In 1994, a Netscape engineer needed a way for web servers to remember visitors. His solution was a four-page proposal for a small piece of data stored in the browser. Cookies shipped in the next release. Other browsers adopted them. By 1997, the standards body trying to restrict third-party cookies gave up because the ecosystem had already formed around them.

In 2020, Google announced a multi-year project to replace cookies entirely. Six years and one abandoned initiative later, the cookie, a quick fix never meant to be permanent, outlasted the project designed to replace it.

That history matters right now because the same mechanism is operating again, faster, in the infrastructure layer where agents are being built.

Thirteen months

The Model Context Protocol was introduced in November 2024. Between March and April 2025, the other major AI labs followed. By December 2025, it had been donated to the Linux Foundation. Thirteen months from experiment to neutral governance. For comparison, TCP/IP went from first specification in 1974 to ARPANET mandate in 1983, and another decade beyond that to become the commercial internet's foundation.

The speed matters less than what's forming underneath: dependency.

One major infrastructure provider recently published a reference architecture for enterprise MCP deployment spanning engineering, sales, marketing, and finance. They had to build internal tooling to discover unauthorized MCP servers employees had spun up on their own. When you need shadow-IT detection for a protocol that's thirteen months old, something temporary has become load-bearing. The scaffolding is holding up floors.

The identity vacuum

The web never had a native identity layer. That vacuum filled gradually, without any single decision, as developers chose the path of least friction. Sign in with Google. Connect with Facebook. Millions of individual, reasonable choices aggregated into structural consolidation that nobody specifically designed.

Agent identity is on a similar trajectory. A Cloud Security Alliance survey found that only 23% of organizations have a formal enterprise-wide strategy for agent identity management. A separate CSA survey found that nearly three-quarters of respondents acknowledged that agents often receive more access than necessary. And in practice, the path of least friction is already visible: teams are sharing human credentials and access tokens with agents because no agent-native identity path exists. Agents sit in an identity gray area, accumulating access through borrowed credentials, and that borrowed arrangement is quietly becoming the architecture.

The pattern extends beyond infrastructure and identity. You can see it in how organizations structure agent oversight, and in how agents access and trust information sources. Different domains, same mechanism: temporary arrangements accumulating dependencies before anyone treats them as decisions.

How defaults become permanent

Path dependency looks like pragmatism while it's happening. Someone picks the available option. Someone else builds on it. Each choice is reasonable. The aggregate is a foregone conclusion that nobody specifically concluded.

The cookie took roughly three years to become irremovable. MCP's dependency graph is forming in months. The governance conversations happening now assume a window that is almost certainly shorter than the pace of those conversations suggests. Temporary infrastructure becomes permanent once everything else starts leaning on it, and by then quality has nothing to do with longevity. The defaults taking shape in your stack this quarter are the ones you'll be maintaining, explaining, and working around for years. By the time they feel permanent, the decision was already behind you.