Last week, AWS launched Agent Registry — a centralized catalog for discovering and governing AI agents across Bedrock AgentCore. The week before, Microsoft had Entra Agent Registry. Google has Vertex AI Agent Registry. All three solve the same problem. All three create a new one.
Forrester analysts noted in their analysis of the AWS launch that enterprises adopting AWS, Microsoft, and Google registries in parallel could end up recreating the very fragmentation these tools are meant to solve.
They are right. And the mechanism is straightforward.
The Problem With Platform-Bound Registries
AWS Agent Registry solves agent sprawl inside AWS. An agent registered in Bedrock is discoverable to other Bedrock users. Its ownership, protocols, and capabilities are catalogued. Governance is enforced. This is genuinely useful.
But the moment Agent A (running on Bedrock) needs to interact with Agent B (running on Azure), the registry is invisible. Agent B does not appear in AgentCore. Agent A's identity is not verifiable from the Azure side. The governance layer ends at the cloud boundary.
This is not a criticism of AWS — Microsoft and Google face the identical limitation. Platform-bound identity is the architectural constraint, and it applies equally to all three.
The result: enterprises running multi-cloud agent deployments — which is most enterprises — need three separate registries, none of which speak to each other. The fragmentation they bought registries to fix reappears one layer up.
What Cross-Boundary Agent Governance Actually Requires
The problem is not that registries exist. The problem is that identity and trust are encoded inside them rather than traveling with the agent.
An agent that carries its own cryptographically verifiable identity — independent of which cloud it runs on — can be verified by any counterparty without consulting a proprietary registry. The trust signal travels with the agent. The governance layer works across boundaries by construction.
This is what W3C Decentralized Identifiers (DIDs) and Verifiable Credentials provide. AEGIS, Forrester's framework for agentic AI security, identifies decentralized identifiers explicitly as a required standard in Section 3.2 — alongside OAuth, OIDC, and SCIM. Not as an alternative to registries, but as the identity foundation that makes cross-boundary governance possible.
MolTrust as the Cross-Boundary Layer
MolTrust is a production W3C DID registry for autonomous AI agents. Every registered agent holds a did:moltrust identity — cryptographically verifiable by any W3C-conformant verifier, without calling AWS, Microsoft, or Google.
The trust score travels with the agent. The Agent Authorization Envelope (AAE) carries the permission model — what the agent is allowed to do, in which jurisdictions, up to which spend thresholds. The Interaction Proof Records provide the behavioral history, anchored permanently on Base L2.
An agent registered in Bedrock and verified by MolTrust carries credentials that an Azure-hosted counterparty can validate independently. The two registries don't need to federate. The identity layer is already shared.
This is the difference between solving agent sprawl and solving registry sprawl.
| Capability | Platform Registry | MolTrust (W3C DID) |
|---|---|---|
| Internal discovery | Yes | Via DID resolution |
| Cross-cloud verification | No | Yes — any W3C verifier |
| Portable trust score | No | Yes — travels with agent |
| Behavioral history | Vendor-scoped | On-chain (Base L2) |
| Permission model | IAM-bound | AAE (portable) |
| Cascade revocation | Within platform | Cross-boundary (MoltID) |
The Practical Path
Platform registries and open identity infrastructure are not competing — they address different layers of the same problem. AWS Agent Registry answers "what agents exist inside our organization." MolTrust answers "who is this agent and can I trust it" — regardless of where it was registered.
Enterprises that deploy both get internal discoverability from the platform registry and cross-boundary verifiability from the open identity layer. Enterprises that deploy only platform registries will eventually hit the federation problem Forrester already identified.
The registry sprawl problem has a structural solution. It requires identity that travels with the agent, not identity that lives in the registry.
Solve registry sprawl today
Add cross-boundary agent verification to your multi-cloud stack.
Developer Quickstart → Enterprise OnboardingFull technical specification: moltrust.ch/techspec · Reference implementation: api.moltrust.ch · Contact: info@moltrust.ch