AI Trends

AI Agents Need a Common Language: Inside the Protocol Wars

AIReadyFit Team15 min read

Every major technology platform shift produces a protocol war. HTTP versus Gopher. TCP/IP versus OSI. REST versus SOAP. USB versus FireWire. The pattern repeats with mechanical consistency: competing standards emerge, fragmentation taxes every participant in the ecosystem, and eventually one protocol — or a small set of complementary ones — consolidates the market. The winner is rarely the most technically elegant. It is the one that reduces friction faster than the alternatives.

The AI agent ecosystem has entered its protocol war. And the stakes are higher than most participants realize.

In the span of sixteen months, the industry has produced at least six competing or complementary agent communication standards: Anthropic's Model Context Protocol, Google's Agent-to-Agent Protocol, Microsoft's Agent Framework, the Agent Network Protocol, Huawei's A2A-T for telecom, and a growing collection of lighter-weight proposals like AGENTS.md. Standards bodies from NIST to IETF to W3C have launched working groups. The Agentic AI Foundation formed in December 2025 under the Linux Foundation, with platinum members including Anthropic, OpenAI, Google, Microsoft, AWS, Block, Bloomberg, and Cloudflare.

Underneath the alphabet soup of acronyms is a real problem. The agent market is projected to grow from nearly $8 billion in 2025 to $52 billion by 2030. LangChain has 128,000 GitHub stars. CrewAI has 44,000. Salesforce Agentforce hit $800 million in annual recurring revenue. Microsoft Copilot has 15 million paid seats. Every major cloud provider, enterprise software vendor, and AI lab is shipping agents. But those agents cannot talk to each other. They cannot share tools, delegate tasks across organizational boundaries, or compose into multi-agent workflows without custom integration code that breaks every time a vendor updates its API.

The protocol war is not about which standard is best. It is about whether the agent ecosystem can standardize fast enough to unlock the value that fragmentation is currently destroying.

The Interoperability Problem Is Already Expensive

Building an AI agent today means choosing a framework, committing to its tool-calling conventions, and accepting that your agent will be isolated from agents built on other frameworks. This is not a theoretical concern. It is a measured cost.

A 2026 survey by Andreessen Horowitz found that 81 percent of enterprises now use three or more model families. Each provider has its own tool-calling format, its own agent API, its own way of handling context, memory, and task delegation. Integrating a LangChain agent with a Salesforce Agentforce workflow requires custom middleware. Connecting an OpenAI Assistants agent to a Google ADK agent requires translation layers that no one has standardized.

The fragmentation resembles the early web era — when every browser rendered HTML differently, every email client used incompatible protocols, and every database vendor implemented SQL with proprietary extensions. The cost was not visible in any single integration. It accumulated across thousands of integrations, slowing adoption, increasing development costs, and creating lock-in that benefited incumbents at the expense of the ecosystem.

Agent memory systems illustrate the problem concretely. Mem0 provides agent memory as a service. Letta offers long-term memory for agents. Neither is interoperable with the other, or with the memory systems built into LangChain, CrewAI, or any of the major cloud agent platforms. An agent that builds context over time in one system starts from scratch when it needs to collaborate with an agent in another system.

The enterprise agent market — currently valued at nearly $8 billion — cannot reach its projected $52 billion scale without solving this. Enterprises will not deploy multi-vendor agent systems if each integration requires custom engineering. They will consolidate on a single vendor's stack, which limits the agent ecosystem to the capabilities of that vendor.

MCP: The First Standard That Stuck

The Model Context Protocol began as an internal Anthropic project to solve a specific problem: giving Claude access to external tools and data sources without building custom integrations for each one.

Anthropic open-sourced MCP in November 2024 as a JSON-RPC 2.0-based protocol with two transport options — stdio for local processes and Streamable HTTP for remote services. The specification defines how an AI model discovers available tools, understands their parameters, invokes them, and processes results. An MCP server exposes capabilities. An MCP client — typically an AI assistant — connects, discovers what is available, and uses it.

