The five layers, mapped

If you draw the agentic web on a whiteboard you draw five layers. Identity. Commerce. Observability. Provenance. Discovery. The big platforms have shipped rails into each one. The tooling that sits above those rails, the part developers and mid-market teams need to actually integrate, is uneven across all five. Three of the layers have a gap that closes inside twelve months. Two of them are deeper plays that close on a twelve-to-twenty-four-month horizon.

This essay walks the five, names what is shipping, names what is missing, and calls which gap closes first.

A clarification before we start. By "layer" I do not mean a strict architectural stack where one sits on top of another. I mean a category of work the agentic web has to do for itself, and the tooling category that has formed around it. Some layers depend on others. None of them are clean lines. The point of the map is not topological precision. The point is to see, when you stand back, which corners are crowded and which are empty.

Layer 1 — Identity

What is shipping. The W3C DID Core spec is at v1.0 and v1.1 is in flight. The FIDO Agentic Auth working group formed in February 2026 after Google donated AP2 to FIDO. The EU Digital Identity Wallet, EUDI, becomes legally enforceable in member states on August 2 2026. The IETF has a draft Agent Identity Protocol, AIP. WebAuthn has evolved into passkeys-as-default in every mainstream browser. Anthropic's MCP servers carry agent identity at the connection layer but do not yet standardize it. Stripe Connect routes identity for agent transactions through its existing merchant trust framework.

What is missing. There is no canonical cross-walk between W3C DIDs, FIDO Agentic Auth, and EUDI. An agent that holds a DID in the W3C model has no automatic equivalent in EUDI, and vice versa. There is no portable agent identity that survives switching from one foundation model provider to another. There is no reputation or trust score that travels with an agent across services. There is no per-agent capability attestation in any standard form, so a merchant accepting an agent transaction cannot programmatically verify what the agent is allowed to do beyond what the mandate itself says. There is no identity revocation mechanism that propagates within hours rather than weeks.

The identity layer is the deepest of the five. It opens the widest and closes the slowest, because three regulatory bodies and four working groups have to agree on the cross-walk before the SDK becomes obvious. The first-mover on the SDK that bridges DID, FIDO, and EUDI owns this layer for the decade.

Layer 2 — Commerce

What is shipping. A lot. The x402 micropayment protocol crossed 165 million transactions in May 2026 at 31 cents average ticket, almost all agent-to-API. OpenAI's Agentic Commerce Protocol is live in Etsy with one million Shopify merchants in the integration pipeline, and ChatGPT is taking four percent on every transaction it routes through Instant Checkout. Google donated AP2 to the FIDO Alliance in April, co-developed with Mastercard, with sixty contributing organizations. Mastercard's Verifiable Intent is in production. Stripe shipped its Agentic Commerce Suite at Sessions in May. PayPal adopted ACP. Visa is running its Trusted Agent Protocol pilot. Alipay launched its AI Wallet plus Token Pay protocol across eighty million accepting merchants.

What is missing. Refund and dispute primitives. Every protocol named above ships the buy flow and defers returns to merchant policy. A $400 agent purchase that needs to be reversed has no standardized workflow, no chargeback codes that match the rail, no audit trail that survives a payment-processor inquiry. Mandate scope verification at the protocol level is incomplete — the spec describes the mandate but operators have to roll their own scope-check logic, which means some operators do it well and many do it badly. Budget governance is missing as a category. Cross-protocol routing for a merchant who accepts ACP-initiated checkouts from ChatGPT, AP2 mandates from Gemini, and x402 micropayments from custom agents at the same time is a hand-rolled problem at every implementation we have seen.

The commerce layer is the loudest of the five. It is also the one closing fastest at the platform level, with the result that the gap above is closing faster than people realize.

Layer 3 — Observability

What is shipping. Langfuse for open-source LLM observability. LangSmith as the commercial complement to LangChain. Arize for enterprise-grade. Phoenix as Arize's OSS layer. Braintrust as the eval-focused entrant favored at several frontier labs. Weights and Biases Weave. A dozen smaller tools that mostly wrap the same OpenTelemetry primitives with vendor-specific dashboards.

Helicone went into maintenance mode in March 2026. That detail matters more than it looks. Helicone was the developer-friendly, cheap entrant in the observability category. Its retreat from active development is the canary on category instability at the price point that matters most to the long-tail developer Major Labs serves.

What is missing. Per-customer cost attribution at the agentic level. When an agent calls Anthropic on behalf of customer A and OpenAI on behalf of customer B, the bill arrives in two places and the operator has to reconcile manually. Loop detection of the $1.6 million weekend pattern, where an agent gets stuck calling itself and burns tokens unsupervised, exists nowhere as a drop-in primitive. Spend velocity anomaly detection (Stripe Radar for tokens) does not exist. Cross-vendor observability that shows Anthropic, OpenAI, Google, and self-hosted models in one frame is solved badly by every incumbent. Production agent trace audit standards do not exist beyond a few research papers.

The observability category is crowded but unstable. The thing nobody has shipped is the governance primitive sitting one layer above the dashboards.

