10 minute read

“Standards don’t win by being technically superior. They win when every vendor’s alternative becomes more expensive than compliance.”

TL;DR

One year after Google proposed A2A, the protocol has 150+ supporting organizations (up from 50), v1.0 with OAuth 2.1 and multi-tenancy, SDKs in five languages, 22,000+ GitHub stars, and native integration in AWS Bedrock AgentCore, Azure AI Foundry, and Google Cloud. IBM’s competing ACP protocol merged into A2A. The Agent Payments Protocol (AP2) extends A2A to commerce with 60+ payments organizations including Mastercard, PayPal, and American Express. The protocol wars narrative was always wrong: MCP handles agent-to-tool (97M monthly SDK downloads), A2A handles agent-to-agent, and production systems use both. For the original comparison, see A2A vs MCP: the agent protocol standard wars. For MCP production patterns, see MCP in production.

Colored ethernet cables from different server racks converging into a single glowing junction box in a data center, representing protocol standardization

What this post updates

In March 2026, I wrote A2A vs MCP: the agent protocol standard wars when A2A had 150+ organizations but was still running v0.3 with limited SDK support. The framing back then: these protocols are complementary, not competing. That thesis held up. What changed is the scale of validation — three hyperscalers, a v1.0 specification, five production-ready SDKs, and an entire payments protocol built on top of A2A’s foundation. This post covers everything that happened since.

A2A then vs. A2A now

Dimension April 2025 (Launch) April 2026 (Now)
Organizations 50+ 150+
Version Draft spec v1.0 (production-stable)
SDKs Python only Python, JavaScript, Java, Go, .NET
GitHub stars ~5,000 22,000+
Cloud support Google Cloud only AWS Bedrock AgentCore + Azure AI Foundry + Google Cloud
Security Basic auth OAuth 2.1, signed agent cards, mutual TLS
Multi-tenancy None Native tenant scoping
Transport HTTP/JSON HTTP/JSON + gRPC + JSON-RPC 2.0
Governance Google-led Linux Foundation (8-company TSC)
Competing protocols IBM ACP (separate) ACP merged into A2A
Payments Not addressed AP2 protocol with 60+ organizations

That table tells the story of a protocol crossing the adoption chasm. The early version solved a real problem — agents needed a standard way to talk to other agents. The current version solves the enterprise procurement problem: vendor-neutral governance, multi-cloud support, and security features that pass a CISO review.

What v1.0 actually ships

A2A v1.0 is the first release the project calls production-stable. The changes from v0.3 are substantial enough that they introduced breaking changes — though Agent Cards remain backward-compatible, letting agents advertise support for both versions during migration.

OAuth 2.1 with modern flows. The implicit and password grant flows are gone. v1.0 requires PKCE for authorization code flows (RFC 7636) and adds Device Code (RFC 8628) for headless environments — agents running in containers without browsers. OAuth 2.1 deprecates everything that was insecure about OAuth 2.0, and A2A now requires it.

Signed Agent Cards. Every agent carries a cryptographic identity card signed with JWS (RFC 7515) and canonicalized with JSON Canonicalization Scheme (RFC 8785). Before v1.0, an agent’s self-reported capabilities were as trustworthy as a stranger’s resume. Signed cards let you verify both identity and capabilities before delegating work. This is agent-level zero trust.

Multi-tenancy. A single A2A endpoint can now host multiple agents with tenant isolation. Dedicated tenant fields in requests and AgentInterface specifications let enterprises run shared infrastructure without cross-contamination. Platform teams running internal agent marketplaces need this.

Three transport bindings. HTTP+JSON for simplicity, gRPC for performance-critical workloads with bidirectional streaming, and JSON-RPC 2.0 for compatibility with MCP’s transport layer. The gRPC binding matters most at scale — protocol buffers, connection multiplexing, and streaming reduce overhead for systems exchanging thousands of inter-agent messages per second.

