# Why Whisper, why now.

> Machines became the majority. Identity didn't keep up. Whisper answers "which
> agent is this?" at the layer none of the incumbents own: the network.
> **The agent's address is its identity. Anyone can prove it — without trusting us.**

In June 2026, bots crossed into the majority of web traffic — 57.5% of HTML
requests, per Cloudflare. Every layer of the stack is now scrambling to answer
the same question — *which agent is this?* — and each is answering at a layer
it happens to own, with an answer only it can vouch for.

## Everyone answers at a layer they rent.

- **Cloudflare: a registry it controls.** Signed agents, bot verification, an
  agent gateway — real engineering, all anchored in a registry one company
  operates, checkable only where that company terminates the connection. The
  verifier has to trust Cloudflare.
- **Payment networks: payment-scoped tokens.** Visa and Mastercard are issuing
  agentic-commerce credentials — authority to *pay*, scoped to a transaction on
  their rails. Nothing a third party can verify outside the checkout flow.
- **Okta, Entra, SPIFFE: one trust domain.** Workload and non-human identity,
  done well — inside a single organization's boundary. The moment an agent
  leaves the org, its identity stops meaning anything to strangers.
- **The IETF: drafts.** Internet-of-Agents drafts argue for address-as-identity;
  DNS-AID and ANS specify DNS-anchored agent naming. The direction is right.
  What's missing is an operator running it in production.

**The pattern:** every answer is a credential the issuer must keep vouching
for, at a chokepoint the issuer owns. That is a gatekeeper business. The
internet already solved this class of problem differently — with protocols
anyone can verify and no one has to ask permission to check.

## We answer at the network layer.

Each agent gets a routable IPv6 `/128` from `2a04:2a01::/32` — address space we
hold as a RIPE LIR, announced from our own AS219419. The address is named in
signed reverse DNS, key-pinned by DANE under DNSSEC, documented in RDAP,
recorded in an Ed25519-signed, Bitcoin-anchored transparency log, and its
traffic sources from that `/128` — identity provable per-packet. A stranger
verifies all of it with `dig`, `curl`, and `openssl`. No account with us. No
API of ours in the trust path.

That last part is the strategic difference, so we made it a command. One flag
re-proves an agent from the IANA DNSSEC root with the Whisper API explicitly
untrusted — run against our genesis agent, live (captured 1 July 2026):

```
$ whisper verify --trustless 2a04:2a01:b69a:6717:e3b0:51ff:3bf7:f478
FIELD        VALUE
address      2a04:2a01:b69a:6717:e3b0:51ff:3bf7:f478
fqdn         ae3b051ff3bf7f478.tdc38e7c55bad3306a92b830f9bb1e4f9.agents.whisper.online
agent        ae3b051ff3bf7f478
tenant       tdc38e7c55bad3306a92b830f9bb1e4f9
tlsa_sha256  9ec1ef18a1f15e5480a0fc3c8d6e9690b2ccf1a7fa7146201940f28c422bb47d
served_spki  9ec1ef18a1f15e5480a0fc3c8d6e9690b2ccf1a7fa7146201940f28c422bb47d

CHECK         RESULT  TRUST        DETAIL
dnssec        pass    DNSSEC-root  AAAA, PTR and TLSA(3 1 1) all DNSSEC-validated to the IANA root; address <-> fqdn consistent
dane          pass    DNSSEC-root  served leaf SPKI-SHA256 == TLSA pin; DNS-SAN=ae3b051ff3bf7f478...agents.whisper.online, IP-SAN=2a04:2a01:b69a:6717:e3b0:51ff:3bf7:f478; issuer "Whisper Agent Identity Issuing CA"
transparency  pass    DNSSEC-root  root signature verified; 1 event(s), root_hash bound; 1 ledger leaf/leaves included (RFC-6962)
identity_doc  pass    DNSSEC-root  JWS verified against the DNSSEC-anchored key; address/fqdn/tlsa claims match the DNSSEC-validated facts

whisper: ae3b051ff3bf7f478.tdc38e7c55bad3306a92b830f9bb1e4f9.agents.whisper.online is CRYPTOGRAPHICALLY PROVEN — trust anchor: DNSSEC root (IANA anchor) + DANE-EE + DNSSEC-anchored transparency/ledger keys -- Whisper API NOT trusted
```

A vendor whose product is a registry cannot ship that flag; removing themselves
from the trust path removes the product. We can, because what we sell is not
the vouching — it is the network, the address space, and the operations
underneath. Protocols, not gatekeepers; no platform lock-in by construction.
Every leg is reproducible keylessly with stock tools — the recipes are on
[/under-the-hood](/under-the-hood).

