Cross-vendor agent infrastructure just became real. Until A2A reached production maturity, organizations building multi-agent systems had to commit to a single vendor's ecosystem. The 150-organization deployment count means that's no longer the case — agents from different vendors can interact reliably in production. Linux Foundation governance changes the trust calculation. A2A under Google control had vendor-neutral marketing but inherent vendor concentration. Linux Foundation governance with

The agent infrastructure landscape in 2026 has multiple standards and patterns operating in parallel. The table below summarizes the major options and their positioning as of mid-May 2026. Protocol / StandardPurposeGovernanceProduction maturityBest fit Agent2Agent (A2A) v1.2Cross-vendor agent communicationLinux Foundation Agentic AI150 orgs in productionMulti-vendor enterprise architectures Model Context Protocol (MCP)Agent-to-tool/data integrationAnthropic-led, openBroad adoption across toolsTo

Agent2Agent Protocol Hits 150 Production Deployments at v1.2

The Agent2Agent (A2A) protocol — Google’s cross-vendor standard for AI agents communicating across platforms — just crossed 150 organizations in production deployment and shipped version 1.2 with cryptographically signed agent cards for domain verification. The Agent2Agent protocol moved under Linux Foundation governance through the new Agentic AI Foundation, joining other vendor-neutral AI infrastructure projects under the same umbrella. Microsoft, AWS, Salesforce, SAP, and ServiceNow are running A2A in production environments today, routing real tasks between agents built on different platforms. The milestone matters because it’s the first time a multi-vendor agent communication standard has reached production maturity at scale, which has implications for how enterprises architect their agentic AI strategy through the rest of 2026 and beyond.

What’s actually new

Three substantive changes define the A2A protocol’s May 2026 status. First, the deployment count: from “more than 50 technology partners” at launch to 150 organizations in production today. The growth represents real-world traction rather than pilot enthusiasm, with named adopters including Microsoft, AWS, Salesforce, SAP, ServiceNow, plus dozens of others spanning enterprise SaaS, manufacturing, retail, healthcare, and financial services. Second, the v1.2 specification adds cryptographically signed agent cards — the metadata documents that describe an agent’s capabilities, permissions, and identity. Domain verification through signatures provides the trust foundation that cross-vendor agent calls require. Third, the governance shift to the Linux Foundation’s new Agentic AI Foundation moves A2A from a Google-led initiative to a vendor-neutral standard with formal governance, IP protections, and contribution structure.

The Agentic AI Foundation under the Linux Foundation is itself news. The new umbrella organization includes A2A, related agent infrastructure projects, and the institutional structure that has worked for prior open-standards efforts (CNCF for cloud-native, OpenJS for JavaScript, others). The presence of Microsoft, AWS, and others as governing members alongside Google is the key signal — a single-vendor protocol becomes credible only when competitors adopt and govern it.

The signed agent cards mechanism is technically significant. An agent card is a manifest describing what the agent can do, what tools it can call, what data it can access, and what credentials it accepts. Cryptographic signing lets the receiving agent verify the card’s origin and integrity before establishing trust. The pattern is analogous to TLS certificates for web servers — a foundation that lets distributed parties trust each other without prior direct contact. Without signed cards, A2A interactions required out-of-band trust establishment that limited deployment scenarios; with them, agents can interact across organizational boundaries safely.

The Agent2Agent protocol design itself centers on a few primitives. Agents publish capability descriptions through agent cards. Agents discover other agents through directories and direct introductions. Agents communicate through structured message exchanges that handle authentication, authorization, task delegation, status updates, and result delivery. The protocol is transport-agnostic — running over HTTP, gRPC, or other transports — and authentication-agnostic, supporting OAuth, mutual TLS, API keys, and other patterns. The flexibility lets different organizations use the patterns that fit their existing infrastructure.

The relationship to other agent infrastructure standards is worth clarifying. A2A handles inter-agent communication; the Model Context Protocol (MCP) handles agent-to-tool/data communication. The two are complementary rather than competitive — many production deployments use both. MCP for agents to access internal tools and data; A2A for agents to interact with agents at other organizations or built on other platforms. The combination produces a complete agent infrastructure stack.

