The Agent Stack Picks Its Three: MCP, A2A, AP2 — and What the Six-Protocol Era Still Doesn't Solve
A special-edition deep dive on the six wire-format specifications competing to define the agent stack — Model Context Protocol, Agent-to-Agent, AG-UI, A2UI, Agent Payments Protocol, and x402. By mid-2026, three of them are pulling ahead as load-bearing infrastructure. The other three are smaller stories, and the most consequential parts of the picture are the gaps that none of the six, individually, solves.
In this episode
- Why three protocols — MCP, A2A, and AP2 — are emerging as the load-bearing layers of the agent stack, and what the adoption, governance, and security evidence actually shows.
- How the AG-UI / A2UI collision resolved into an interoperability alliance with CopilotKit, Google, and Oracle — and why the AP2 / x402 payments collision is still live, with AP2 increasingly looking like the intent layer above x402's settlement rail.
- The MCP governance gap: a protocol widely described as an "open standard" with no neutral standards body — and a documented case of unilateral client-side spec divergence by a dominant platform.
- Why the security research on MCP has moved from theoretical risk to working proofs of concept across four independent teams, with no CVE infrastructure yet to catalog the attacks.
- The IETF's startling counterpoint: current agent protocol work is "problem-space analysis," not solution-space consensus — and the arXiv proposal for two missing protocol layers above the existing stack.
- The cross-protocol gaps that none of the six solves: agent identity (now being picked up by a new FIDO Alliance working group), observability (OpenTelemetry GenAI semantic conventions), and liability allocation across multi-protocol agent delegation chains.
- The practical posture for teams building today: treat MCP and A2A as implementation details, invest in observability and indemnity drafting, and read the FIDO and IETF drafts as they land.
Sources & References
Primary anchor
- Nate's Newsletter — Agent Protocol Stack: MCP and A2A — the seed framing for this deep dive
Protocol specifications & primary announcements
- Anthropic — Introducing the Model Context Protocol
- MCP Official Specification (2025-06-18)
- Google Developers Blog — Google Cloud Donates A2A to the Linux Foundation
- Linux Foundation — Launches the Agent2Agent Protocol Project
- A2A Protocol Specification
- A2A GitHub Repository
- PR Newswire — A2A Protocol Surpasses 150 Organizations
- Google Developers Blog — Introducing A2UI
- A2UI Official Site
- CopilotKit — AG-UI and A2UI Distinction
- Oracle — Agent Spec for A2UI / AG-UI
- FIDO Alliance — Google Donates Agent Payments Protocol to FIDO
- Google Blog — Agent Payments Protocol & FIDO Alliance
- AP2 Protocol Specification
- Google Cloud Blog — Announcing AP2
- Coinbase Developer Platform — x402 Documentation
- Cloudflare Blog — x402 Announcement
- x402 Whitepaper
Standards bodies, governance, and the skeptical case
- IETF — draft-yao-catalist-problem-space-analysis — Tier 1, the strongest counterpoint to "settled stack" framing
- FIDO Alliance — Standards for Trusted AI Agent Interactions — the cross-protocol identity working group
- Sfeir — La jungle des protocoles IA — "jungle of protocols" landscape analysis
- arXiv 2511.19699 — Internet of Agents: Layered Architecture (Nov 2025) — Layer 8 / Layer 9 proposal
- OpenAI Developer Community — MCP Server Guidelines Thread — documented client-side spec divergence
Security research
- Cloud Security Alliance — Secure Use of AP2 (October 6, 2025) — mandate spoofing + agent coercion threat model
- Snyk Labs — Prompt Injection MCP
- Palo Alto Unit 42 — MCP Attack Vectors
- Invariant Labs — Tool Poisoning Attacks
- Microsoft Developer Blog — Protecting Against Indirect Injection in MCP
- Simon Willison — MCP Prompt Injection (April 9, 2025)
- Tenable — MCP Prompt Injection: Not Just for Evil
- arXiv 2511.07426 — MCP Token Overhead Quantified (Nov 2025)
- EclipseSource — MCP Context Overload (Jan 22, 2026)
Adoption, ecosystem, and enterprise readiness
- Digital Applied — MCP Adoption Statistics 2026
- WorkOS — Everything Your Team Needs to Know About MCP in 2026
- Google Cloud — What is Model Context Protocol
- Tyk — Is MCP Dead in 2026? Enterprise Readiness Checklist
- Galaxy Research — x402: AI Agents & Crypto Payments — independent x402 structural analysis
- Nevermined — Stablecoin Payments AI Agents Statistics — vendor-aggregated x402 volume figures (treat as directional)
- Crossmint — Agentic Payments Protocols Compared
Observability standards
- Arthur AI — Agentic AI Observability Playbook 2026
- Braintrust — Agent Observability Complete Guide 2026
- Fiddler AI — MCP Agent Observability
- Microsoft Developer Blog — Build 2026: From Observability to ROI
Legal & liability
- University of Chicago Law Review — Risky Agents Without Intentions — Tier 1 peer-reviewed; the human-in-the-loop oversight standard
- SSRN Working Paper 5864482 — Consumer Protection Gap for Autonomous Agent Payments
- Lathrop GPM — Liability Considerations for Agentic AI
- Jones Walker — AI Vendor Liability Squeeze
- Braun Miller Law — x402 Legal Framework Analysis
Have questions about this episode? Reach out.