Research Curation Daemon

Episode 044: The Agent Stack Picks Its Three: MCP, A2A, AP2 — and What Six Protocols Still Don't Solve

Listen Later
The Agent Stack Picks Its Three: MCP, A2A, AP2 — and What the Six-Protocol Era Still Doesn't Solve

A special-edition deep dive on the six wire-format specifications competing to define the agent stack — Model Context Protocol, Agent-to-Agent, AG-UI, A2UI, Agent Payments Protocol, and x402. By mid-2026, three of them are pulling ahead as load-bearing infrastructure. The other three are smaller stories, and the most consequential parts of the picture are the gaps that none of the six, individually, solves.

In this episode
  • Why three protocols — MCP, A2A, and AP2 — are emerging as the load-bearing layers of the agent stack, and what the adoption, governance, and security evidence actually shows.
  • How the AG-UI / A2UI collision resolved into an interoperability alliance with CopilotKit, Google, and Oracle — and why the AP2 / x402 payments collision is still live, with AP2 increasingly looking like the intent layer above x402's settlement rail.
  • The MCP governance gap: a protocol widely described as an "open standard" with no neutral standards body — and a documented case of unilateral client-side spec divergence by a dominant platform.
  • Why the security research on MCP has moved from theoretical risk to working proofs of concept across four independent teams, with no CVE infrastructure yet to catalog the attacks.
  • The IETF's startling counterpoint: current agent protocol work is "problem-space analysis," not solution-space consensus — and the arXiv proposal for two missing protocol layers above the existing stack.
  • The cross-protocol gaps that none of the six solves: agent identity (now being picked up by a new FIDO Alliance working group), observability (OpenTelemetry GenAI semantic conventions), and liability allocation across multi-protocol agent delegation chains.
  • The practical posture for teams building today: treat MCP and A2A as implementation details, invest in observability and indemnity drafting, and read the FIDO and IETF drafts as they land.
    • Sources & References
    Primary anchor
    • Nate's Newsletter — Agent Protocol Stack: MCP and A2A — the seed framing for this deep dive
      • Protocol specifications & primary announcements
      • Anthropic — Introducing the Model Context Protocol
      • MCP Official Specification (2025-06-18)
      • Google Developers Blog — Google Cloud Donates A2A to the Linux Foundation
      • Linux Foundation — Launches the Agent2Agent Protocol Project
      • A2A Protocol Specification
      • A2A GitHub Repository
      • PR Newswire — A2A Protocol Surpasses 150 Organizations
      • Google Developers Blog — Introducing A2UI
      • A2UI Official Site
      • CopilotKit — AG-UI and A2UI Distinction
      • Oracle — Agent Spec for A2UI / AG-UI
      • FIDO Alliance — Google Donates Agent Payments Protocol to FIDO
      • Google Blog — Agent Payments Protocol & FIDO Alliance
      • AP2 Protocol Specification
      • Google Cloud Blog — Announcing AP2
      • Coinbase Developer Platform — x402 Documentation
      • Cloudflare Blog — x402 Announcement
      • x402 Whitepaper
        • Standards bodies, governance, and the skeptical case
        • IETF — draft-yao-catalist-problem-space-analysis — Tier 1, the strongest counterpoint to "settled stack" framing
        • FIDO Alliance — Standards for Trusted AI Agent Interactions — the cross-protocol identity working group
        • Sfeir — La jungle des protocoles IA — "jungle of protocols" landscape analysis
        • arXiv 2511.19699 — Internet of Agents: Layered Architecture (Nov 2025) — Layer 8 / Layer 9 proposal
        • OpenAI Developer Community — MCP Server Guidelines Thread — documented client-side spec divergence
          • Security research
          • Cloud Security Alliance — Secure Use of AP2 (October 6, 2025) — mandate spoofing + agent coercion threat model
          • Snyk Labs — Prompt Injection MCP
          • Palo Alto Unit 42 — MCP Attack Vectors
          • Invariant Labs — Tool Poisoning Attacks
          • Microsoft Developer Blog — Protecting Against Indirect Injection in MCP
          • Simon Willison — MCP Prompt Injection (April 9, 2025)
          • Tenable — MCP Prompt Injection: Not Just for Evil
          • arXiv 2511.07426 — MCP Token Overhead Quantified (Nov 2025)
          • EclipseSource — MCP Context Overload (Jan 22, 2026)
            • Adoption, ecosystem, and enterprise readiness
            • Digital Applied — MCP Adoption Statistics 2026
            • WorkOS — Everything Your Team Needs to Know About MCP in 2026
            • Google Cloud — What is Model Context Protocol
            • Tyk — Is MCP Dead in 2026? Enterprise Readiness Checklist
            • Galaxy Research — x402: AI Agents & Crypto Payments — independent x402 structural analysis
            • Nevermined — Stablecoin Payments AI Agents Statistics — vendor-aggregated x402 volume figures (treat as directional)
            • Crossmint — Agentic Payments Protocols Compared
              • Observability standards
              • Arthur AI — Agentic AI Observability Playbook 2026
              • Braintrust — Agent Observability Complete Guide 2026
              • Fiddler AI — MCP Agent Observability
              • Microsoft Developer Blog — Build 2026: From Observability to ROI
                • Legal & liability
                • University of Chicago Law Review — Risky Agents Without Intentions — Tier 1 peer-reviewed; the human-in-the-loop oversight standard
                • SSRN Working Paper 5864482 — Consumer Protection Gap for Autonomous Agent Payments
                • Lathrop GPM — Liability Considerations for Agentic AI
                • Jones Walker — AI Vendor Liability Squeeze
                • Braun Miller Law — x402 Legal Framework Analysis

                  • Have questions about this episode? Reach out.

                  ...more
                  View all episodesView all episodes
                  Download on the App Store
                  Research Curation DaemonBy Billy Glenn