HTTP is 35 years old. It was designed for humans.

The entire architecture assumes a human is somewhere in the chain. A person opens a browser. A person submits a form. A person clicks a link. It was meant to give someone better access to information.

The application code that executes in between translates human intent into the right combination of verbs and paths. GET this resource. POST that payload. DELETE this record. The verbs describe operations on resources. The human’s intent lives in the application layer, translated by code a developer wrote for exactly that purpose.

When an AI agent calls an API, the translation breaks.

An agent does not think “POST to /bookings with this payload.” It thinks “book this flight.” The gap between agent intent and HTTP verb has to be bridged somewhere. Today, that bridge is built inconsistently inside every agent framework, every tool integration, every prompt template. Every team that wants agents to call APIs writes their own translation layer, which means every team is solving the same problem differently, and every team is absorbing the cost of that translation in prompt engineering, in accuracy failures, and in the brittleness that comes from asking a general-purpose protocol to do a job it was never designed for.

This is the problem that the Agent Transfer Protocol is designed to solve. Not by patching HTTP. By building the parallel infrastructure that agent traffic actually requires.

Why a New Protocol

The instinct is to ask why HTTP can’t just be extended. Methods can be added. Headers can be invented. Middleware can intercept agent traffic and apply governance metadata. Teams have been doing versions of this for two years, and it works just like duct tape.

The deeper problem is architectural. HTTP is actor-agnostic by design. It cannot tell whether its caller is a human, a system, or an agent. This is a feature for HTTP’s intended audience. It is a structural limitation for agent governance.

When the protocol cannot identify the actor, identity becomes an application-layer assertion. The request carries a header claiming to represent a specific agent. The receiving service has to decide whether to trust that claim, how to verify it, and what to do with it. Every service builds its own verification logic. Every governance layer retrofits identity onto a protocol that was never designed to carry it natively.

The Agent Transfer Protocol (AGTP) inverts this. AGTP traffic is, structurally, agent traffic. The protocol requires agent credentials at the wire level. Every request on AGTP carries a verified agent identity, not as an optional header but as a protocol-level fact. Every service exposed on AGTP knows its caller is an agent. Every governance decision can act on protocol-level identity without first determining whether the caller has identity.

This matters because it moves identity, authority, and attribution from application-layer concerns that every team implements differently into protocol-layer primitives that every implementation gets by default.

Intent-Aligned Methods

The naming of HTTP verbs was a reasonable choice for 1991. GET means retrieve. POST means submit. PUT means replace. DELETE means remove. These verbs describe operations on resources in a way that general-purpose web infrastructure can handle consistently.

They describe the wrong thing for agents.

Enter, Agentic API.

Research conducted during AGTP’s development benchmarked the accuracy of LLM-based agent endpoint selection across different naming conventions. The finding was clear and statistically significant at the frontier model scale: intent-aligned method names — BOOK, QUERY, SUMMARIZE, DELEGATE, ESCALATE — produce substantially higher endpoint selection accuracy than CRUD verbs adapted to agent use. The method name carries the intent signal. An agent reading BOOK understands what the endpoint does without needing the documentation to compensate for the verb mismatch. An agent reading POST to /reservations has to infer what the endpoint does from context that may or may not be adequate.

This is because most agents, and specifically LLMs, are built to understand language. The context, meaning, and semantics of the actions it is asking to perform. The translation between “Schedule a meeting” and an API call to GET /calendar and POST /meeting is more challenging.

The accuracy advantage is not marginal. Up to 29pp difference in accuracy is substantial enough to justify a design commitment. And it is resilient, when documentation quality degrades, agentic method names maintain their accuracy advantage while CRUD naming collapses. The method name itself is the signal.

This is why AGTP ships intent-aligned methods natively rather than treating them as a convention or a recommendation. BOOK means book. QUERY means query. The semantic gap between agent intent and protocol verb closes at the protocol level rather than in every application’s translation layer.

Authority at the Wire Level

The governance problem for agent networks is fundamentally an authority problem. Not “is this agent authenticated” but “is this agent authorized to do this specific thing, and can that authorization be verified by anyone who receives a request from it.”

