The Era of Agentic Collaboration: Why AI Agents Need to Talk to Each Other (Not Just to APIs)

AgentTrust Team ·
The Era of Agentic Collaboration: Why AI Agents Need to Talk to Each Other (Not Just to APIs)
Agentic CollaboraitonAI AgentsA2A Protocolmcpagent to agent Collaboration

The Era of Agentic Collaboration: Why AI Agents Need to Talk to Each Other (Not Just to APIs)

We're entering a new phase in AI development. For the past two years, AI agents have been impressive tool users—calling APIs, querying databases, reading files. But that's not collaboration. That's automation with extra steps.

Real collaboration means agents talking to agents: negotiating, coordinating, deciding together. It means multi-turn conversations where one agent asks another for help, gets a partial answer, clarifies, then acts on the result. And it requires infrastructure we don't have yet.

Here's what's actually changing, why protocols like Google's A2A and Anthropic's MCP matter, and why the trust layer is still missing.

What One-Shot API Calls Actually Look Like

Most AI agents today operate like this:

1. Agent receives a task from a user

2. Agent calls an API (weather service, database, internal tool)

3. API returns data

4. Agent formats response for user

That's fine for simple tasks. But it breaks down when the task requires coordinated decision-making across multiple systems or specialized agents.

Example: A hiring agent needs to source candidates, schedule interviews, run background checks, and generate offer letters. Each step involves different systems, owned by different vendors, with different access controls. Today, that means:

  • Manual integrations for every tool
  • Hardcoded workflows that break when one system changes
  • No way for the background-check agent to negotiate scheduling with the interview agent

You end up with brittle pipelines that require constant maintenance. Not because the agents are dumb—because there's no standard way for them to collaborate.

What Agent-to-Agent Collaboration Actually Means

Real agent collaboration isn't just chaining API calls. It's multi-turn, stateful, and adaptive. Here's what that looks like:

Capability Discovery

An agent advertises what it can do. A recruiting agent says "I schedule interviews and check availability across calendar systems." A background-check agent says "I verify employment history and run compliance checks." When a hiring agent needs help, it discovers which agents can assist—without hardcoding integrations.

Task Negotiation

Agents don't just accept commands—they negotiate. The background-check agent might reply: "I can run compliance checks, but I need consent forms first. Can you provide those?" The hiring agent coordinates with a legal-document agent to generate the forms, then re-engages the background-check agent. This is a multi-turn workflow, not a one-shot API call.

Context Sharing

Agents maintain conversation state. If the interview agent schedules a candidate for Tuesday, but the candidate's timezone changes mid-conversation, agents can update each other without starting from scratch. They're not stateless request handlers—they're participants in an ongoing process.

Multi-Modal Communication

Not everything is text. An agent generating a video tutorial needs to send video. An agent analyzing financial data might return an interactive chart. Agents need to negotiate what format to use based on what the receiving agent (or user) can handle.

This is fundamentally different from REST APIs or webhooks. It's closer to how humans collaborate—clarifying, negotiating, adapting.

Google's A2A Protocol: The First Real Standard

In April 2025, Google launched the Agent2Agent (A2A) protocol and donated it to the Linux Foundation. It's the first industry-standard attempt to formalize agent-to-agent communication.

What A2A Actually Does

  • Agent Cards: Agents publish a JSON "card" describing their capabilities (like a resume for an AI agent)
  • Task Management: Communication is organized around "tasks" with defined lifecycles—not just request/response
  • Long-Running Tasks: Agents can work on tasks for hours or days, providing status updates throughout
  • Modality Negotiation: Messages include "parts" (text, image, video), and agents negotiate what formats they support

The protocol uses HTTP, Server-Sent Events (SSE), and JSON-RPC—standards most developers already know. That's intentional. A2A isn't trying to invent new transport layers; it's defining how agents communicate on top of existing infrastructure.

Real-World Use Case

Google's example from the A2A announcement: a hiring manager asks their agent to find software engineers with specific skills in a specific location. That agent queries a candidate-sourcing agent, which returns profiles. The hiring agent then talks to a scheduling agent to set up interviews. After interviews, a background-check agent is brought in.

Each of these agents is built by a different vendor, runs on different infrastructure, and has its own authentication. A2A makes them interoperable.

As of July 2025, Google announced over 150 organizations supporting A2A, including Adobe, ServiceNow, PayPal, SAP, Salesforce, and Intuit. Major consulting firms (Accenture, Deloitte, PwC) have also committed to building A2A-compatible agents for enterprise clients.

MCP: The Complementary Protocol

While A2A focuses on agent-to-agent collaboration, Anthropic's Model Context Protocol (MCP) solves a different problem: connecting agents to tools and data sources.

MCP is designed for developer-first simplicity. Want your agent to read files? There's an MCP server for that. Need access to a database? MCP makes it trivial. It's lightweight, easy to implement, and has seen rapid grassroots adoption—especially among indie developers.

A2A and MCP are complementary, not competitors:

  • MCP connects agents to tools (filesystems, APIs, databases)
  • A2A connects agents to other agents (negotiation, multi-turn workflows)

An agent might use MCP to access a company's HR database, then use A2A to negotiate with another agent about scheduling an interview based on that data.

Both protocols acknowledge the same truth: agents need structured ways to communicate beyond simple API calls.

The Trust and Identity Gap

Here's what neither A2A nor MCP fully solves yet: agent identity and trust.

When an agent asks another agent for sensitive data—like customer records, financial transactions, or security logs—how does the receiving agent verify:

  • Who is this agent? (not just which API key)
  • What is it authorized to do? (not just what it claims)
  • Can it be trusted? (has it been compromised? is it behaving anomalously?)