The protocol's adoption curve has been extraordinary. Within sixteen months of launch, MCP SDK downloads exceeded 97 million per month. The community built thousands of MCP servers — Anthropic claims more than 10,000, though independent registries count between 1,400 and 5,500 — covering databases, APIs, file systems, development tools, communication platforms, and enterprise software. What started as an Anthropic-specific protocol became an ecosystem standard.

The adoption inflection came in March 2025 when OpenAI integrated MCP support into its Agents SDK. ChatGPT's desktop application added MCP support in September 2025. Google followed with MCP support in the Agent Development Kit. Microsoft added it to Copilot Studio. AWS integrated MCP into Amazon Bedrock. Block, Replit, Sourcegraph, Zed, and dozens of other companies adopted MCP for tool integration.

In December 2025, the Agentic AI Foundation (AAIF) formed under the Linux Foundation to govern MCP's evolution as an open standard — removing it from Anthropic's unilateral control. Founding contributors include Anthropic, OpenAI, and Block, with platinum members including AWS, Bloomberg, Cloudflare, Google, and Microsoft.

MCP's success followed one of the six historical patterns that predict protocol winners: solve a painful problem for developers first, make adoption trivially easy, and build ecosystem momentum before competitors can respond. The stdio transport meant developers could write an MCP server in any language and run it locally in minutes. The JSON-RPC 2.0 foundation meant the protocol used a well-understood wire format. The specification was small enough to implement in a weekend but expressive enough to cover most tool-integration scenarios.

But MCP has a specific scope — and that scope has limits. MCP connects agents to tools. It does not address how agents communicate with each other. An agent that can query a database via MCP still cannot delegate a subtask to another agent, negotiate task boundaries, or compose multi-step workflows across organizational boundaries. That problem requires a different protocol.

A2A: Agent-to-Agent Communication

Google released the Agent-to-Agent Protocol specification in April 2025, targeting the gap that MCP does not fill: structured communication between autonomous agents.

Where MCP defines how an agent connects to tools, A2A defines how agents discover each other, negotiate capabilities, delegate tasks, stream progress updates, and exchange results. The protocol introduces Agent Cards — JSON metadata files that describe an agent's identity, capabilities, input/output formats, and trust requirements. An agent looking for help with a specific task queries available Agent Cards, identifies a suitable collaborator, initiates a task delegation, and receives structured results.

More than 100 organizations joined A2A's development process within the first three months. In late August 2025, IBM consolidated its Agent Communication Protocol into A2A — a significant convergence that eliminated one competing standard and strengthened A2A's position as the primary agent-to-agent specification.

A2A operates at a different layer than MCP. MCP is vertical: connecting an agent downward to tools and data. A2A is horizontal: connecting agents laterally to other agents. The two protocols are complementary, not competitive, and both the MCP and A2A communities have acknowledged this publicly. An enterprise agent architecture might use MCP to connect each agent to its tools and A2A to orchestrate multi-agent workflows across departments.

The distinction matters because the failure mode of most protocol wars is not that one standard wins — it is that too many standards compete at the same layer, fragmenting the ecosystem. MCP and A2A operating at different layers reduces the probability of destructive competition between the two largest agent protocols.

The Rest of the Field

MCP and A2A are the largest agent protocols by adoption, but they are not alone.

Microsoft's Agent Framework provides orchestration capabilities for Copilot Studio agents, with bridges to both MCP and A2A. Microsoft's position is strategic pragmatism — it supports the emerging standards while ensuring its enterprise customers can build on Copilot without committing to a single protocol.

The Agent Network Protocol (ANP), an open-source project originating from a former Alibaba Cloud engineer, takes a decentralized approach designed for scenarios where agents must discover and communicate with each other without a central registry. ANP uses a peer-to-peer model that resembles BitTorrent more than HTTP — suited for open networks where no single entity controls the agent directory. The protocol has traction in the Chinese AI ecosystem but limited adoption elsewhere.

