The Agent Stack Picks Its Three: MCP, A2A, AP2 — and What the Six-Protocol Era Still Doesn't Solve

A special-edition deep dive on the six wire-format specifications competing to define the agent stack — Model Context Protocol, Agent-to-Agent, AG-UI, A2UI, Agent Payments Protocol, and x402. By mid-2026, three of them are pulling ahead as load-bearing infrastructure. The other three are smaller stories, and the most consequential parts of the picture are the gaps that none of the six, individually, solves.

In this episode

  • Why three protocols — MCP, A2A, and AP2 — are emerging as the load-bearing layers of the agent stack, and what the adoption, governance, and security evidence actually shows.
  • How the AG-UI / A2UI collision resolved into an interoperability alliance with CopilotKit, Google, and Oracle — and why the AP2 / x402 payments collision is still live, with AP2 increasingly looking like the intent layer above x402's settlement rail.
  • The MCP governance gap: a protocol widely described as an "open standard" with no neutral standards body — and a documented case of unilateral client-side spec divergence by a dominant platform.
  • Why the security research on MCP has moved from theoretical risk to working proofs of concept across four independent teams, with no CVE infrastructure yet to catalog the attacks.
  • The IETF's startling counterpoint: current agent protocol work is "problem-space analysis," not solution-space consensus — and the arXiv proposal for two missing protocol layers above the existing stack.
  • The cross-protocol gaps that none of the six solves: agent identity (now being picked up by a new FIDO Alliance working group), observability (OpenTelemetry GenAI semantic conventions), and liability allocation across multi-protocol agent delegation chains.
  • The practical posture for teams building today: treat MCP and A2A as implementation details, invest in observability and indemnity drafting, and read the FIDO and IETF drafts as they land.

Sources & References

Primary anchor

Protocol specifications & primary announcements

Standards bodies, governance, and the skeptical case

Security research

Adoption, ecosystem, and enterprise readiness

Observability standards


Have questions about this episode? Reach out.