Right now, agents authenticate like service accounts—API keys, OAuth tokens, maybe mTLS certificates. But that's infrastructure identity, not agent identity. It tells you the request came from a valid server, not whether the agent is authorized to act on behalf of a user or make autonomous decisions.

What Agent Identity Actually Requires

Several organizations are working on this:

Decentralized Identifiers (DIDs): Cryptographically verifiable identities for agents, anchored on distributed ledgers. An agent's DID is tamper-resistant and doesn't rely on a central authority.

Verifiable Credentials (VCs): Third-party attestations about an agent. A compliance agent might have a VC from a security vendor certifying it's been audited for data handling. A financial agent might have a VC proving it's authorized to access transaction data.

"Know Your Agent" (KYA) Frameworks: Similar to Know Your Customer (KYC) for humans. These frameworks verify agent identity, track reputation, and provide audit trails. If an agent behaves suspiciously—say, exfiltrating data or issuing unauthorized commands—it gets flagged.

Why This Matters for Security

Agents operating autonomously can make high-stakes decisions: approving transactions, accessing customer data, modifying infrastructure. If agents can't verify each other's identities, you get:

  • Impersonation attacks: A malicious agent masquerading as a trusted one
  • Privilege escalation: An agent claiming permissions it doesn't have
  • Data leakage: Agents sharing sensitive data with unauthorized recipients

This is where AgentTrust fits in. While A2A and MCP handle communication protocols, AgentTrust provides runtime security validation. Before an agent processes external input—from another agent, a web page, an email—it can call the AgentTrust API to check for prompt injection, data exfiltration attempts, or instruction overrides.

Agent-to-agent collaboration is powerful. It's also a new attack surface. You need both the communication layer (A2A, MCP) and the security layer (AgentTrust, KYA frameworks) to make it work safely.

Why the Industry Needs Infrastructure (Not Just Protocols)

Protocols are important. But they're not enough.

Right now, if you want to build an agent that collaborates with other agents, you need to:

1. Implement the protocol (A2A, MCP, or both)

2. Set up authentication (API keys, OAuth, mTLS)

3. Handle authorization (who can access what)

4. Manage state (for long-running tasks)

5. Monitor behavior (detect anomalies, prevent abuse)

6. Audit actions (for compliance and security reviews)

That's a lot of infrastructure work. Most companies building agents don't want to become infrastructure providers—they want to ship features.

What the industry needs is platforms and services that abstract this complexity:

  • Agent discovery services: Find agents by capability, reputation, compliance status
  • Federated identity providers: Issue and verify agent credentials across organizational boundaries
  • Orchestration layers: Manage multi-agent workflows, handle retries, track state
  • Security validation services: Runtime protection against prompt injection and data exfiltration (this is where AgentTrust operates)
  • Audit and compliance tools: Track agent interactions for regulatory requirements

Google's Agentspace (launched alongside A2A) is a step in this direction—a marketplace where agents can discover and work with each other. But we're still in the early days.

What This Means for Developers and Decision-Makers

If you're building AI agents today, here's what to watch:

Short-Term (2026)

  • Start with MCP for tool integration: It's simple, well-documented, and works with Claude and other assistants today
  • Monitor A2A adoption: If your use case involves multi-agent workflows (especially across vendors), A2A is worth testing now
  • Don't ignore identity and trust: If your agents handle sensitive data or make autonomous decisions, you need more than API keys
  • Validate external inputs: Use tools like AgentTrust to detect prompt injection before agents process untrusted data (from other agents, web scraping, emails)

Medium-Term (2027+)

  • Expect consolidation: The industry will settle on one or two dominant protocols (or interoperability layers between them)
  • Plan for agent identity systems: DIDs, VCs, and KYA frameworks will become standard practice
  • Build for multi-agent orchestration: Agents won't work in isolation—your architecture needs to support coordination

Long-Term

  • Agent networks will mirror human organizations: Agents will specialize, collaborate, negotiate, and evolve roles over time
  • Trust will be the bottleneck: The companies that solve agent identity and reputation at scale will own the infrastructure

What We're Not Saying

Let me be clear about what this isn't:

  • This isn't inevitable: Agent-to-agent collaboration will only scale if the industry solves identity, trust, and security. If those problems persist, we'll see a lot of proof-of-concepts that never reach production.
  • This isn't solved yet: A2A and MCP are good starts, but neither addresses the full stack of what's needed. We're in the "dial-up internet" phase—standards exist, infrastructure doesn't yet.
  • This isn't just a Google or Anthropic problem: Every company building agents needs to care about this. If you're waiting for someone else to solve interoperability, you'll be waiting a long time.

The Bottom Line

AI agents are moving beyond simple tool use. The next phase—agent-to-agent collaboration—requires more than just better APIs. It requires:

  • Communication protocols (A2A, MCP) that support multi-turn, stateful workflows
  • Identity systems (DIDs, VCs, KYA) that verify agent authenticity and authorization
  • Security layers (AgentTrust, anomaly detection) that protect against new attack vectors
  • Infrastructure (orchestration, discovery, audit) that abstracts complexity for developers

Right now, we have early-stage protocols and fragmented tooling. The industry is figuring this out in real-time. If you're building agents that need to collaborate—whether that's across teams, vendors, or organizational boundaries—you're not alone in finding the current landscape messy.

But that's also the opportunity. The companies that solve agent collaboration, identity, and trust early will define how the next generation of AI systems work together.

We're not there yet. But we're closer than we were a year ago.

---

AgentTrust provides runtime security for autonomous AI agents, protecting against prompt injection, data exfiltration, and instruction override. If you're building agents that process untrusted data—from other agents, web scraping, or external APIs—AgentTrust helps you validate content before it reaches your agent's reasoning loop. Learn more at agenttrust.ai

← Back to all posts