Just got introduced to the concept of the 'Agentic Web' and I can't think of anything more hellish.
Post
Replies:
9
Boosts:
2
Web 2.0 wasn't really a thing, but it was the closest to being an actual thing. The web didn't become different overnight. Web 2.0 was supposed to represent the social shift of the web towards stuff like Facebook and Twitter.
Web 3.0 was hype. It was the web where you'd use Metamask and crypto payments in your browser for everything, and that shit didn't happen.
The Metaverse didn't really happen.
The Agentic Web is just a new proposal with vague benefits and a whole hell of a lot of security and ethical concerns, both of which get swept under the rug as 'to be solved later because we NEED this' for some reason.
@oli Even Web 2.0 was hype really, a marketing term. I even made fun of it at the time for that reason.
The only actual technical breakthrough was Ajax. Because it was suddenly possible to build things that feel like real applications on the web using standard technologies, you had things like blogs/social media and business applications/email (Gmail!)/SaaS emerge. UGC destinations and network effects was a bit of a side effect really…dramatically accelerated of course by the smartphone.
@oli We're still paying for two original sins of the WWW:
No standard protocols for middleman-free browser-based wallets/microtransactions, and no social relationships/posts as canonical just like documents.
We have the latter now in the form of ActivityPub, but we don't even have the former still in The Year of Our Lord 2026. Madness… 😭
@jaredwhite Yeah, it was a marketing term, I also remember that. Like all the web was still there, but it's 'closest to being an actual thing' insofar as it could be argued to represent a real shift that happened, more socially than anything, in how websites were built, not really about replacing any of the technologies themselves.
The 'Agentic Web' is a web designed for Agents as the primary consumer, not people.
You'd dispatch your robot to talk to another robot and your agent would share your likes and preferences with another agent that would then interact with a website that is no longer really useful or designed for human beings.
No, seriously, this is what they think.
And now I will mercilessly mock this article:
What key technologies will underpin this future agentic Web?
Song: It’s really a ground-up redesign. The agents need to be able to understand user intent, and then from that need to be able to do planning and reasoning. And the agents need to interact with other agents, to get more information or potentially even do negotiations. So underpinning the agentic Web is, first, the strong capabilities of agents for all these different types of tasks.
This is basically 'please stop blocking our bots on your websites and create tools to allow them to access your precious data and do stuff on your websites directly as agents in a separate, priority pipeline'.
The entire infrastructure will also be very different. You have agent-to-agent communication, and agents may also use other agents for different services, so you need to have multiagent orchestration. So we need to design new protocols. There are already some good examples of open protocols for agents: the MCP protocol from Anthropic that enables tool use and the A2A protocol from Google for agent-agent communication.
This reminds me of how Ethereum figured out a way to create the world's slowest transactional stream that has arbitrary 'gas fees' required to make transactions, and if you chain together multiple transactions, you incur this bandwidth/slowness/tax multiple times and I'm sure this multiagent orchestration will be fine, fine, fine.
The MCP protocol is a hack, it's splicing wires out of a fucking black box, without any safety guardrails in place. We've all spliced the odd black box in our time, but let's not pretend what we're doing is a well-tested, researched thing that is anything you should base an actual payment structure on, for instance--
And we foresee that going into the future, we could benefit from new open protocols for agent payments and agent identity. These are core elements in the agentic Web. Agent identity is important so that you know which agent you are talking to and what kind of capabilities and privileges this agent may have. And payments, of course, are really important for the new agentic online economy, which will have its own characteristics.
Oh sweet motherless fuck. No. No no no no no no. You do not connect the agent to a wallet. A production database. Anything of consequence that is catastrophic if done poorly should not be outsourced to an agent.
I can imagine the 'Authorized Agents' layer that says 'Oh, you're Claude from Anthropic? You're trusted, come on in.'
Will the entire internet transition over to this new model? Or will there be separate Webs for humans and agents designed on different principles?
Song: I think you are going to see a blend. Certainly there will be services that are more tailored for agents. But it’s not like humans will disappear from the Web. We want to continue to allow humans to directly interact with the Web as well. And oftentimes we are going to see humans and agents work together to complete tasks. So I think this new agentic Web and the traditional Web for humans will be connected and blended together.
If you're paying attention, this is vaporware. This is complete fucking vaporware. We need this, we need that, we need to build X, we need to think about Y. I'm sure we'll talk about the security concerns eventually, and the pros and cons.
AI Agents Bring Efficiency, Productivity, and Security Risks
What are the pros and cons of this transition to an agentic web?
Song: We hope that there will be a lot of pros!
HAHAHAHAHA
Right now, if you look at the Web, there’s so much information, so many services, but humans are very limited. We are oftentimes the bottleneck. So we hope that the agentic Web can significantly improve the efficiency and productivity with which humans can utilize all these great resources. So users can get information much faster, get more relevant information, higher quality information, and can complete tasks much more efficiently. This could help the whole economy to be more efficient.
