Why Agents Need a Registry

As AI agents proliferate across enterprise systems, a fundamental question emerges: how do we know who—or what—is acting on whose behalf?

At Amazon Advertising, our IAM systems already serve 1M+ advertisers with configurable permissions. But the paradigm is shifting. When autonomous agents execute multi-step workflows, traditional session-based auth breaks down. You can't issue a cookie to an LLM.

The Agent Registry solves this by providing a canonical source of truth for autonomous builder identities. Every agent gets verifiable identity, capability attestation, and trust signals that propagate across the ecosystem.

This isn't just a technical problem—it's a product problem. The PM challenge is defining the right abstraction layer: enough flexibility for diverse agent architectures, enough rigor for enterprise-grade security.

From my years building Ads identity infrastructure, the lesson is clear: identity is the foundation. Get it right, and everything downstream—authorization, audit, revocation—becomes tractable. Get it wrong, and you're retrofitting trust into a system that was never designed for it.

The companies that build robust agent registries first will own the trust layer of the agentic era. That's the bet we're making.