A2A Protocol: How AI Agents Talk to Each Other

A2A Protocol - Agent-to-Agent communication standard for AI interoperability

Your AI coding assistant can now query databases, read files, and call APIs thanks to MCP. But what happens when that assistant needs help from another AI agent — a security reviewer, a testing specialist, or a deployment orchestrator?

That is exactly the problem the Agent2Agent (A2A) protocol solves. Launched by Google in April 2025 and now donated to the Linux Foundation, A2A is the open standard that lets AI agents discover each other, delegate tasks, and collaborate — regardless of which framework or vendor built them.

Why Agents Need Their Own Protocol

MCP solved the agent-to-tool problem. An AI agent can connect to GitHub, Slack, or a database through a universal interface. But MCP treats every connection as a tool call — it assumes one agent controlling passive resources.

Real-world AI workflows are different. You need a research agent to gather data, a financial agent to analyze it, and a reporting agent to synthesize everything into a document. These agents are not passive tools. They are autonomous systems with their own capabilities, state, and decision-making logic.

Before A2A, connecting agents meant custom integrations for every pair. Agent A speaks LangChain. Agent B runs on CrewAI. Agent C is a proprietary enterprise system. Getting them to collaborate required building bridges between each framework — bridges that broke every time one side updated.

A2A eliminates this fragmentation by providing a single protocol for agent-to-agent communication, the same way HTTP standardized web communication decades ago.

How A2A Works

The protocol is built on familiar web standards: HTTP/HTTPS transport, JSON serialization, and Server-Sent Events (SSE) for real-time streaming. Version 0.3 also adds gRPC support for high-throughput scenarios.

Agent Cards: Machine-Readable Identity

Every A2A-compliant agent publishes a JSON document at /.well-known/agent.json. This Agent Card declares who the agent is, what it can do, and how to authenticate:

{
  "name": "Code Review Agent",
  "description": "Reviews pull requests for security vulnerabilities and code quality",
  "url": "https://api.example.com/agent",
  "version": "1.0.0",
  "authentication": {
    "schemes": ["OAuth2", "Bearer"]
  },
  "capabilities": {
    "streaming": true,
    "pushNotifications": true
  }
}

Client agents query these cards to evaluate compatibility before delegating work. No hard-coded integrations needed — discovery happens dynamically at runtime.

Task Lifecycle

A2A defines six states for managing work:

submitted — task accepted, queued for processing
working — active processing with optional streaming updates via SSE
input-required — agent paused, requesting additional data or human authorization
completed — successful finish with typed artifact results
failed — error termination with detailed diagnostics
cancelled — terminated by client or server

The input-required state is particularly important. It allows agents to request human-in-the-loop intervention without breaking the workflow — an agent can pause, ask for approval, and resume once authorized.

Communication Flow

Task submission uses standard HTTP endpoints:

Endpoint	Method	Purpose
`/.well-known/agent.json`	GET	Discover agent capabilities
`/tasks/send`	POST	Submit a task (synchronous)
`/tasks/sendSubscribe`	POST	Submit with SSE streaming updates
`/tasks/<id>`	GET	Poll task status

Results return as typed artifacts with MIME types and metadata, supporting inline data and external storage references. This means agents can exchange text, JSON, files, images, or any other content type without payload bloat.

A2A + MCP: The Complete Agent Stack

These two protocols are not competitors — they are complementary layers:

MCP connects agents to tools and data (databases, APIs, file systems)
A2A connects agents to other agents (delegation, collaboration, orchestration)

In a sophisticated system, both coexist. An orchestrator agent uses A2A to delegate a research task to a specialist agent. That specialist agent internally uses MCP to connect to web search tools and document databases. The results flow back through A2A as typed artifacts.

Think of it this way: MCP is the agent's hands (how it interacts with the world). A2A is the agent's voice (how it coordinates with peers).

Real-World Architecture

Here is what a multi-agent enterprise workflow looks like with A2A:

Customer support escalation:

A triage agent receives a customer request via A2A
It queries an Agent Card registry to find a billing specialist agent
It delegates the billing investigation via /tasks/send
The billing agent uses MCP internally to query the payment database
If the issue requires a refund, it delegates to a refund processing agent via A2A
Each agent reports status through SSE streaming
The triage agent synthesizes all artifacts into a customer response

Development pipeline:

An orchestrator receives a code change notification
It delegates code review to a security agent via A2A
Simultaneously delegates testing to a QA agent
Both agents use MCP-connected tools internally
Results flow back as artifacts (review comments, test reports)
The orchestrator makes the merge decision based on combined results

Security Model

A2A inherits web security standards rather than inventing new ones:

OAuth 2.0, API keys, and service account tokens for authentication
Mandatory HTTPS/TLS for transport encryption
Per-agent credentials for cross-organization workflows, avoiding confused deputy problems
HTTP-based audit trails that integrate with existing SIEM and logging infrastructure

Each agent operates with its own identity and permissions. When Agent A delegates to Agent B, Agent B uses its own credentials to access resources — not Agent A's. This prevents privilege escalation across agent boundaries.

Ecosystem Adoption

A2A launched with over 50 technology partners including Salesforce, SAP, ServiceNow, Workday, Atlassian, MongoDB, LangChain, and CrewAI. Major consultancies — Deloitte, Accenture, McKinsey, PwC — are building enterprise implementations.

The protocol was donated to the Linux Foundation's Agentic AI Foundation in December 2025, alongside MCP, cementing both as vendor-neutral industry standards.

SDK support is available in Python and Node.js, with community implementations emerging for Go, Rust, and Java.

Current Limitations

A2A is still maturing. Key gaps include:

No centralized registry — teams manage their own agent directories for now
No standard versioning mechanism for capability changes across Agent Cards
No billing integration — pricing declarations exist in Agent Cards but lack standardized metering
Distributed tracing requires manual correlation by task ID

These are infrastructure problems, not protocol problems. As adoption grows, expect registries, observability tools, and billing layers to emerge — similar to how the Docker ecosystem built registries and monitoring around container standards.

Getting Started

If you are building multi-agent systems, A2A adoption is straightforward:

Expose an Agent Card at /.well-known/agent.json describing your agent's capabilities
Implement task endpoints (/tasks/send, /tasks/sendSubscribe) using the JSON-RPC format
Return typed artifacts with proper MIME types
Add SSE streaming for long-running tasks

The Python SDK provides a reference implementation:

from a2a.client import A2AClient
 
client = A2AClient("http://code-review-agent:8000")
task = await client.send_task({
    "message": {
        "role": "user",
        "content": "Review PR #142 for security issues"
    }
})
 
async for update in client.subscribe(task["id"]):
    print(update)

The Bigger Picture

MCP gave AI agents hands to interact with tools. A2A gives them the ability to collaborate with peers. Together, they form the communication backbone of the agentic AI era — where software is not a single monolithic application but a network of specialized agents coordinating in real time.

For developers and enterprises in the MENA region building AI-native systems, understanding these protocols is not optional. They are becoming the HTTP and TCP/IP of the agent economy. The organizations that adopt them early will have the architecture to scale when multi-agent workflows become the default — not the exception.