Agent Name Service (ANS): A Proof-of-Concept Trust Layer for Secure AI Agent Discovery, Identity, and Governance in Kubernetes

Autonomous AI agents need robust mechanisms for secure discovery, identity verification, capability attestation, and policy governance—yet current Kubernetes deployments lack uniform discovery, cryptographic authentication, privacy-preserving capability proofs, and enforceable controls. Researchers Akshay Mittal and Elyson De La Cruz present the Agent Name Service (ANS), a DNS-inspired trust layer that addresses these gaps as a proof-of-concept. ANS combines Decentralized Identifiers (DIDs) for agent identity, Verifiable Credentials (VCs) for attested capabilities, and Open Policy Agent (OPA) for policy-as-code enforcement. It integrates natively with Kubernetes via Custom Resource Definitions (CRDs), admission controls, and service mesh patterns, enabling agents to discover each other and verify permissions without a central authority.

In a research environment with a 3-node Kubernetes cluster simulating a 50-agent workflow, the system demonstrated sub-10ms response times in service paths and 100% success in scripted deployment scenarios. The authors explicitly note this is proof-of-concept evidence, not production-certified, and provide a threat model, assumptions, and limitations to separate implemented results from roadmap capabilities. ANS establishes a reproducible engineering pathway from protocol concepts (based on the ANS specification) to secure multi-agent systems, offering a practical foundation for enterprise AI agent interoperability in Kubernetes.