Will AI Agents Change the Internet Forever?

The Internet as we know it could be on the cusp of dramatic change as autonomous AI agents become the primary users of the Web, researchers say. In a recent position paper, a multi-institution team laid out their vision for how online infrastructure will have to adapt to the new reality of this “agentic Web,” and discussed the promise and peril of this transition.

While most people are already familiar with AI chatbots powered by large language models (LLMs), tech companies are racing to develop AI agents capable of autonomously navigating the Web to carry out tasks on behalf of users. If this dream becomes a reality, the Internet will increasingly be driven by machine-to-machine interactions as these agents coordinate to achieve the goals of their owners.

This situation would require a fundamental redesign of the Internet’s underlying architecture and would transform both everyday online experiences and the dynamics of the digital economy. And while users could benefit in terms of convenience and efficiency, the changeover also holds the potential for major security risks.

IEEE Spectrum spoke to one of the authors of the recent paper, Dawn Song, a professor of computer science at the University of California, Berkeley, and renowned expert on AI safety and security. Song talked about what a future agentic Web could look like and the implications of such a shift.

The Coming of the Agentic Web

What is the agentic Web and how will it be different from today’s Web?

Dawn Song: If you look at the Web today, it’s very much designed for humans. The whole UI [user interface] is about how humans consume information, make decisions, and take actions on the Web. But agents don’t operate like humans, and they don’t have the same kind of limitations as humans, so the Web can be designed very differently.

In a traditional setting, if a user wants to buy a piece of clothing they will go to a website, type in what they want to buy, and then the website is going to show different choices. This design is limited by human constraints: A human has to be able to see the different pieces of clothing, and they can only see so much at the time, and then they need to scroll down the Web page.

But in the agentic Web, a user can have an agent that knows their intent and preferences, and the websites can have agents too. Then essentially the user’s agent can talk to the website’s agent, and they don’t have the same kind of limitations as users. The user can only see so much at the time, but the agent can consume so much more information. Today’s large language models can summarize thousands of articles in a matter of seconds in parallel.

Also with this agent-to-agent interaction, as the agent gets more information it can quickly decide what additional information it needs to get. Then it can send more requests and negotiate with the other agents. So the entire interaction will be completely different, and hence the interfaces will be completely different as well.

What key technologies will underpin this future agentic Web?

Song: It’s really a ground-up redesign. The agents need to be able to understand user intent, and then from that need to be able to do planning and reasoning. And the agents need to interact with other agents, to get more information or potentially even do negotiations. So underpinning the agentic Web is, first, the strong capabilities of agents for all these different types of tasks.

The entire infrastructure will also be very different. You have agent-to-agent communication, and agents may also use other agents for different services, so you need to have multiagent orchestration. So we need to design new protocols. There are already some good examples of open protocols for agents: the MCP protocol from Anthropic that enables tool use and the A2A protocol from Google for agent-agent communication.

And we foresee that going into the future, we could benefit from new open protocols for agent payments and agent identity. These are core elements in the agentic Web. Agent identity is important so that you know which agent you are talking to and what kind of capabilities and privileges this agent may have. And payments, of course, are really important for the new agentic online economy, which will have its own characteristics.

Will the entire internet transition over to this new model? Or will there be separate Webs for humans and agents designed on different principles?

Song: I think you are going to see a blend. Certainly there will be services that are more tailored for agents. But it’s not like humans will disappear from the Web. We want to continue to allow humans to directly interact with the Web as well. And oftentimes we are going to see humans and agents work together to complete tasks. So I think this new agentic Web and the traditional Web for humans will be connected and blended together.

AI Agents Bring Efficiency, Productivity, and Security Risks

What are the pros and cons of this transition to an agentic web?

Dawn Song believes that agentic AI brings unprecedented security risks.Richard Morgenstein

Song: We hope that there will be a lot of pros! Right now, if you look at the Web, there’s so much information, so many services, but humans are very limited. We are oftentimes the bottleneck. So we hope that the agentic Web can significantly improve the efficiency and productivity with which humans can utilize all these great resources. So users can get information much faster, get more relevant information, higher quality information, and can complete tasks much more efficiently. This could help the whole economy to be more efficient.

But we need to get this right; otherwise there are a lot of risks. It’s unprecedented that we have these autonomous agents operating on the open Web that can take actions, have high privileges, can buy things on behalf of the users, and so on. We need to be really mindful of these new safety and security risks.

What are the main security concerns?

Song: This is uncharted territory, given the power and capabilities of these agents and their autonomy. This opens up much larger attack surfaces. Already, we know that LLMs have certain security vulnerabilities and safety issues. Agents can also leak sensitive information about the users. So for example, they may know a user’s preferences, which can be very privacy sensitive. Or maybe credit card numbers or sensitive bank information.

Our work and others’ work have shown that these agents can be easily attacked in ways that such sensitive information can be stolen. Or agents can be made to take malicious actions against the user’s intent. Going forward in the agentic Web with more autonomous agents and with multiagent systems will only exacerbate these security issues.

Given the technology’s maturity level and the scale of the security challenges, is an agentic Web viable in the near term? Are people really going to trust these things to operate on their behalf?

Song: It’s viable in the sense that this is the future we’re heading toward. But of course, it is still early. There are many open challenges. There are lots of different parts of the technology and overall infrastructure that still need to be built. And we really need to develop new technologies to provide safer and more secure solutions in this new agentic Web.

We’re already developing those technologies. For example, our recent work on automatic end-to-end red teaming used multiagent teams to do red teaming on other agents. But we also need to develop new secure agent frameworks so that we can develop what we call secure-by-design ways of building these agents. We hope to bring the community together to develop these new security solutions to enable the agentic Web.