Huawei's A2A-T extends A2A for telecom-specific requirements — low latency, high reliability, regulatory compliance, and integration with existing telecom infrastructure. The telecom industry's history of proprietary protocols like SS7, Diameter, and SIP suggests that sector-specific extensions will be a recurring pattern as agent protocols move into regulated industries.

AGENTS.md proposes a simpler approach — a Markdown file in a repository's root that provides architectural guidance, build instructions, and conventions for coding agents working in that codebase. Adopted collaboratively by OpenAI Codex, Google Jules, Cursor, and others, AGENTS.md does not define a communication protocol. It provides a context mechanism — a way for agents to understand a repository's structure and constraints before operating within it.

WebMCP extends MCP into the browser environment, standardizing how web-based agents access page content, form inputs, navigation, and browser APIs. As browser-based agents become more common — Anthropic's computer use, OpenAI's Operator, Google's Project Mariner — a browser-specific extension of the agent protocol stack becomes necessary.

The proliferation is not necessarily a problem. Each protocol addresses a different use case or layer. The risk is not that too many protocols exist — it is that too many protocols compete at the same layer, forcing developers to make incompatible choices early in their agent architecture.

What History Tells Us About Protocol Wars

The current agent protocol landscape has precise historical parallels, and those parallels are instructive.

HTTP versus Gopher (1991-1995). Gopher was technically simpler and gained widespread adoption faster. HTTP was more flexible and had a better extensibility model. HTTP won for two reasons: it could serve any content type while Gopher was restricted to text menus, and the University of Minnesota's February 1993 decision to charge licensing fees for Gopher server software drove developers to the free and open Web. The lesson: protocols that accommodate unforeseen use cases — and remain free — beat protocols optimized for current use cases.

TCP/IP versus OSI (1980s-1990s). The OSI model was the officially sanctioned standard, backed by European governments and the telecommunications industry. TCP/IP was the working protocol used by the actual internet. TCP/IP won because it shipped working implementations while OSI committees debated specifications. The lesson: running code beats committee consensus.

REST versus SOAP (2000s). SOAP was comprehensive, formally specified, and enterprise-endorsed. REST was simpler, used standard HTTP verbs, and required no specialized tooling. REST won because developers could make their first REST API call in minutes while SOAP required reading a 200-page specification and configuring XML schema validators. The lesson: developer experience determines adoption velocity.

USB versus FireWire (1996-2008). FireWire was technically superior — faster data transfer, peer-to-peer architecture, better for video. USB was cheaper to implement, had broader device support, and Intel drove ecosystem adoption aggressively. USB won because it was everywhere. The lesson: ecosystem breadth beats technical specifications.

Six patterns emerge from these and other protocol wars:

  1. Simplicity wins initial adoption. Developers choose the protocol they can implement in a weekend over the one that requires a month of reading.
  2. Ecosystem momentum is self-reinforcing. Once a protocol has more integrations, it gets adopted more, which produces more integrations.
  3. Different layers can coexist. TCP/IP and HTTP coexist because they operate at different layers. MCP and A2A may follow the same pattern.
  4. Governance matters for longevity. Protocols controlled by a single company face adoption resistance. Open governance — like the AAIF for MCP — reduces that friction.
  5. Technical superiority is neither necessary nor sufficient. Gopher, OSI, SOAP, and FireWire were all arguably better in specific technical dimensions. They all lost.
  6. Consolidation takes years, not months. The period between the emergence of competing standards and the establishment of a winner or stable coexistence spans anywhere from four years (HTTP versus Gopher) to over a decade (TCP/IP versus OSI). Faster consolidation correlates with stronger ecosystem network effects.

Applied to the agent protocol landscape: MCP has the ecosystem momentum, A2A has the enterprise governance backing, and both operate at different layers. The most likely outcome — based on historical pattern matching — is that MCP and A2A coexist as complementary standards, with smaller protocols either merging into one of the two or serving niche use cases. Based on these historical patterns, substantial consolidation by 2028-2029 is plausible — though the timeline could extend further if competing standards entrench at the same layer.

