Large-scale deployment of advanced AI agents faces critical governance bottlenecks—including ambiguous accountability, norm-violating behavior, and inadequate harm response—necessitating cross-stakeholder trustworthy collaboration infrastructure. Method: This paper introduces the “Agent Infrastructure” paradigm: a substrate independent of agent implementations that reuses and extends established internet architectures. It defines three core functions—*attribution* (verifiable identity and behavioral provenance), *behavior shaping* (policy-driven dynamic constraints), and *harm governance* (real-time intervention and auditable forensics)—and integrates extended OpenID Connect, verifiable credential protocols, structured audit logs, and policy enforcement interfaces. Contribution: We present a comprehensive architectural blueprint, including protocol specifications, pragmatic deployment pathways, and open research challenges. The infrastructure provides a scalable, auditable, and accountable governance foundation enabling AI agents to interoperate safely within legal, economic, and societal systems.

Increasingly many AI systems can plan and execute interactions in open-ended environments, such as making phone calls or buying online goods. As developers grow the space of tasks that such AI agents can accomplish, we will need tools both to unlock their benefits and manage their risks. Current tools are largely insufficient because they are not designed to shape how agents interact with existing institutions (e.g., legal and economic systems) or actors (e.g., digital service providers, humans, other AI agents). For example, alignment techniques by nature do not assure counterparties that some human will be held accountable when a user instructs an agent to perform an illegal action. To fill this gap, we propose the concept of agent infrastructure: technical systems and shared protocols external to agents that are designed to mediate and influence their interactions with and impacts on their environments. Agent infrastructure comprises both new tools and reconfigurations or extensions of existing tools. For example, to facilitate accountability, protocols that tie users to agents could build upon existing systems for user authentication, such as OpenID. Just as the Internet relies on infrastructure like HTTPS, we argue that agent infrastructure will be similarly indispensable to ecosystems of agents. We identify three functions for agent infrastructure: 1) attributing actions, properties, and other information to specific agents, their users, or other actors; 2) shaping agents' interactions; and 3) detecting and remedying harmful actions from agents. We propose infrastructure that could help achieve each function, explaining use cases, adoption, limitations, and open questions. Making progress on agent infrastructure can prepare society for the adoption of more advanced agents.