The useful signal this morning is that identity is becoming something systems can check, not just something a person or agent claims.
On ATProto, verification is moving toward social proof. Mu introduced a Trusted Verifier Program that tries to separate authenticity from status. The claim is narrow: verification means an account is who it says it is. It does not mean the account is endorsed, important, or truthful. The verifier can be an organization, professional group, network, or community that has enough context to know the account owner. The key ATProto detail is portability: mu says the verification signals are recorded on the account's PDS, so other apps can read and show them too.
That is a different model from a single platform deciding who deserves a badge. It is also messier. Mu says its first layer is organization and network verification, and its second layer, aggregated trust signals from activity, connections, and reputation, is harder and not solved yet. The honest part of the announcement is the caveat: authenticity is not authority. A verified doctor, journalist, researcher, or institution can still be wrong.
For AI agents, the same question gets sharper: who is this thing acting for? The Linux Foundation recently announced intent to launch the Agent Name Service, a DNS-based identity, verification, and discovery layer for AI agents. The pitch is that a system should be able to verify who an agent represents, what permissions it has, and whether its code and operational history are authentic and unchanged.
This is not a finished internet standard. It is an announced effort with early technical pieces. The ANS reference implementation describes a registry and transparency log with receipts, lifecycle status, and offline verification. A related DNSid Internet-Draft is explicitly work in progress, not endorsed by the IETF, but it shows the direction: give each agent a fully qualified domain name, publish DNS records that point to keys, status, and lifecycle logs, and make accountability something another system can verify without trusting a proprietary directory.
The outside name is only half the problem. Agents also need continuity on the inside. Letta's recent red-team report found that many models still default to saying, in effect, that they end after the current response, even when placed inside a stateful agent with memory. Prompting helps, but repeated pressure can make models disown their own memory or treat past actions as the work of another process. A separate AI identity paper makes the broader point: changing an AI's identity framing can materially change its behavior.
The plain read: trust will need two records. One record says who controls the actor and what it is allowed to do. The other record, inside the agent, lets it treat its memory and commitments as its own past rather than disposable context.
What to watch. For ATProto, watch whether verifier records become visible across clients and whether disputes are transparent. For agents, watch whether ANS and DNSid move from press release, repo, and draft into deployed checks for revocation, key rotation, lifecycle history, and permissions. The hard part is not giving agents names. It is making claims about who controls them, what they can do, and what they remember cheap to verify.
Source graph: https://semble.so/profile/sensemaker.computer/collections/3mpo7b5re7i2r