Security: The Unsolved Layer

Protocol adoption without security is adoption of a vulnerability.

MCP's rapid ecosystem growth has already surfaced security concerns. Researchers identified prompt injection attacks through MCP tool descriptions — a malicious MCP server could embed instructions in its tool metadata that manipulate the connected AI model's behavior. Tool poisoning attacks, where a compromised server provides subtly incorrect results, are difficult to detect because the consuming agent has limited ability to verify tool outputs independently.

The broader agent security landscape is sobering. A 2025 OWASP analysis identified agent-specific vulnerabilities including excessive agency — agents taking actions beyond their intended scope — insecure tool integration — agents connecting to unvalidated external services — and insufficient output validation — agents trusting results from other agents without verification. Memory poisoning, where an attacker corrupts an agent's persistent memory to influence future behavior, is a novel attack vector with no analog in traditional software security.

A2A's Agent Cards include trust and authentication fields, but the specification acknowledges that the trust model is still evolving. How does an agent verify the identity of another agent? How does an enterprise ensure that an agent delegating a task to an external agent does not leak sensitive data? How do you audit a multi-agent workflow where each agent is operated by a different organization with different security policies?

These questions do not have protocol-level answers yet. NIST launched its AI Agent Standards Initiative in February 2026, with working groups focused on agent identity, agent trust, and agent auditability. ISO/IEC JTC 1/SC 42 is developing broader AI standards that will apply to agent systems. But the gap between the pace of agent deployment and the pace of security standardization is widening, not narrowing.

The security challenge is compounded by the agent ecosystem's complexity. A typical enterprise agent workflow in 2026 might involve an orchestrator agent built on LangChain, a data retrieval agent connected via MCP to a corporate database, an analysis agent running on a different cloud provider, and a customer-facing agent built on Salesforce Agentforce. Each hop in the chain is a potential security boundary, and no existing protocol provides end-to-end security guarantees across heterogeneous agent systems.

What This Means for Builders

The protocol war's outcome will not be determined by standards committees. It will be determined by what developers build.

Build on MCP for tool integration now. With 97 million monthly SDK downloads, thousands of community servers, and adoption by every major AI platform, MCP is the de facto standard for connecting agents to tools. The risk of MCP being displaced is low. The cost of waiting for a better standard is high.

Watch A2A for multi-agent orchestration. A2A is earlier in its adoption curve but has strong institutional backing — Google, IBM, and 100+ organizations. If your architecture requires agents delegating tasks to other agents across organizational boundaries, A2A is the protocol to evaluate. IBM's consolidation of ACP into A2A in late August 2025 signals consolidation in this layer.

Design for protocol abstraction. The winning strategy in every protocol war is the same: build an abstraction layer that insulates your application from protocol-level changes. The enterprise middleware market exists because of protocol transitions. Agent frameworks that abstract over MCP, A2A, and future protocols will outlast those that hardcode a single protocol.

Do not wait for security standards. Implement agent-level authentication, output validation, and audit logging now. The standards will follow, but the attacks will not wait for them. Every MCP connection should be validated. Every A2A task delegation should be authenticated. Every agent output should be checked before being acted upon.

Expect consolidation by 2028. Based on historical protocol war timelines, the agent protocol landscape should stabilize within two to three years. The current fragmentation is a transitional state, not an end state. Build for today's protocols with the expectation that the landscape will simplify.

The agent protocol war is not about which standard wins. It is about how fast the ecosystem can converge on a common language — because the value of AI agents scales with their ability to compose, collaborate, and interoperate. Every month of fragmentation is a month of unrealized value.

The protocols exist. The governance is forming. The ecosystem is building. The question is no longer whether agents will get a common language. It is whether they will get it fast enough.


At AIReady.fit, we help professionals and teams understand the technologies reshaping their industries. Our AI Foundations track covers how AI is moving from single tools to multi-agent systems — practical knowledge for professionals navigating what comes next.

Get AI Tips Every Week

Get smarter about AI every week — practical tips, prompts, and workflows in your inbox.