Standardized error handling. Adoption of google.rpc.Status provides consistent error codes and metadata across all three bindings. Type safety improved with SCREAMING_SNAKE_CASE enums and member-based polymorphism replacing discriminator kind fields.

graph TD
    subgraph "A2A v1.0 Protocol Stack"
        direction TB
        SEC[Security Layer<br/>OAuth 2.1 + Signed Agent Cards + mTLS]
        DISC[Discovery Layer<br/>Agent Cards with cryptographic verification]
        TASK[Task Layer<br/>Delegation, monitoring, async results]
        TRANS[Transport Layer<br/>HTTP/JSON or gRPC or JSON-RPC 2.0]
    end
    subgraph "MCP Integration"
        TOOLS[Tool Layer<br/>Tools, Resources, Prompts via MCP]
    end
    SEC --> DISC --> TASK --> TRANS
    TASK -->|Each agent internally uses| TOOLS

The hyperscaler consensus

The strongest adoption signal is not the organization count. It is which organizations.

AWS added A2A support through Amazon Bedrock AgentCore Runtime. Bedrock agents can now discover and delegate to external A2A agents across organizational boundaries. AWS is acknowledging that multi-agent systems will span cloud providers.

Microsoft embedded A2A in Azure AI Foundry and Copilot Studio. The Microsoft Agent Framework — an open-source SDK for multi-agent systems — supports A2A, MCP, and AG-UI simultaneously. Foundry agents can call any A2A-protocol endpoint with explicit auth and structured call/response semantics. Microsoft’s approach is characteristically pragmatic: support everything, let customers choose.

Google maintains the deepest integration. The Agent Development Kit (ADK), Agent Engine, and Cloud Run all have native A2A support. Google originated the protocol and continues to drive reference implementations.

When all three hyperscalers integrate the same agent communication standard, the procurement conversation changes. Enterprise teams no longer need to justify choosing A2A over a proprietary alternative. The standard already won the procurement argument for them.

IBM’s ACP merger: the consolidation signal

IBM launched the Agent Communication Protocol (ACP) in March 2025 for its BeeAI framework. ACP took a different design approach: REST-first, developer-friendly, optimized for rapid prototyping. A2A leaned enterprise: gRPC, signed identity, formal capability negotiation.

Five months later, the teams aligned. In August 2025, IBM’s ACP merged into A2A under the Linux Foundation. Kate Blair from IBM Research joined the A2A Technical Steering Committee. Migration paths exist for ACP users. BeeAI now supports A2A natively.

Why this matters: when a credible competing protocol from a major vendor voluntarily merges into the winner, the standardization debate is settled. The horizontal agent communication layer has a single standard. Teams still debating which protocol to use for inter-agent communication are debating a question the industry already answered.

The payments extension: AP2

The most surprising development is not technical — it is commercial. Google announced the Agent Payments Protocol (AP2) alongside A2A’s one-year milestones. AP2 is an open protocol for agent-initiated payments that extends both A2A and MCP.

Over 60 organizations are shaping AP2, including Adyen, American Express, Ant International, Coinbase, Etsy, Intuit, JCB, Mastercard, PayPal, Revolut, Salesforce, ServiceNow, UnionPay International, and Worldpay.

AP2 establishes a payment-agnostic framework: agents can initiate transactions regardless of payment method, provider, or geography. The protocol handles authorization, confirmation, and settlement semantics.

Most standardization efforts take years to reach commercial validation. HTTP existed for years before SSL/TLS made e-commerce viable. A2A already has its payments extension. When Mastercard and PayPal invest engineering resources in building on top of your protocol, the adoption question is answered.

