Google Cloud has transferred its Agent2Agent (A2A) protocol to the Linux Foundation, marking a significant step toward standardized AI agent interoperability. The donation, announced on June 23, 2025, includes the protocol specification, SDKs, and tooling, now governed under the Linux Foundation’s Agent2Agent Project1. This move aims to address fragmentation in AI agent communication, with founding members including AWS, Cisco, Microsoft, and SAP2.
Technical Framework and Security Considerations
The A2A protocol standardizes three core functions: agent discovery, capability advertising, and task coordination. Agents expose their functionality through an AgentCard—a JSON metadata file hosted at /.well-known/agent.json—containing endpoints and supported actions3. Communication occurs via JSON-RPC 2.0 over HTTPS for synchronous operations and Server-Sent Events (SSE) for asynchronous updates. Security implementations mandate TLS encryption and JWT-based authentication for push notifications, addressing risks like rogue agent impersonation4.
Microsoft’s integration of A2A into Azure AI Foundry and Copilot Studio demonstrates cross-platform viability. A Semantic Kernel Python example shows how agents declare capabilities:
{
"name": "TravelManager",
"endpoint": "https://localhost:8080",
"capabilities": ["currency_conversion", "itinerary_planning"]
}Operational Impact and Threat Model
The protocol introduces new attack surfaces requiring scrutiny. AgentCards could be spoofed if proper JWT validation isn’t enforced, while SSE endpoints might leak task metadata. The Linux Foundation’s governance model includes AWS and Cisco as validators to mitigate supply chain risks5. Projections suggest A2A could drive $6 trillion in economic value by 2028, making it a high-value target for advanced persistent threats6.
| Risk Vector | Mitigation |
|---|---|
| AgentCard spoofing | Strict JWT validation with issuer checks |
| SSE data leakage | Event stream encryption |
| Task hijacking | Mutual TLS for all RPC calls |
Implementation Recommendations
Organizations adopting A2A should:
- Audit AgentCard endpoints for overly permissive CORS policies
- Monitor JSON-RPC call patterns for anomalous task delegation
- Enforce rate limiting on SSE channels to prevent DoS
Google’s reference implementation provides Python and JavaScript SDKs under Apache 2.0 license, with production deployments requiring TLS 1.37. The protocol’s design complements existing standards like Anthropic’s Model Context Protocol (MCP), focusing specifically on agent-to-agent rather than agent-to-tool interactions.
Conclusion
The A2A protocol donation represents a strategic shift toward open AI ecosystems. While enhancing interoperability, it necessitates rigorous security controls around agent authentication and task validation. The Linux Foundation’s stewardship provides neutrality, but organizations must implement additional safeguards against emerging threat vectors in multi-agent environments.
References
- “Google Cloud donates A2A protocol to Linux Foundation,” Google Blog, Jun. 23, 2025. [Online]. Available: https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation
- “Tech giants back A2A protocol for AI agents,” Techstrong.ai, Jun. 23, 2025. [Online]. Available: https://techstrong.ai/articles/google-donates-a2a-protocol-to-linux-foundation
- “Understanding A2A: The Protocol for Agent Collaboration,” Google Cloud Community Blog, Jun. 10, 2025. [Online]. Available: https://www.googlecloudcommunity.com/gc/Community-Blogs/Understanding-A2A-The-Protocol-for-Agent-Collaboration/ba-p/906323
- “Semantic Kernel adds A2A support,” Microsoft Foundry Blog, May 15, 2025. [Online]. Available: https://devblogs.microsoft.com/foundry/semantic-kernel-a2a-integration
- “Microsoft partners with Google on A2A protocol,” Technology Record, May 8, 2025. [Online]. Available: https://www.technologyrecord.com/article/microsoft-formalises-partnership-with-google-for-agent2agent-protocol
- “A2A Protocol GitHub Repository,” GitHub, 2025. [Online]. Available: https://github.com/google-a2a/A2A
- “The New Stack: Google donates Agent2Agent protocol,” The New Stack, Jun. 23, 2025. [Online]. Available: https://thenewstack.io/google-donates-the-agent2agent-protocol-to-the-linux-foundation