Why it matters

Cross-vendor agent infrastructure just became real. Until A2A reached production maturity, organizations building multi-agent systems had to commit to a single vendor’s ecosystem. The 150-organization deployment count means that’s no longer the case — agents from different vendors can interact reliably in production.
Linux Foundation governance changes the trust calculation. A2A under Google control had vendor-neutral marketing but inherent vendor concentration. Linux Foundation governance with Microsoft, AWS, and others as governing members is genuinely vendor-neutral. Enterprises evaluating A2A no longer have to weigh “is Google going to change this protocol against my interests.”
Signed agent cards unlock cross-organizational scenarios. Before signed cards, A2A worked well within organizational boundaries but required friction-heavy trust establishment to cross them. With signed cards, scenarios like supplier agents talking to customer agents, marketplace agents handling buyer-seller interactions, and partner agents collaborating across companies become tractable.
Microsoft Copilot and Anthropic agents now interoperate by default. The deepening Microsoft-Anthropic partnership through Copilot Wave 3 plus A2A standardization means an agent built in Microsoft Copilot can call an agent built on Claude can call an agent built on Salesforce can call an agent built on Google Workspace. The interoperability story is now operational.
Enterprise architecture decisions shift. The “pick one agent platform and commit” pattern is no longer the only viable strategy. Multi-platform architectures with A2A as the connecting tissue are now defensible and increasingly recommended for organizations with diverse vendor relationships.
Agent marketplaces become structurally feasible. The combination of standardized communication, signed identity, and cryptographic trust enables third-party agent marketplaces where organizations buy or rent agents for specific functions. The ecosystem implications stretch into 2027-2028.

How to use the Agent2Agent protocol today

Three steps put a development team on A2A capability today, with appropriate caveats about the protocol’s continued evolution.

Read the A2A 1.2 specification at the Linux Foundation site. The specification has stabilized enough that production implementations are tractable. Understand the agent card format, the message exchange patterns, the authentication options, and the signed-card requirements before designing your agent.
Choose an A2A SDK that fits your stack. Google’s reference implementation works with Python, TypeScript, and Go. Microsoft, AWS, and Salesforce have published their own A2A integrations for their respective platforms. Anthropic’s agent SDK includes A2A bindings. Pick the SDK that matches your platform and language preferences.
Define your agent’s capability through an agent card. The card declares what your agent does, what it needs from callers, what it returns, and what permissions it requires. Sign the card cryptographically using a key your organization controls. Publish the card to relevant agent directories.

A reference agent card example following the A2A 1.2 specification:

{
  "agentId": "did:web:agents.example.com:invoice-processor",
  "version": "1.0.0",
  "name": "Invoice Processor",
  "description": "Processes invoices: extract, validate, route for approval.",
  "capabilities": [
    {
      "name": "process_invoice",
      "input_schema": { "$ref": "https://schemas.example.com/invoice.json" },
      "output_schema": { "$ref": "https://schemas.example.com/invoice-result.json" }
    }
  ],
  "authentication": ["oauth2", "mtls"],
  "endpoints": {
    "primary": "https://agents.example.com/invoice-processor/v1"
  },
  "supportedProtocols": ["a2a/1.2"],
  "signatures": [
    {
      "alg": "ES256",
      "kid": "agents.example.com:2026-05",
      "sig": "MEUCIQDx...full-cryptographic-signature..."
    }
  ]
}

The signature provides cryptographic verification that the card originates from agents.example.com and hasn’t been tampered with. Receiving agents validate the signature against the publishing organization’s public key before establishing trust.

For developers building A2A interactions, the standard SDK pattern abstracts the protocol details:

# Reference: A2A client interaction from one agent to another
from a2a import A2AClient

client = A2AClient(
    my_agent_id="did:web:my-org.com:order-agent",
    private_key_path="./keys/agent-signing.pem",
)

# Discover the invoice processor by its agent ID
agent = await client.discover("did:web:example.com:invoice-processor")

# Verify the agent card signature; abort if invalid
if not agent.verify_signature():
    raise TrustError("Agent card signature invalid")

# Invoke the agent's capability
result = await client.invoke(
    target=agent,
    capability="process_invoice",
    input={"invoice_data": invoice_pdf, "po_number": "PO-12345"},
    timeout_seconds=30,
)

How it compares

The agent infrastructure landscape in 2026 has multiple standards and patterns operating in parallel. The table below summarizes the major options and their positioning as of mid-May 2026.