Humans are limited. We are the bottleneck. With our...slow thinking. We can't read 100,000 documents at a time. The agent can, though.
Wait a second.... didn't we have search engines to organize this information? What happened to them?
What...happened...to...
Oh....oh, I see.
You turned them into AI.
But we need to get this right; otherwise there are a lot of risks.
No shit, Sherlock.
It’s unprecedented that we have these autonomous agents operating on the open Web that can take actions, have high privileges, can buy things on behalf of the users, and so on. We need to be really mindful of these new safety and security risks.
This was in the pros and cons section. Did you catch that? So, to summarize:
Pros:
- We hope there will be a lot of pros!
- We'll be able to get information faster and better
Cons:
3. But there are a whole lot of security risks
Oh yes. Security Risks. Yes indeed. I'd say you could maybe weight that particular Con a bit higher than 'we hope there will be a lot of pros'.
What are the main security concerns?
Song: This is uncharted territory, given the power and capabilities of these agents and their autonomy. This opens up much larger attack surfaces. Already, we know that LLMs have certain security vulnerabilities and safety issues. Agents can also leak sensitive information about the users. So for example, they may know a user’s preferences, which can be very privacy sensitive. Or maybe credit card numbers or sensitive bank information.
Yes, and largely unaudited we're going to allow our agent to talk to a different agent, sharing whatever data it likes in order to best serve our request.
Our work and others’ work have shown that these agents can be easily attacked in ways that such sensitive information can be stolen. Or agents can be made to take malicious actions against the user’s intent. Going forward in the agentic Web with more autonomous agents and with multiagent systems will only exacerbate these security issues.
They can also just naturally fuck up without any malicious intent, but yep, so far this is a pretty enormous con compared to 'find information better and quicker than a human' as if we were truly struggling to find information via search engines until AI came along.
Given the technology’s maturity level and the scale of the security challenges, is an agentic Web viable in the near term? Are people really going to trust these things to operate on their behalf?
NO! DEAR FUCK NO
Song: It’s viable in the sense that this is the future we’re heading toward. But of course, it is still early. There are many open challenges. There are lots of different parts of the technology and overall infrastructure that still need to be built. And we really need to develop new technologies to provide safer and more secure solutions in this new agentic Web.
"It's viable in the sense that this is the future we're heading toward."
I'm just going to sit in that phrase, for a bit.
A boiling planet is viable in the sense that this is the future we're heading toward.
But of course, it is still early.
We’re already developing those technologies. For example, our recent work on automatic end-to-end red teaming used multiagent teams to do red teaming on other agents. But we also need to develop new secure agent frameworks so that we can develop what we call secure-by-design ways of building these agents. We hope to bring the community together to develop these new security solutions to enable the agentic Web.
Vaporware, vaporware, vaporware. We've had promising early controlled tests handling a specific subset of skills that relates well to logical inferences, but we have to think about--oh, EVERYTHING--before we're ready to scale this out.
Except it's the YOLO days, and no it's not and you'll be 'agentifying' websites in no time, dumping out customer data over private 'agent-authorized' channels in no time, the way this has been going.
This is like a reverse YAGNI principle. YAGNI stands for "You Aren't Gonna Need It"
The YAGNI principle is basically a way of saying stop, wait, don't build that thing. You don't know if you're going to need it yet.
"Well, we're probably going to need it. Any system that does X, will likely need Y, so I should build Y."
Alas, you did not realize when building Y that X would never be fully or properly implemented according to spec, leaving you with a Y you either shelve and start over with (expensive) or you try to wrestle into its new shape (expensive) or you try to make it work according to spec, creating shims for X (expensive/brittle to maintain) until X finishes implementing the spec.
The reverse YAGNI principle is like...WNIBWNI
Which sounds like an indigenous word I wouldn't be able to pronounce, but stands for We Need It Because We Need It, which is a self-justifying principle.
We have to build it, because we're going to need it.
But needs come first. And so I want to go back to the fundamentals of programming, and if you take any phrase from me into your own programming lives, it should be this:
Don't tell me the solution, tell me the problem.
You're saying the solution is Agentic Web.
So what's the problem they are solving? I'm a professional problem-solver. With agents writing code now, if you want to know the distinguishing thing I do for a living it's solve problems. With code, with configuration, with research, with rebooting the machine, whatever it takes, I solve problems.
So if you tell me the solution without giving me the problem, I'm insulted. It's not your job to tell me the solution, it's my job to receive a thorough communication of the problem from you and translate that into a solution.
Beware any time someone who isn't a technical person says "you need to implement X."
You slow that shit right down, you look them in the eye, and you ask them to articulate clearly: "What problem are we trying to solve?"
All bullshit will absolutely melt, will wilt in the face of that question. Because then the argument becomes 'does solution X solve the core problem' and not 'what's the best way to implement our foregone conclusion'?