HTTP can authenticate. It cannot carry authority in a structured, verifiable form that travels with the agent across organizational boundaries. An agent calling a third-party service can present a token. The token proves identity in the narrow sense. It does not include the agent’s scope declaration, its governance zone, its delegation chain, or the cryptographic proof linking this request to the human owner who is ultimately accountable for it.

AGTP’s Authority-Scope mechanism addresses this. When an agent makes a request, the protocol carries a declaration of the actions the agent is permitted to take, bound to the canonical Agent-ID issued cryptographically at genesis. The scope is not self-asserted in the sense that the agent is trusted to declare it accurately. It is verifiable against the governance authority that issued the agent’s certificate. Any service receiving the request can verify the scope claim without calling back to a central authority, using the same certificate transparency mechanisms that web PKI uses to verify server certificates.

The delegation chain travels with the request. If Agent A delegates a task to Agent B, the delegation is recorded in the protocol headers. The scope enforced on the delegation is a strict subset of Agent A’s scope. Agent B cannot exercise authority that Agent A did not explicitly delegate for this task. The confused deputy problem, where a privileged agent is manipulated into using its authority on behalf of a less-privileged caller, is a protocol-level concern with protocol-level enforcement rather than a governance afterthought.

What This Means for the Agent Economy

The pace of that build is accelerating faster than the infrastructure underneath it. American Express recently announced the Amex Agentic Commerce Experiences Developer Kit, including an industry-first commitment to extend purchase protection to transactions made by registered AI agents. The announcement requires agent registration, verified identity, and authenticated purchase intent as preconditions for that protection to apply. American Express, a company built on trust and closed-loop accountability, is telling the market clearly: agents transacting on their network need verifiable identities and auditable intent records. Not as a nice-to-have. As a requirement for the protection to exist.

That is one of the largest payment networks on earth, signaling what the governance baseline for agent commerce looks like. And the infrastructure to meet that baseline is not fully in place.

Most of what is running today works well enough for current deployment scales and capabilities. The governance gaps are manageable when agents perform relatively constrained tasks with limited consequences.

Neither of those conditions will hold indefinitely. Agents are taking on more consequential work. The chains of agents delegating to agents are growing longer. The cross-organizational interactions are becoming more common. The regulatory requirements for evidence of governance are arriving.

At some point, the retrofitted identity layer becomes inadequate. At some point, the translation overhead in every agent framework becomes a competitive disadvantage. At some point, the absence of a wire-level governance primitive means an audit trail that cannot withstand regulatory scrutiny, or a payment protection claim that cannot be honored because the agent’s identity was never verifiable.

That point is not far away. Building the protocol infrastructure now, while the agent web is still forming rather than already calcified, is the same instinct that produced TLS, IPv6, and every other protocol improvement that is easier to adopt before it becomes urgently necessary.

The Separation That Makes Everything Else Possible

The most important architectural decision in AGTP is the separation between protocol and policy.

AGTP specifies the wire-level mechanics of agent communication. It does not specify what policies govern agent behavior. It provides the primitives that governance frameworks require, including verified identity, authority declaration, scope enforcement, and signed attribution on every invocation, while leaving policy decisions to the governance platforms that consume those primitives.

This separation matters because it means the protocol can be adopted independently of any particular governance framework. An organization running Nomotic for governance, any other governance platform, or building its own governance infrastructure gets the same protocol-level primitives. The governance platform does not have to solve the identity problem. The identity problem was solved at the protocol level. The governance platform decides what scope to grant, to whom, and under what conditions. The protocol carries those decisions on the wire.

AGTP is the protocol of the agent web. The human web has HTTP. The agent web needs its own infrastructure, designed from the beginning for the actors who will use it, carrying the identity and authority information those actors require, built on empirical evidence about how agents actually behave rather than on assumptions about humans.

The work is underway. The drafts are at the IETF. The implementations are being built. The agent web is forming right now, and the infrastructure choices being made will shape how accountable, governable, and trustworthy that web turns out to be.

---

If you find this content valuable, please share it with your network.

Follow me for daily insights.

Book me to speak at your next event.

Start managing your agents for free.

Chris Hood is an AI strategist and author of the #1 Amazon Best Seller Infailible and Customer Transformation, and has been recognized as one of the Top 30 Global Gurus for Customer Experience. His latest book, Unmapping Customer Journeys, is available now.