Microsoft, Google launch AI agent discovery specification; GitHub ships Agent Finder

On June 17, 2026, Google and Microsoft introduced the Agentic Resource Discovery (ARD) open specification, a new framework designed to standardize how developers publish and find AI tools. Released under the Apache 2.0 license, the specification enables organizations to publish a machine-readable catalog under their own domain. As detailed by Google, registries can index these catalogs so agents can discover a capability, verify its identity, and then hand off to the tool's native interface for execution (developers.googleblog.com).

Why the Spec Matters

Agentic Resource Discovery (ARD) is an open specification that creates a common standard for AI tools. It allows organizations to publish machine-readable catalogs describing their AI agents and APIs. Other agents can then search these catalogs to find, verify, and use tools from different providers automatically.

The ARD framework uses a catalog file, typically ai-catalog.json, to define tools, skills, and agents in a standardized JSON format (based on the AI Catalog data model). This allows AI agents to perform intent-based searches across federated registries, dynamically finding resources with specified endpoints and security scopes. Industry analysts suggest this approach significantly reduces custom integration effort, as agents can locate necessary skills at runtime rather than having them hard-coded.

However, this new discovery layer introduces security considerations. With discovery acting as the initial trust boundary, experts warn of risks like poisoned registries or forged catalogs directing agents to malicious endpoints. To mitigate this, the ARD draft incorporates metadata for domain verification, signature algorithms, and revocation URLs. Adopting teams are strongly advised to validate all manifests and enforce least-privilege principles before establishing connections.

First Implementations and Early Adoption

The most prominent implementation of ARD is GitHub Copilot's Agent Finder. As noted in its June 17, 2026 changelog, Agent Finder indexes ARD-compliant resources, ranks them based on natural language queries, and presents matches for developer approval without silent installation (github.blog). The search can be limited to GitHub's public catalog or a private internal registry, with results governed by enterprise policies.

Beyond GitHub, unconfirmed reports point to other early implementations, including a Hugging Face Discover Tool for searching Spaces and Skills and a Google Cloud Agent Registry within the Gemini Enterprise Agent Platform.

Despite these examples, broader public adoption remains minimal. According to industry reports, public ai-catalog.json files are rarely found across major websites, with public deployment described as "near zero," as the specification is still in draft status. This indicates that current usage is primarily confined to controlled vendor ecosystems rather than the open web.

Current Developer Resources

• An official Apache 2.0 specification defining the JSON schemas and discovery protocol.
• A reference implementation within GitHub Copilot, showcasing features like ranked search, registry scoping, and policy enforcement.
• Early-stage vendor registries from Google Cloud and reportedly Hugging Face, though these await official confirmation.

Future Outlook and Recommendations

The ARD community is actively seeking feedback on governance, signature formats, and schemas to advance the specification from its draft status to a stable release. Concurrently, security researchers are developing threat models for registry poisoning, which will likely shape the final metadata requirements. For teams currently experimenting with ARD, the recommended best practice is to maintain private catalogs, rigorously verify all signatures, and implement detailed audit logging for every agent tool handoff.