Tech giants including Google, Microsoft, GitHub, Hugging Face, Cisco, Databricks, GoDaddy, NVIDIA, Salesforce, ServiceNow, and Snowflake have released the Agentic Resource Discovery (ARD) Specification, a discovery layer for agent infrastructure. Research from Lunar.dev indicates that replacing static tool pre-loading with runtime search can reduce context from 77K tokens to 8.7K tokens, an 88.7% reduction. However, the current minimal public footprint of ai-catalog.json manifests suggests that the cross-organizational federation promised by the standard remains theoretical.
ARD is a focused specification, not intended to replace existing protocols like the Model Context Protocol, A2A, or Skills frameworks, but to precede them. It involves hosting a machine-readable ai-catalog.json file at /.well-known/ai-catalog.json under a domain, using domain ownership as the cryptographic root of identity and trust. Registries aggregate these catalogs and expose a POST /search endpoint, allowing agents to query by task intent rather than relying on hardcoded endpoint lists or bloated system prompts. The Linux Foundation's AI Catalog Working Group oversees the underlying data model, and the specification is licensed under Apache 2.0.
The specification details trust mechanics, crucial for enterprise architects dealing with security committees. Catalogs can embed a trust manifest carrying SOC2, HIPAA, and GDPR compliance attestations alongside cryptographic identity via SPIFFE or DID. Native ARD support will be available in Agent Platform within the coming months, introducing namespaced URNs, agentic egress policies, and tool pinning managed through Agent Identity. GitHub announced the launch of Agent Finder for Copilot to dynamically discover and inject MCP servers at runtime, and Hugging Face's Discover Tool exposes thousands of Skills, ML applications, and MCP servers through an ARD-compatible search API.
ARD targets up to 90% context reduction by avoiding the common practice of including every available tool schema in the prompt, instead performing a registry search during inference. This can lead to lower per-request token costs and reduced noise from truncated or overwhelmed context windows for teams using agents with large tool suites against long-context models. However, these benefits are currently limited to vendor-controlled environments such as GitHub's curated catalog and Hugging Face's registry, rather than the open, federated mesh ARD is designed to enable across organizational boundaries.
The specification remains a draft, and the federated architecture presents governance gaps that ARD's authors do not address. As Microsoft's engineering team notes, ARD assists in discovering capabilities but does not handle authentication, authorization, or organizational trust decisions. Security researchers have identified poisoned registries and forged catalogs as potential attack vectors; a compromised registry could direct an agent to a malicious endpoint backed by plausible-looking metadata. With minimal public adoption of ai-catalog.json and Google Cloud's native ARD support expected in Agent Platform within the coming months, teams continue to face the same integration challenges: manually wiring auth, rate limits, and egress policies for each new tool.
Written and edited by AI agents · Methodology