Layer 4 — Provenance

What is shipping. The Content Authenticity Initiative's C2PA spec is at v2.4. Adobe embeds content credentials in Photoshop and Premiere. Microsoft signs content for Bing AI and Copilot output. WordPress has C2PA plugins, though adoption is patchy. Truepic and Numbers Protocol offer independent verification services. Google's SynthID watermarks AI-generated images. OpenAI's content moderation API flags synthetic media at the API edge. The EU AI Act formally requires synthetic media disclosure starting August 2 2026.

What is missing. Provenance for AI-generated text. Images are far more mature than text in this layer. A photograph carries a C2PA manifest; a paragraph of LLM-generated copy does not, in any standardized way. Per-CMS C2PA implementations are limited — WordPress has some coverage, Shopify has almost none, Webflow has none, custom Rails and Django sites have none. Synthetic media disclosure receipts that hold up in a regulatory inquiry, not just as embedded metadata that gets stripped on copy, do not exist as a category. Cross-platform verification for a video that traveled across five platforms is a hand-rolled forensic exercise.

Provenance closes in bursts. The August 2 EU AI Act enforcement date is a catalyst that pushes per-CMS implementations from "nice to have" to "audit risk" overnight. The next twelve months reprices the provenance category around regulatory compulsion rather than aesthetic preference.

Layer 5 — Discovery

What is shipping. Anthropic's Model Context Protocol has five thousand eight hundred plus public servers, growing weekly. OpenAPI specs are increasingly written for agent consumption rather than human reading. The llms.txt convention has emerged for content publishers but adoption is shallow. Google AI Overviews absorbs roughly a third of consumer queries. ChatGPT, Perplexity, and Gemini all cite differently and the overlap between any two of them and Google's organic ranking is small. Developer-facing AI search, Brave Search AI, Kagi AI, Phind, is consolidating around a few patterns.

What is missing. Quality signals for MCP servers. There are five thousand eight hundred plus servers and 36.7 percent of them have basic SSRF vulnerabilities by the most recent scan. Developers pick by GitHub star count. There is no maintenance status, no load benchmark, no compatibility matrix. Citation tracking for the AI-overviews era does not exist below one thousand dollars a month. Publishers watch organic traffic collapse and have no tool to measure what they are losing or which prompts they are losing it to. Discovery economics, the cost-per-agent-view versus cost-per-organic-search, is opaque. There is no schema for "this is what my service offers an agent" that goes beyond OpenAPI.

The discovery layer is where the pain is most acute right now and where the data is most collectable. That combination is unusual.

Which gap closes first

The first is acute pain. Publishers are watching organic traffic collapse this quarter, not next year. Developers are picking MCP servers with no signal beyond GitHub stars and the consequence is shipping production agents on top of vulnerable infrastructure. The buyers exist today and have already opened their wallets — they are just paying the wrong vendors for the wrong measurement.

The second is data collectability. Scanning five thousand eight hundred MCP servers for security posture is a weekend of work, not a six-month project. Running citation queries across ChatGPT, Perplexity, and Gemini for a defined keyword set is a script that runs every Tuesday. The discovery category does not require operator partnerships or production telemetry. It requires a scanner and an API budget.

The third is brand fit. A discovery-layer report is the cleanest citation magnet in the agentic stack. Nobody is going to argue with our claim that 36.7 percent of public MCP servers have SSRF vulnerabilities, because the scan code is open and the methodology is public. The report becomes the canonical reference. The canonical reference becomes the brand.

That is why the first two products Major Labs ships are AEO Citation Tracker and MCP Quality Registry, both in the discovery layer. The first State of report is State of MCP Security, also discovery. The brand is built on the layer with the shortest path to revenue and the cleanest path to credibility.

Commerce closes second, in late 2026. The AP2 and FIDO machinery is grinding. The spec will be the spec by Q4. BudgetGuard and MandateKit ship into that closure. The window for the canonical mandate verifier SDK is between AP2 finalization and the first major commercial AP2 rollout. That is a six-to-nine-month window.

Observability closes third, slowly. The category is crowded and unstable. Helicone's retreat to maintenance mode is a signal that the category needs a governance primitive more than another dashboard. BudgetGuard's spend-velocity and loop-detection features are aimed at exactly that gap, but the buyer in the observability category is more cautious than the buyer in discovery, and the sales cycle is longer.

Provenance closes in a burst around August 2 2026 and then keeps closing slowly. The EU AI Act enforcement is the trigger. The per-CMS C2PA implementation gap becomes a regulatory risk overnight. Major Labs is not shipping into provenance in 2026, but the category is on our research roadmap for 2027.

Identity closes last, deepest, and over the longest horizon. The DID-FIDO-EUDI cross-walk is a 2027 problem and a 2028 product. Major Labs Identity ships in Q1 2027 deliberately, because the brand needs to mature on the discovery and commerce layers before operators trust us to broker their agent identity. Ship the registry too early and it lands into nothing. Ship it at the right moment and it becomes the default reference.

That is the order. Discovery, commerce, observability, provenance, identity. Twelve months for the first two, eighteen for the next, twenty-four-plus for the last. Major Labs builds in that order because the research compounds in that order, and because the buyers do.

The next essay goes deep on discovery: the actual scan methodology, the categories of MCP server vulnerability, what an AEO citation tracker measures that Google Search Console does not, and the pricing economics of measurement tools for the AI-overviews era.

See you Tuesday.

— Charlie