Catalog data model from a Linux Foundation working group. The Google blog states, "The agent ecosystem works best when it is decentralized and open." Anyone with a domain can host a catalog and immediately make their AI resources discoverable by ARD-compatible agents.
Notably absent from the coalition are OpenAI and Anthropic, two of the largest players in the AI space. Their exclusion raises questions about whether ARD will achieve critical mass or remain a standard primarily used by the companies that created it. However, the involvement of major cloud providers, enterprise software vendors, and open-source platforms suggests strong momentum.
As agents become more autonomous, the need for a robust discovery layer will only grow. ARD promises to unlock a new era of interoperability, but it also demands careful attention to security and governance. Whether this standard becomes the backbone of the agentic web or simply another piece of infrastructure for niche use cases remains to be seen.
Source:ZDNET News