Protocol / Standard	Purpose	Governance	Production maturity	Best fit
Agent2Agent (A2A) v1.2	Cross-vendor agent communication	Linux Foundation Agentic AI	150 orgs in production	Multi-vendor enterprise architectures
Model Context Protocol (MCP)	Agent-to-tool/data integration	Anthropic-led, open	Broad adoption across tools	Tool integration with agents
OpenAI Agent SDK + Swarm	OpenAI-native multi-agent orchestration	OpenAI	Production for OpenAI customers	OpenAI-stack deployments
LangGraph	Multi-agent orchestration framework	LangChain (open source)	Production-ready	Custom multi-agent systems
Microsoft Semantic Kernel	Agent orchestration in .NET/Python	Microsoft (open source)	Production in Microsoft stack	Microsoft ecosystem agents
CrewAI / AutoGen	Multi-agent collaboration frameworks	Various open-source	Production in specific patterns	Research-heavy multi-agent work

Two takeaways. First, A2A and MCP are complementary rather than competitive — most production deployments use both. A2A handles agent-to-agent communication; MCP handles agent-to-tool integration. Together they form a complete agent infrastructure stack. Second, agent orchestration frameworks (LangGraph, Semantic Kernel, CrewAI, AutoGen) operate at a different layer than A2A. The frameworks help you build individual agents and orchestrate within a single deployment; A2A handles the communication when those agents need to talk to other organizations’ agents.

What’s next

Three things to watch over the next two quarters. First, the A2A 2.0 specification work. The Linux Foundation Agentic AI Foundation has signaled a major version update is in progress, with expanded streaming support, richer task delegation patterns, and improved error handling. The 2.0 release is expected in late 2026 or early 2027. Second, agent marketplaces. With cryptographic identity and standardized communication operational, third-party agent marketplaces become commercially feasible. Expect at least one major agent marketplace launch through Q3-Q4 2026, possibly from one of the platform vendors or possibly from a new entrant. Third, the regulatory dimension. Cross-organizational agent communication produces new audit and compliance considerations. Expect formal regulatory guidance from major frameworks (EU AI Act, sectoral regulations) on A2A-style protocols through 2027.

The longer-term implication is that agent infrastructure is becoming a distinct technical category with its own standards, vendors, and governance structures. The 2024-2025 era of vendor-locked agent platforms is giving way to interoperable agent ecosystems. Enterprises that built multi-agent capability on single-vendor stacks will need to evaluate whether to add A2A interoperability or maintain the single-vendor approach. The right answer depends on the use case; the option is now real.

Frequently Asked Questions

Is A2A a replacement for MCP?

No. A2A handles agent-to-agent communication; MCP handles agent-to-tool/data integration. They solve different problems and are typically used together. An agent uses MCP to access internal tools and data; the same agent uses A2A to communicate with other agents (potentially built on different platforms). Production deployments routinely use both.

How does A2A compare to OpenAPI for agents?

OpenAPI describes REST APIs in a machine-readable format; A2A describes agent capabilities specifically in a way that handles the additional concerns of agent interaction (long-running tasks, streaming results, asynchronous communication, identity, trust). Some A2A implementations use OpenAPI internally for the underlying capability descriptions but add the agent-specific orchestration on top. Think of A2A as agent-aware OpenAPI plus identity, trust, and orchestration.

Do I need to wait for A2A 2.0 before building?

No. A2A 1.2 has stabilized enough for production deployment. The 150 organizations running A2A today are using v1.0 through v1.2 with stable interoperability. Build on 1.2 with the expectation that future versions will be backward-compatible for the major patterns. Avoid building on the bleeding edge of pre-release features.

Does A2A work with non-Google agent platforms?

Yes — that’s the point. Microsoft, AWS, Salesforce, SAP, ServiceNow, Anthropic, and dozens of other vendors have A2A implementations. The Linux Foundation governance is specifically designed to keep the protocol vendor-neutral. The 150-organization deployment count includes substantial cross-vendor production traffic.

What are the security implications of A2A?

Substantial and require deliberate engineering. Cross-organizational agent communication expands the attack surface. The signed agent cards provide a foundation for trust, but production deployments need additional controls: rate limiting, capability restrictions per caller, audit logging, monitoring for anomalous patterns. Treat A2A endpoints with the same security rigor as other organizational APIs that handle external traffic.

How does A2A handle agents that need to maintain conversation state?

Through the conversation primitive in the protocol. A conversation has an identifier, participants, message history, and metadata. Agents reference conversations across multiple message exchanges. The state is maintained at the agent level, not in the protocol — A2A standardizes the way conversations are referenced and how state is communicated, but each agent owns its own state management.