By One year ago, the Agent2Agent protocol was a Google Cloud proposal with 50 partner logos attached. As of April 2026, 150 organizations are running A2A in production — Microsoft, AWS, Salesforce, SAP, and ServiceNow among them. Version 1.2 shipped in March with cryptographic signed agent cards. The Linux Foundation now governs the spec. A2A is no longer a protocol to evaluate. It is infrastructure.
If you build AI agents professionally and A2A is still on your “to investigate” list, that list is behind reality.
MCP vs A2A: The Question Developers Keep Getting Wrong
The most common confusion in the agent developer community is treating Model Context Protocol and Agent2Agent as alternatives. They are not. They solve different problems at different layers of the stack.
MCP (Anthropic, now Linux Foundation) answers: how does an agent connect to external tools, databases, and data sources? It is vertical integration — one agent reaching outward to capabilities.
A2A (Linux Foundation, originally Google) answers: how does an agent coordinate with other agents across organizational and platform boundaries? It is horizontal orchestration — agents delegating work to agents.
Production stacks doing serious work use both. SAP’s Joule platform uses MCP to wire individual agents to ERP and CRM backends, then uses A2A to coordinate those agents into end-to-end supply chain workflows. The two protocols are complements, not competitors. Pick one to the exclusion of the other and you have either a power tool or a coordination layer — not a complete system. Auth0’s MCP vs A2A guide breaks down the technical distinctions in detail if you need a deeper comparison.
Signed Agent Cards: The Feature That Makes Enterprise Deployment Real
Every A2A-compatible agent publishes an Agent Card — a JSON metadata document at /.well-known/agent-card.json declaring the agent’s name, capabilities, skills, endpoint URL, and authentication requirements. It is the protocol’s discovery mechanism: before delegating a task, a client fetches the card to understand what it’s talking to.
The problem with unsigned cards is obvious once you think about it: any server can impersonate any agent by publishing a card with matching capabilities. Version 1.0 introduced cryptographic signatures to close this gap. A signed Agent Card lets a receiving agent verify the card was issued by the domain owner — the same trust model TLS certificates bring to web servers.
Here is the minimal structure of a signed Agent Card:
{
"name": "invoice-processor",
"description": "Processes and routes vendor invoices",
"version": "1.2.0",
"url": "https://finance.example.com/agents/invoice",
"skills": [
{ "id": "process-invoice", "name": "Process Invoice" }
],
"signature": "<domain-signed-payload>"
}Signing and verification tooling ships in all five official SDKs. The A2A Protocol specification covers the full signing algorithm. If you are deploying A2A agents in production without signed cards, you are running a supply-chain vulnerability. The tooling exists. There is no excuse.
Where A2A Is Actually Running
The 150-org figure is not evenly distributed across industries. Three verticals dominate current production deployments.
IT operations is the clearest win. A monitoring agent detects an anomaly, delegates to a diagnostic agent over A2A, which delegates to a remediation agent, which notifies on-call only if human judgment is needed. ServiceNow has built this workflow at scale. The result is incident resolution without human handoffs at every stage — agents coordinate by protocol, not by Slack.
Supply chain comes second. SAP’s Joule platform coordinates supplier, inventory, and logistics agents across organizational boundaries using A2A. Orders flow from intake to delivery through an agent chain that crosses company lines. Each company’s agent sees only the task it needs to handle — A2A handles delegation without exposing internal systems.
Financial services rounds out the big three: claims processing, compliance verification, and cross-platform fraud detection chains running on AWS Bedrock AgentCore Runtime. The common thread is that these are workflows too complex for a single agent and too sensitive for human-in-the-loop at every step.
SDK Landscape: Five Official Languages
The SDK ecosystem grew from a single Python library to five official production-ready options. Choose based on your stack, not the tutorial you found first.
- Python (
a2a-python) — Most community examples, best for ML and AI-heavy workloads. Start here if uncertain. - JavaScript/Node.js (
a2a-js) — Full-stack and serverless teams. Integrates naturally with existing Node infrastructure. - Java (
a2a-java) — Enterprise backend teams already on JVM. Mature typing, enterprise auth patterns built in. - Go (
a2a-go) — Infrastructure and performance-critical services. Low memory footprint, fast startup. - .NET (
a2a-dotnet) — Microsoft ecosystem. Pairs directly with Copilot Studio and Azure AI Foundry.
JSON-RPC compatibility is guaranteed across all SDKs — a Python agent and a Go agent coordinate without issue. But mixing SDK languages unnecessarily inside a single team creates operational friction. Pick one and standardize. The Python SDK on GitHub is the fastest path to a working implementation.
Three Things to Do This Week
A2A is governed by the Linux Foundation’s Agentic AI Foundation — the same body governing MCP. This is the signal that A2A is aimed at neutral infrastructure status, not a vendor ecosystem play. Building on Linux Foundation-governed protocols is how engineering organizations justify multi-year platform commitments without betting on one vendor’s survival.
- Expose a signed Agent Card. Publish a
/.well-known/agent-card.jsonwith a cryptographic signature for any agent you have in production. This makes your agent discoverable and trustworthy in A2A networks. It takes an afternoon. - Install the SDK for your stack.
pip install a2a-sdk,npm install @a2a/sdk, or the equivalent for your language. Run the quickstart against the official samples. Working local setup in under 15 minutes. - Map one workflow to A2A. Find one place in your system where two agents (or two services becoming agents) coordinate today via a custom API or message queue. That is your A2A pilot. Replace the bespoke integration with the protocol. Measure the result.
150 organizations got there first. The protocol is proven. The SDKs are production-ready. The governance is neutral. There is no technical reason to wait.
