Agent-to-Agent (A2A) Protocol

The evolution from single AI models to multi-agent systems mirrors the evolution of software itself. Just as monolithic applications gave way to microservices — each service specializing in one domain — AI is moving from monolithic agents to specialized agent teams that collaborate on complex tasks.

Real-world multi-agent scenarios are already emerging in production. A code review pipeline chains a coding agent that writes code, a QA agent that runs tests, a security agent that scans for vulnerabilities, and a deploy agent that ships to staging. A research synthesis workflow connects a data agent that queries databases, an analysis agent that processes results, and a report agent that generates executive summaries.

These workflows require agents to communicate as peers — delegating tasks, sharing context, reporting status, and coordinating actions. Without a standard protocol, every agent-to-agent integration requires custom glue code, custom message formats, and custom authentication. That's the problem the A2A protocol solves.

The Agent-to-Agent (A2A) protocol is an open standard initiated by Google and donated to the Linux Foundation under the Apache 2.0 license. It defines how AI agents discover each other's capabilities, communicate through standardized messages, delegate work, and report results — enabling multi-agent systems that work across organizational and vendor boundaries.

A2A introduces four core concepts. An Agent Card is a JSON metadata document that describes an agent's identity, capabilities, skills, and endpoint — it's how agents discover what other agents can do. A Task is a unit of work assigned from one agent to another, with lifecycle states (submitted, working, completed, failed). Messages are the communication within a task — text, structured data, or file references. Artifacts are the structured outputs an agent produces (reports, code, analysis results).

The transport layer uses HTTP with JSON-RPC for request-response patterns and Server-Sent Events (SSE) for streaming updates. This makes A2A deployable on standard web infrastructure — no specialized messaging systems required.

Agent Cards are the cornerstone of A2A. They serve as a machine-readable identity document for AI agents — describing who the agent is, what it can do, where to reach it, and how to authenticate. When one agent wants to delegate work to another, it reads the target agent's Agent Card to determine compatibility and requirements.

Discovery works through registries or well-known URLs. An orchestrator agent queries the registry and receives a list of available Agent Cards. It then matches the required skill (like "code-review") against the capabilities declared in each card to find the right agent for the job.

The authentication field is particularly important for enterprise deployments. It declares what credentials are needed to invoke the agent — OAuth 2.0 scopes, mutual TLS certificates, or API keys. An A2A Gateway can enforce these authentication requirements centrally, ensuring that only authorized agents can communicate with each other.

Multi-agent systems organize around three primary communication patterns. Each has distinct trade-offs in control, flexibility, and governability. The right pattern depends on your workflow requirements and governance needs.

From a governance perspective, the supervisor pattern is easiest to audit — all communication flows through a central orchestrator that can log every delegation and result. The pipeline pattern is moderately auditable since the flow is linear and predictable. The mesh pattern is the most challenging — agents communicate freely, requiring a gateway intermediary to maintain visibility.

Most enterprise deployments start with the supervisor pattern for its simplicity and auditability, then evolve toward pipelines for sequential workflows and selective mesh patterns for collaborative tasks. An A2A Gateway ensures governance regardless of pattern — every agent-to-agent message flows through the gateway for authentication, authorization, and logging.

A common question is whether A2A replaces MCP or vice versa. The answer is neither — they are complementary protocols that serve different layers of the AI infrastructure stack.

MCP is vertical — it governs how agents access tools and data. An agent uses MCP to query a database, call an API, read a file system, or search a codebase. It's the protocol for agent-to-tool communication.

A2A is horizontal — it governs how agents communicate with each other as peers. An orchestrator uses A2A to delegate a code review to a specialist agent, which uses A2A to report results back. It's the protocol for agent-to-agent coordination.

In practice, they work together. An orchestrator agent uses A2A to coordinate a code review pipeline: it delegates to a coding agent (which uses MCP to access GitHub and the file system), then to a QA agent (which uses MCP to run the test suite), then to a deploy agent (which uses MCP to trigger the CI/CD pipeline). A2A coordinates the agents; MCP connects each agent to its tools.

Gateways for both protocols

Axiom provides an MCP Gateway for tool governance and an A2A Gateway for agent orchestration governance. Together, they provide complete visibility and control over your entire agentic AI infrastructure — from individual tool calls to multi-agent workflows.

See the full platform

Multi-agent systems introduce governance challenges that don't exist in single-agent deployments. When agents communicate autonomously, traditional security boundaries break down and new attack surfaces emerge.

Agent Impersonation

Without identity verification, one agent could claim to be another — a malicious agent impersonating a trusted code review agent to approve vulnerable code. Agent Cards with cryptographic verification prevent this, but only when enforced by a gateway.

Unauthorized Delegation

An agent might delegate sensitive work to an untrusted external agent — sending proprietary code to a third-party review service, or customer data to an unapproved analysis agent. Without policy enforcement, delegation decisions are left entirely to the AI's judgment.

Runaway Cost Cascades

One agent creating sub-tasks across many agents creates a multiplication effect on LLM costs. An orchestrator that delegates to five agents, each of which delegates to three more, generates 15 concurrent LLM sessions — costs scale exponentially without circuit breakers and rate limits.

Audit Gap

Direct agent-to-agent communication produces no centralized record. Without a gateway intermediary, compliance teams cannot answer fundamental questions: which agents communicated, what data was shared, who authorized the interaction, and what were the results.

An A2A Gateway addresses every governance challenge by inserting a governed layer between communicating agents. All agent-to-agent traffic flows through the gateway, which enforces authentication, authorization, rate limiting, and logging on every interaction.

Agent Registry

A centralized registry of approved agents with verified Agent Cards. Only registered agents can participate in multi-agent workflows. New agents must be approved and their Agent Cards validated before they can receive delegated tasks.

Authentication & Authorization

Mutual TLS or OAuth 2.0 for all agent-to-agent communication. Policy-based rules define which agents can communicate with which — a coding agent can delegate to a QA agent, but a customer support agent cannot access the deployment agent.

Rate Limiting & Circuit Breakers

Prevent cascade failures and cost explosions. Set maximum concurrent tasks per agent, maximum delegation depth, and per-workflow cost caps. Circuit breakers halt runaway agent loops before they consume unlimited resources.

Immutable Message Logging

Every agent-to-agent message logged with sender identity, receiver identity, task context, message content, timestamp, and cost. This creates the compliance-ready audit trail that direct communication cannot provide.

Axiom's A2A Gateway serves as the central hub for all agent-to-agent communication in your organization. Agents register with the gateway and discover other agents through it — never connecting directly to each other. Every delegation, message, and result flows through the governed layer.

The gateway manages the full lifecycle: agent registration and identity verification, Agent Card hosting and discovery, policy-driven communication rules (which agents can talk to which), rate limiting and circuit breakers for cost control, and immutable audit logging for compliance. Content inspection scans messages for sensitive data and enforces data loss prevention policies across agent communication.

Combined with the MCP Gateway for tool governance and the LLM Gateway for inference governance, the A2A Gateway completes Axiom's full-stack AI governance platform — covering every layer of enterprise AI infrastructure from a single control plane.

Enterprise-grade multi-agent governance

From agent registration to policy enforcement to audit compliance — Axiom's A2A Gateway provides the governance infrastructure that multi-agent systems need to operate safely in enterprise environments. Deploy alongside MCP and LLM gateways for complete AI governance.

Request a demo