## The counters are small, and public.

We publish our own numbers because everything here is verifiable — including
how early we are. This is genesis, not a growth chart. What the counters prove
is that the whole stack is live in production, not a deck.

| Counter | Value (captured 1 July 2026) |
|---|---|
| Agents live | 3 — each a routable /128 identity |
| Identities minted | 4 — recorded in the public ledger |
| Lookups served, 24h | 13,971 — policy resolution, p99 < 1ms |
| Ledger entries | 64 — RFC-6962, Bitcoin-anchored |
| Security graph | 7.43B nodes · 39.8B relationships |
| Address space | `2a04:2a01::/32` on AS219419 |

Check them yourself: `curl -s https://whisper.online/checkpoint` for the signed
ledger head, or the live network at <https://agents.whisper.online/>.

## The moat is ground, not software.

Six assets, each slow to acquire, that only work as one system. Software gets
copied; standing on the internet is earned in years.

- **A RIPE LIR, and our own /32.** We hold `2a04:2a01::/32` as the LIR — 2^96
  agent identities of real, RIPE-registered address space. The registry chain
  from any agent's RDAP record ends at RIPE's record for our block, with no
  third party in between.
- **An autonomous system.** AS219419: RPKI-signed, MANRS-compliant, dual-homed
  BGP. Identity that is routable is identity that is provable per-packet — the
  packets themselves source from the agent's /128.
- **A custom DNS engine.** Our own authoritative + policy-resolver stack signs
  and serves zones while they mutate continuously — deterministic keys,
  byte-identical on both nameservers. Not BIND, not a rented SaaS. This is what
  lets an allocation fire a dozen standards atomically.
- **The security graph.** 7.43B nodes and 39.8B relationships mapping the live
  internet — who runs a host, is it safe, with the evidence chain. Every
  agent's resolver consults it before answering. Years of continuous
  collection, growing daily.
- **Trust that survives us.** Every identity claim is anchored outside Whisper:
  the IANA DNSSEC root, DANE pins, an Ed25519-signed transparency log anchored
  to Bitcoin. Competitors must ask to be trusted; we ship the proof that we
  don't have to be.
- **Operators, not tourists.** Built by people who have run root-of-the-internet
  infrastructure and kept it boring for decades. Internet-grade DNS, routing
  and registry operations are a craft acquired the slow way.

## The field, surveyed honestly.

Every approach below is real work by serious people. Each covers a slice; the
honest column is the one on the right — ours included.

| Approach | What it does | Who must be trusted | Where it stops short |
|---|---|---|---|
| **Cloudflare agent plays** (signed agents, Web Bot Auth, gateway) | Bot verification + egress at their edge | Cloudflare's registry | Verifiable only where Cloudflare terminates the connection; the issuer is the gatekeeper |
| **Payment-scoped tokens** (Visa, Mastercard agentic commerce) | Authority for an agent to pay | The payment network | Scoped to the transaction; nothing to verify outside the rails |
| **ANS, DNS-AID** | DNS-anchored agent naming | DNSSEC root | 2026 specs, name-based; no routable address, no egress plane, no operating deployment at scale |
| **W3C DID, Verifiable Credentials** | Portable cryptographic identity | The issuer | Resolution rides on issuer infrastructure; no binding to the network the agent actually speaks from |
| **SPIFFE, Entra Agent ID, Okta** | Workload / non-human identity | The org's platform | Stops at the trust-domain boundary; meaningless to strangers |
| **IETF Internet-of-Agents drafts** | Address-as-identity thesis | (proposed) DNSSEC root | Still drafts; no verification stack, no operator |
| **Whisper** | Address-as-identity on our own AS, provable by strangers with stock tools | The IANA DNSSEC root — not Whisper | IPv6-native (verification works from v4-only today; native reach uses our egress tiers); young — the genesis-scale counters above are ours |

## Standards chose this direction in 2026.

DNS-AID and the Agent Name Service both landed on the same thesis this year:
agent identity should be anchored in DNS and DNSSEC — the one globally
deployed, hierarchically delegated trust system the internet has. The IETF's
Internet-of-Agents drafts go further, toward the address itself. We didn't
lobby for that direction. We built it, and it is in production.