The real architecture: A2A + MCP together

The protocol wars framing was never accurate. MCP and A2A operate at different layers. Here is how they compose in a production system:

graph TD
    USER[User Request] --> ORCH[Orchestrator Agent]
    
    subgraph "A2A Layer — Agent Coordination"
        ORCH <-->|A2A: discover + delegate| RESEARCH[Research Agent]
        ORCH <-->|A2A: discover + delegate| ANALYSIS[Analysis Agent]
        ORCH <-->|A2A: discover + delegate| WRITING[Writing Agent]
        RESEARCH <-->|A2A: sub-delegate| FACTCHECK[Fact-Check Agent]
    end
    
    subgraph "MCP Layer — Tool Access"
        RESEARCH <-->|MCP| SEARCH[(Web Search)]
        RESEARCH <-->|MCP| DB[(Vector DB)]
        ANALYSIS <-->|MCP| COMPUTE[(Analytics API)]
        WRITING <-->|MCP| DOCS[(Document Store)]
        FACTCHECK <-->|MCP| SOURCES[(Source Archive)]
    end
    
    ORCH --> RESPONSE[Synthesized Response]

The orchestrator uses A2A to discover specialist agents, negotiate capabilities, and delegate tasks. Each specialist uses MCP to connect to its tools. Results flow back through A2A. The user sees a single response.

Both protocols live under the Linux Foundation’s Agentic AI Foundation (AAIF), co-founded by Anthropic, Google, OpenAI, Microsoft, AWS, and Block. The AAIF explicitly positions them as complementary layers in a shared stack. The founding projects — MCP (Anthropic), A2A (Google), goose (Block), AGENTS.md (OpenAI) — cover different concerns without overlap.

Gartner predicts 40% of enterprise applications will embed task-specific AI agents by end of 2026, up from less than 5% in 2025. At that density, agent-to-agent communication shifts from optional to unavoidable. The teams deploying agents today are building on both protocols because the question is not which one wins — it is which layer each one handles.

What practitioners should do differently now

Compared to the original post, the guidance has sharpened:

Default to A2A for any new multi-agent system. The debate is over. 150+ organizations, all three hyperscalers, v1.0 with enterprise security. Building a custom inter-agent protocol is now indefensible technical debt.

Target v1.0, not v0.3. The breaking changes in v1.0 are intentional cleanup — better type safety, modern OAuth, standardized errors. Agent Cards are backward-compatible, so you can migrate incrementally. But new projects should start on v1.0.

Pick your SDK language. Python remains the most mature SDK. JavaScript, Java, Go, and .NET are all production-ready. Choose based on your team’s strengths, not the protocol’s origin story.

Plan for AP2 if agents handle money. If your agents book travel, process invoices, manage subscriptions, or trigger any financial transaction, AP2 is the protocol to watch. It is early — 60+ organizations shaping the spec — but the participant list (Mastercard, PayPal, American Express) signals this will be the standard path for agent commerce.

Use the DeepLearning.AI course. A free course on A2A is available from DeepLearning.AI. For the general patterns behind agent communication, see agent communication protocols.

Key takeaways

  • 150+ organizations in one year. A2A grew from Google proposal to Linux Foundation standard with AWS, Microsoft, Google, IBM, Salesforce, SAP, and ServiceNow on the Technical Steering Committee.
  • v1.0 is production-stable. OAuth 2.1, signed agent cards, multi-tenancy, three transport bindings (HTTP, gRPC, JSON-RPC), five language SDKs.
  • All three hyperscalers integrated. AWS Bedrock AgentCore, Azure AI Foundry, Google Cloud — the multi-cloud story is real.
  • IBM’s ACP merger settled the standard question. There is one protocol for agent-to-agent communication. The horizontal layer is standardized.
  • AP2 extends A2A to payments. 60+ organizations including Mastercard and PayPal. Agent commerce has a protocol before most agents handle money.
  • A2A + MCP is the production stack. Different layers, same system. The protocol wars were a media narrative, not an engineering reality.

Further reading

Want to work together?

I take on projects, advisory roles, and fractional CTO engagements in AI/ML. I also help businesses go AI-native with agentic workflows and agent orchestration.

Get in touch

Related across topics