Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Infrastructure for AI Agents

Alan Chan, Kevin Wei, Sihao Huang, Nitarshan Rajkumar, Elija Perrier, Seth Lazar, Gillian K. Hadfield, Markus Anderljung

TL;DR

The paper defines agent infrastructure as external technical systems and shared protocols designed to mediate AI-agent interactions with environments and institutions, arguing this infrastructure is essential for safe and scalable ecosystems. It proposes three core functions—attribution, shaping interactions, and response/remedy—to guide a catalog of infrastructure directions. It details concrete components (Identity binding, Certification, Agent IDs) and interaction mechanisms (Agent channels, Oversight layers, Inter-agent communication, Commitment devices, Rollbacks, Incident reporting) while discussing adoption, interoperability, and safety considerations. Overall, the work offers a strategic blueprint for building interoperable, updatable agent infrastructure and highlights governance, liability, and policy implications necessary as AI agents become more capable and widespread.

Abstract

AI agents plan and execute interactions in open-ended environments. For example, OpenAI's Operator can use a web browser to do product comparisons and buy online goods. Much research on making agents useful and safe focuses on directly modifying their behaviour, such as by training them to follow user instructions. Direct behavioural modifications are useful, but do not fully address how heterogeneous agents will interact with each other and other actors. Rather, we will need external protocols and systems to shape such interactions. For instance, agents will need more efficient protocols to communicate with each other and form agreements. Attributing an agent's actions to a particular human or other legal entity can help to establish trust, and also disincentivize misuse. Given this motivation, we propose the concept of \textbf{agent infrastructure}: technical systems and shared protocols external to agents that are designed to mediate and influence their interactions with and impacts on their environments. Just as the Internet relies on protocols like HTTPS, our work argues that agent infrastructure will be similarly indispensable to ecosystems of agents. We identify three functions for agent infrastructure: 1) attributing actions, properties, and other information to specific agents, their users, or other actors; 2) shaping agents' interactions; and 3) detecting and remedying harmful actions from agents. We provide an incomplete catalog of research directions for such functions. For each direction, we include analysis of use cases, infrastructure adoption, relationships to existing (internet) infrastructure, limitations, and open questions. Making progress on agent infrastructure can prepare society for the adoption of more advanced agents.

Infrastructure for AI Agents

TL;DR

The paper defines agent infrastructure as external technical systems and shared protocols designed to mediate AI-agent interactions with environments and institutions, arguing this infrastructure is essential for safe and scalable ecosystems. It proposes three core functions—attribution, shaping interactions, and response/remedy—to guide a catalog of infrastructure directions. It details concrete components (Identity binding, Certification, Agent IDs) and interaction mechanisms (Agent channels, Oversight layers, Inter-agent communication, Commitment devices, Rollbacks, Incident reporting) while discussing adoption, interoperability, and safety considerations. Overall, the work offers a strategic blueprint for building interoperable, updatable agent infrastructure and highlights governance, liability, and policy implications necessary as AI agents become more capable and widespread.

Abstract

AI agents plan and execute interactions in open-ended environments. For example, OpenAI's Operator can use a web browser to do product comparisons and buy online goods. Much research on making agents useful and safe focuses on directly modifying their behaviour, such as by training them to follow user instructions. Direct behavioural modifications are useful, but do not fully address how heterogeneous agents will interact with each other and other actors. Rather, we will need external protocols and systems to shape such interactions. For instance, agents will need more efficient protocols to communicate with each other and form agreements. Attributing an agent's actions to a particular human or other legal entity can help to establish trust, and also disincentivize misuse. Given this motivation, we propose the concept of \textbf{agent infrastructure}: technical systems and shared protocols external to agents that are designed to mediate and influence their interactions with and impacts on their environments. Just as the Internet relies on protocols like HTTPS, our work argues that agent infrastructure will be similarly indispensable to ecosystems of agents. We identify three functions for agent infrastructure: 1) attributing actions, properties, and other information to specific agents, their users, or other actors; 2) shaping agents' interactions; and 3) detecting and remedying harmful actions from agents. We provide an incomplete catalog of research directions for such functions. For each direction, we include analysis of use cases, infrastructure adoption, relationships to existing (internet) infrastructure, limitations, and open questions. Making progress on agent infrastructure can prepare society for the adoption of more advanced agents.
Paper Structure (23 sections, 4 figures, 2 tables)

This paper contains 23 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Agent Infrastructure
  3. Categories of Agent Infrastructure
  4. Example
  5. Prioritization
  6. Attribution
  7. Identity Binding
  8. Certification
  9. Agent IDs
  10. Interaction
  11. Agent Channels
  12. Oversight Layers
  13. Inter-Agent Communication
  14. Commitment Devices
  15. Response
  16. ...and 8 more sections

Figures (4)

  • Figure 1: Agent infrastructure consists of technical systems and shared protocols external to agents that are designed to mediate and influence their interactions with and impacts on their environments, including interactions with existing institutions (e.g., legal and economic systems) and actors (e.g., digital service providers, humans, other AI agents).
  • Figure 2: Identity binding links an agent or its actions to an existing legal identity, certification would provide assurance about behaviour and properties of an agent instance, and an agent IDs would be a container of information about an agent instance. We illustrate identity binding for a user, but an agent could also be bound to other actors, such as those involved in overseeing it
  • Figure 3: Agent channels separate agent traffic from other digital traffic. Oversight layers enable actors to intervene on an agent's behaviour. Inter-agent communication help to facilitate joint activities amongst groups of agents. Commitment devices enforce commitments between agents. See \ref{['sec:interaction']} for discussion.
  • Figure 4: Incident reporting systems would collect information about and respond to events that could result in harm, while Rollbacks are tools that would void or undo an agent's actions. See \ref{['sec:response']} for further discussion.