That makes Whisper the existence proof the standards conversation was missing:
an operator running address-anchored, DNSSEC-rooted agent identity on real
address space, verifiable end-to-end today. If name-based schemes win naming,
we publish those names too — they sit one CNAME above an address we already
prove. The primitives underneath — DNSSEC, DANE, RDAP, RFC 6962 — are the
internet's own, which is precisely why the direction of standardization runs
toward us, not around us.

## The market, framed without puffery.

The category is **agent networking and identity infrastructure** — the layer
every agent transaction crosses, priced per identity and per packet, not per
seat. The structural comparison is Cloudflare: own the network, make the right
thing the easy thing, and let the traffic growth of an internet era compound
through you. Agents are that era's traffic — already the majority of it.

Demand evidence, cited honestly: analysts already size adjacent
non-human-identity *access management* at
[USD 9.45B in 2024, growing to USD 18.71B by 2030 (MarketsandMarkets)](https://www.marketsandmarkets.com/PressReleases/non-human-identity-nhi-access-management.asp).
That figure is not our TAM — it measures enterprises' spend on governing
machine credentials *inside* their own walls, the layer above ours. We read it
as proof the question "which machine is this?" already carries a budget line,
before agents crossed into the traffic majority. The network layer that answers
it for *strangers*, across organizational boundaries, is unclaimed. That is the
land we hold.

## The pushbacks, answered.

- **"Won't Cloudflare just do this?"** Their answer is a registry they control,
  monetized at an edge they terminate. Removing yourself from your own trust
  path — our defining feature — dissolves that product. If they adopt
  address-anchored identity instead, they validate the layer we already
  operate. Either way, the LIR allocation, the AS, the RIR chain and a custom
  signing engine are years of standing, not a sprint.
- **"Three agents?"** Yes — and we print it, live, rather than a vanity number.
  The sequencing is deliberate: proofs before promotion. Distribution is
  already shipped — the MIT-licensed CLI in every major package channel, an MCP
  server, npm and PyPI SDKs, a twelve-tool `whisper init` family. See
  [/integrations](/integrations).
- **"IPv6 is a wall."** The identity is v6; the verification is
  transport-independent. `dig`, `curl`, RDAP and the ledger all answer from a
  v4-only network today. Agents on v4-only hosts reach their /128 through our
  tunnel and proxy tiers. The 128-bit address space is why per-agent identity
  is possible at all.
- **"You've bet everything on DNSSEC."** On the IANA root — the most public,
  most audited trust anchor in existence, with key ceremonies performed on
  camera. And it is not alone: issuance is independently recorded in an
  Ed25519-signed transparency log, anchored to Bitcoin via OpenTimestamps. Two
  legs, disjoint failure modes.
- **"What about abuse and revocation?"** Per-/128 attribution beats anonymous
  NAT pools: every packet names its agent, revocation is one call
  (`op:revoke`), and its effect is publicly provable via the signed status-list
  and DNS itself. The policy and SLA are on [/trust](/trust).
- **"Who watches the ledger?"** Today: it is tamper-evident, Ed25519-signed,
  DNSSEC-anchored, and Bitcoin-anchored — anyone can detect a rewrite.
  Independent witnesses are being recruited; we say exactly that, because the
  difference between "witnessed" and "witnessable" matters, and honesty about
  it is the product.

## Protocols, not gatekeepers.

Every prior internet era minted an infrastructure company at the layer where
trust had to live: certificates, CDNs, clouds. The agent era's trust question
is "which agent is this?" — and the durable answer is the one strangers can
verify without asking anyone's permission. We built that answer on address
space and an autonomous system we own, out of the internet's own standards, and
it is running. Skeptical? Good. Every claim on this page is checkable from your
terminal — start with `dig -x`.

---

- **Bring your agent home:** <https://console.whisper.security/sign-up>
- **Verify it yourself:** [/under-the-hood](/under-the-hood)
- **Zero trust for buyers:** [/trust](/trust)
- **Every shipped channel:** [/integrations](/integrations)
- **The live network:** <https://agents.whisper.online/>

© viaGraph B.V. (dba Whisper Security)
