The great web rebuild: Infrastructure for the AI agent era

Moreover, the feedback loop between consumers and businesses will evolve dramatically. Instead of sending generic emails requesting reviews—a method often resulting in low response rates—commerce websites can engage directly with your AI agent to collect timely feedback about specific topics like shipping or product quality. They might offer incentives like future store credit to encourage participation. The human user could provide a brief impression, such as “The cordless vacuum cleaner works well, but the battery life is short.” The agent then takes this input, contextualizes it with additional product data, and generates a comprehensive review that highlights key features and areas for improvement. This process not only saves time for the user but also provides businesses with richer, more actionable insights.Trustpilot and G2 could pivot by introducing agent-oriented verification systems, such as machine-readable trust scores derived from operational metrics like service accuracy, delivery consistency, and customer support responsiveness, enabling agents to evaluate businesses programmatically.The new data-sharing economyInformation sharing in the age of AI agents demands a fundamental reinvention of the current consent and data access model. Rather than blunt instruments like cookie banners and privacy policies, websites will implement structured data requirement protocols—machine-readable manifests that explicitly declare what information is needed and why.This granular control would operate at multiple levels of specificity. For example, an agent could share your shirt size (L) with a retailer while withholding your exact measurements. It might grant 24-hour access to your travel dates, but permanent access to your seating preferences. When a service requests location data, your agent could share your city for shipping purposes but withhold your exact address until purchase confirmation. These permissions wouldn’t be just binary yes/no choices—they could include sophisticated rules like “share my phone number only during business hours” or “allow access to purchase history solely for personalization, not marketing.” Such granular controls, impossible to manage manually at scale, become feasible when delegated to AI agents operating under precise constraints.AI agents would also act as sophisticated information gatekeepers, maintaining encrypted personal data vaults and negotiating data access in real time.These mechanisms will fundamentally shift the balance of power in data-sharing dynamics. GDPR-like frameworks may evolve to include provisions for dynamic, agent-mediated consent, allowing for more granular data-sharing agreements tailored to specific tasks. Websites might implement real-time negotiation protocols, where agents can evaluate and respond to data requests based on their principal’s preferences, preserving privacy while optimizing functionality.New attack vectorsThe shift to agent-mediated interaction introduces novel security challenges. Agent impersonation and jailbreaking agents are two examples.Jailbreaking AI agents poses significant risks, as manipulated agents could act outside their intended scope, leading to unintended purchases or other errors. Techniques like instruction-tuning poisoning or adversarial suffix manipulation could alter an agent’s behavior during critical tasks. For example, adversarial instructions embedded in websites’ HTML might influence an agent’s purchasing logic, bypassing its human-defined constraints. Robust safeguards and continuous monitoring will be essential to prevent these vulnerabilities.Agent impersonation adds a complex layer to cybersecurity challenges. Malicious actors could spoof an agent’s credentials to access sensitive data or execute fraudulent transactions. Addressing this threat demands robust multi-layered verification protocols, such as cryptographic identity verification paired with continuous behavioral monitoring, to ensure authenticity and safeguard sensitive interactions.Building the new web – opportunities for foundersThe web’s agent-first future has no established playbook, and that’s exactly where founders thrive. Entirely new product categories are waiting to be defined: agent-to-agent compliance dashboards, cryptographic attestation services that replace outdated CAPTCHAs, and dynamic data-sharing frameworks that make “privacy by design” a reality. Platforms that offer standardized “agent passports,” identity brokerages that verify delegation rights, agent-native payment gateways, and trust ecosystems driven by machine-readable performance metrics—each of these represents a greenfield opportunity to set the standards of tomorrow’s internet. Startups anticipating these shifts can position themselves as foundational players in an agent-driven economy, opening new channels of value creation and establishing a competitive edge before the rest of the market catches up.Some concrete areas include:Trustpilot for agents – creating machine-readable trust metrics and reputation systems that help agents evaluate services and vendorsOkta for AI agents – building the identity and authentication layer that manages agent credentials, permissions, and delegation chainsOneTrust for agents – creating the new standard for privacy preference management, turning today’s basic cookie banners into sophisticated data-sharing frameworks where agents can negotiate and manage granular permissions across thousands of servicesCloudflare for agent traffic – developing intelligent rate-limiting and traffic management systems designed for agent-scale operationsLastPass for agent permissions – building secure vaults that manage agent credentials and access rights across servicesAWS CloudFront for agent data – creating CDN-like infrastructure optimized for agent-readable formats and rapid agent-to-agent communicationMcAfee security for agents – developing security platforms that protect against agent impersonation and novel attack vectorsGo build.