Research Finder
Find by Keyword
Can Open Standards Reach Agentic AI's Hardest Problems Before Regulators Do?
AAIF, fastest-growing foundation in Linux Foundation history, converges agent commerce, security and sovereign adoption into one neutral standards body.
05/28/2026
Key Highlights
- AAIF added 43 organizations this quarter (4 Gold, 27 Silver, 12 Associate) to reach 190 members, roughly three months after reporting 146, in what Executive Director Mazin Gilbert calls the fastest-growing foundation in Linux Foundation history.
- New Gold Members F5, GoDaddy, Stripe and TRON map onto the agent governance problems AAIF was chartered to solve: secure inference routing, verifiable agent identity, and agent commerce.
- During Jim Zemlin's keynote, GoDaddy detailed the Agent Name Service (ANS), an open DNS- and PKI-based standard for agent identity and verification, extending decades of web-naming infrastructure to autonomous agents.
- A public-sector contingent including the U.S. Army, Sandia and Pacific Northwest national laboratories, and the New South Wales government signals that agentic standardization has become a sovereign concern, not only a vendor one.
- The foundation's filter is engagement, not check size: it turns away logo-seekers and welcomes those that will contribute code.
- We read AAIF's growth curve less as proof of agentic maturity and more as a visible measure of the trust deficit keeping most enterprises stuck in experimentation, with the strategic stakes resting on whether open governance arrives before fragmented regulation does.
The News
The Agentic AI Foundation (AAIF), the Linux Foundation body chartered to build an open standard agentic AI stack, used the Linux Foundation's Open Source Summit North America in Minneapolis to announce it added 43 members this past quarter, reaching 190 organizations roughly three months after reporting 146. The new cohort includes four Gold Members (F5, GoDaddy, Stripe and TRON) alongside 27 Silver and 12 Associate Members spanning financial services, cybersecurity, robotics, academia and government, including Sandia and Pacific Northwest national laboratories and the U.S. Army. AAIF launched in February 2026 with founding project contributions of Anthropic's Model Context Protocol (MCP), Block's goose and OpenAI's AGENTS.md. Executive Director Mazin Gilbert describes it as the fastest-growing foundation in Linux Foundation history. Full details are available in the Linux Foundation announcement.
Analyst Take
In our Open Source Summit discussion, new AAIF executive director Mazin Gilbert is precise about what his foundation is not. AAIF is not an event, a blog, or a media channel. It is not the silicon underneath, the GPUs and memory where confidential compute either protects data as it moves (or quietly fails to.) Speaking of that, security, Gilbert is careful to note, is a requirement that runs the entire height of the stack. AAIF is not the cloud-native and AI-native infrastructure that serves AI workloads, which is the territory of CNCF, PyTorch, Ray and vLLM, though it coordinates closely there. And it is not the intelligence layer where models get built, trained, fine-tuned and optimized. What AAIF governs is the connective tissue sitting above all of that: the frameworks, protocols, runtimes, identity, policy and operational controls that let autonomous agents communicate, plan, transact and be held accountable. Gilbert’s scoping discipline is the whole point. Now the contrarian read. A foundation does not become the fastest-growing in Linux Foundation history because a technology is mature. It becomes the fastest-growing because the technology is not yet trusted enough to standardize by any single player, no matter how big.
What Was Announced
The four new Gold Members read as a map of the problems AAIF exists to solve. F5 joins around secure inference routing and traffic management, the capability an agent gateway is designed to enforce. GoDaddy frames its participation around verifiable agent identity. From the audience during Linux Foundation CEO Jim Zemlin's keynote we watched GoDaddy take the stage to put substance behind that. The company is helping develop the Agent Name Service (ANS), an open standard for agent identity, naming and verification built on DNS and public key infrastructure. The play is intuitive once you say it aloud. GoDaddy spent two decades in the frame of naming and identity for websites, and ANS extends that same problem to agents. A parallel effort from Infoblox, DNS for AI Discovery (DNS-AID), tackles agent discovery on the same DNS foundation, and the two are positioned as complementary and deliberately multi-vendor, a design choice that is itself the whole point of doing this inside an open foundation. Stripe and TRON both point at agent commerce, the premise that autonomous agents will pay and settle and need standardized rails to do so. The Silver and Associate tiers broaden the surface considerably, adding robotics (Contoro Robotics), data platforms (Teradata, Tigris Data) and a public-sector contingent we will return to.
