Is Google about to break security for AI agents?

What am I talking about? Something deep in the security of the Internet that we all take for granted now is the humble padlock or “s” in “https”. This was called SSL (Secure Sockets Layer) in 1995 when it transformed the Internet into a commercial highway. We could finally trust the Internet with our credit cards and purchase books, then everything from A-Z, and Amazon was born. The rest you know.

Today, SSL has been deprecated and replaced by TLS (Transport Security Layer). That said, TLS still uses SSL certificates that are issued by Certificate Authorities (CAs) around the world. So, what is going on, and why is Google going to break AI?

Certificates made the Web

Certificates are typically used to prove that you are connected to the right server. For example, when you go to Amazon.com, you see the padlock icon that confirms it really is Amazon as they have the certificate to prove it. This is typical on the Web, where the client (your browser) connects to a server ( the website). 

However, certificates can also be used to prove to the webserver that you are who you say you are. I have seen this used, but the pain of getting certificates to people and web browsers cannot be underestimated (it is immense). When you ask for a certificate from a provider like “Let’s Encrypt,” that certificate can be used for either a server or a client. If you use Google for certificates, you get a server-only certificate, but you can ask for one that can be used for both. 

This, in the web-only world, all seems redundant. In fact, the Google Chrome team has said that they will no longer accept certificates from CAs that issue client certificates.

AI is not the Web but it is HTTP

This is likely not a problem on the Web, but what you, and probably the Google Chrome team, have not considered is that everything uses HTTPS, not just web browsers. AI agents use HTTPS, and when an agent talks to a server, the server might need to be sure that the agent is who it says it is, beyond just a simple API Key or OAuth. 

This is even more true when AI Agents talk to other AI Agents or MCP servers.  Strong, mutual TLS authentication would seem not just sensible but mandatory in these cases. 

If the Google Chrome team does not back off this threat to CAs, we will no longer have globally agreed-upon certificate authorities that we can say with confidence that everyone accepts.

Should I be worried?

This all comes down to trust. Trust is already an issue with AI implementations.

If we lose trust  in the interfaces between AI agents and MCP servers that interact with the real world, the AI transformation of industry will stall.

Are there workarounds? Yes, of course, but they are not widely agreed upon. This will lead to a fracturing of trust and we may never have unified certificate authorities for clients and servers again. Now, there may be a reason for this. Perhaps Google wants all AI agents to speak to them first or for all AI agents to run in GCP to be trusted. But I suspect it’s much more likely that the Google Chrome team simply has not thought of the global impact of  client-side CA certification and the massive impact it will have on systems beyond the Web.

We have overloaded everything with HTTPS. It is no longer just a Web protocol, so it should be freed from this control by the Google Chrome team.

More reading on the topic can be found here:-

https://letsencrypt.org/2025/05/14/ending-tls-client-authentication

https://googlechrome.github.io/chromerootprogram/

Call to action

Please forward this post to others and vote on the poll below, if you have an alternative view please comment.

https://bit.ly/mutual-tls-poll