Skip to content

The Agentic Web

The agentic web is the internet re-pointed at software agents instead of human eyeballs — agents that discover services, read knowledge, spend money, and take consequential actions on someone's behalf. It is not a metaphor for "AI is big now." It is a concrete shift in who the client is: the thing on the other end of the request is increasingly an autonomous agent, and almost none of the web's assumptions — a human reads the page, a person is behind the login, someone will notice if it goes wrong — survive that change.

This page is the map. The posts below are the territory: two years of building agents that run in production and arguing, release by release, about what the agentic web actually requires to be safe.

The thesis in one line

An agent that is capable but not defendable is a liability on the agentic web. The fix is architectural, not aspirational: determinism at the core, the model at the edge, over knowledge the agent can find and trust. The three pillars of this site — KCP, Skill-Driven Development, and Defendable Agents — are the three faces of that one answer.


What breaks when the client is an agent

The web works because humans quietly absorb its gaps. Take the human out and each gap becomes an engineering problem with no owner:

The human used to… On the agentic web, you need…
Log in, prove who they are Agent identity & delegation — provable, scoped, revocable
Remember what happened last time Durable memory — session, semantic, and claim, not one vector store
Read the page and judge the source Navigable, signed knowledge — maps, not tables of contents
Notice and stop a bad action Deterministic governance — fail-closed at the boundary, in code
Coordinate with other people sensibly Agent coordination — that doesn't collapse into a swarm

The rest of this page walks each of those, with the one post that makes the case best.


Identity — the agentic web has no login page

A login page assumes a human. An agent acting for you needs to prove whose agent it is, what it is allowed to do, and have that permission be scoped and revocable — none of which a username-and-password flow expresses. This is the front-door problem of the whole agentic web.


Memory — agents that don't forget

"Agent memory" is usually collapsed into one question — vector store or not. Production agents actually have three different memory problems, and conflating them is why so many agents feel amnesiac.


Coordination — resist the swarm

The reflex answer to a hard task is "spin up more agents." It is usually wrong: uncoordinated multi-agent swarms multiply cost and non-determinism faster than they add capability.


Determinism — capability is not the bottleneck

The agents shipping today are plenty capable. What they lack is a reason to be trusted with a real decision. The move that fixes it is to stop letting the model make the binding call mid-flight and instead make the decision a deterministic function, with the model confined to the edge.


Knowledge & economics — how agents find, trust, and pay for what they read

An agent is only as good as what it is allowed to read — and on the open web, it also has to know who to trust and, increasingly, how to pay. That is the job of a knowledge protocol.


Governance — make it defendable, not just capable

Everything above converges here. An agent on the agentic web will read regulations, spend budgets, and brief decision-makers; the dominant architecture cannot answer "why did you do that?" with anything better than a transcript. Defendability closes that gap by construction.


Reading guide


The agentic web is being built right now, mostly without the governance it needs. The blog tracks the argument as it develops; this page is the map.