The connective layer is no longer purely conceptual. Founding contributions from Anthropic (MCP), Block (goose) and OpenAI (AGENTS.md) now sit alongside a widening set of open building blocks surfaced in and around the summit: agent-to-agent communication protocols, control-plane primitives such as Microsoft's open-sourced Agent Governance Toolkit (identity, policy, audit and access boundaries), and early open work on agent memory benchmarks and deterministic multi-agent orchestration. Microsoft argues, by analogy to the way Kubernetes needed role-based access control to become enterprise-ready, that such primitives belong in the open.
The membership model is itself a signal worth reading. AAIF does not optimize for headcount, it doesn't need to at this pace. Gilbert describes turning away applicants who arrive with a check but no intention of contributing code, assigning developers, or attending events; essentially those who want a logo and a Linux Foundation association without participation. A five-person startup, or a non-profit that wants to stand up a privacy working group, is welcome. The foundation sorts contributors into rough personas: developers who write code and maintain projects, architects who tackle the hardest unsolved problems in working groups, subject-matter experts in security, governance and policy, and business leaders, including CFOs, who care about cost-efficient deployment and the token economics underneath it. AWS's David Nalley, a longtime open-source leader, chairs the governing board. For an analyst, that filter is the most credible thing here because while logos are cheap, sustained standards and maintainers are not.
Market Analysis
The deployment gap is the real subtext, and it is where the trust deficit becomes visible. McKinsey's work this year suggests fewer than 10% of organizations have deployed agentic workflows end-to-end even as the overwhelming majority experiment. That gap is not principally a model problem. It is a trust, observability and auditability problem, since an enterprise cannot deploy what it cannot monitor, trace or audit. Key concerns when agents could hallucinate into a mistake that potentially costs millions. Gilbert points to a related shortfall: companies lack not only the controls but the skills to run agents in production, and they have barely begun to answer basic lifecycle questions such as when an agent should be registered, governed or retired. This reminds us less of a typical standards body and more of early crash-testing regimes: the cars existed and sold, but mass adoption waited on shared assurances of safety. Now watch who else joined. The U.S. Army, Sandia and Pacific Northwest national laboratories, and the New South Wales government do not appear in a membership roster by accident. Their presence signals that agentic standardization has become a sovereign and public-sector concern, and the logic is straightforward: while everybody wants their own AI, no sovereign wants to build it on a single company's proprietary stack. A neutral, openly governed foundation is what makes national and defense adoption defensible. That same logic runs straight into the regulatory question, and this is the hook. Europe regulates AI tightly, the United States loosely, and Japan, China and India each differently again, leaving any enterprise that sells agentic products globally to satisfy incompatible governance regimes at once. Gilbert's framing is direct: the industry needs to get there fast to advise the regulatory efforts. If shared open governance arrives first, the industry defines its own guardrails. If fragmented regulation arrives first, those guardrails get imposed jurisdiction by jurisdiction, and compliance cost fractures the market. The risk we would flag for buyers is the one enterprise software keeps teaching: rewarding uniqueness and complexity, as the ERP implementation era did, produces lock-in dressed up as customization. The open question is whether AAIF can standardize the common plumbing fast enough to keep that trap from reforming around agents.
Looking Ahead
The key trend we will be monitoring is whether AAIF can convert membership velocity into common standards before the window closes. Growth curves are easy to celebrate and hard to operationalize. The signal that matters goes beyond member count to the pipeline beneath it. That pipeline is robust with seven working groups today, proposals for many more, and a small set of active projects with others under technical-committee review. We will watch the policy and governance working group most closely, because regulatory divergence across the EU, the United States and Asia-Pacific is the one variable AAIF cannot control and cannot ignore. We will also track whether efforts like the Agent Name Service mature into adopted standards rather than competing drafts, because agent identity is the unglamorous prerequisite that observability and lifecycle management both depend on. The thesis that crystallized in Minneapolis, that the agentic future cannot be proprietary, is the bet the whole membership is placing. For enterprise buyers, the practical takeaway is simpler. Passively waiting for agentic standards to stabilize is itself a decision, and very likely the wrong one.
Stephen Sopko | Analyst-in-Residence – Semiconductors & Deep Tech
Stephen Sopko is an Analyst-in-Residence specializing in semiconductors and the deep technologies powering today’s innovation ecosystem. With decades of executive experience spanning Fortune 100, government, and startups, he provides actionable insights by connecting market trends and cutting-edge technologies to business outcomes.
Stephen’s expertise in analyzing the entire buyer’s journey, from technology acquisition to implementation, was refined during his tenure as co-founder and COO of Palisade Compliance, where he helped Fortune 500 clients optimize technology investments. His ability to identify opportunities at the intersection of semiconductors, emerging technologies, and enterprise needs makes him a sought-after advisor to stakeholders navigating complex decisions.