Understanding A2A with Heiko Hotz and Sokratis Kartakis – O’Reilly

Generative AI within the Actual World

Generative AI within the Actual World: Understanding A2A with Heiko Hotz and Sokratis Kartakis

Play Episode


Pause Episode

Mute/Unmute Episode


Rewind 10 Seconds

1x

Quick Ahead 30 seconds

00:00
/
33m 10s

Everyone seems to be speaking about brokers: single brokers and, more and more, multi-agent programs. What sort of purposes will we construct with brokers, and the way will we construct with them? How will brokers talk with one another successfully? Why do we’d like a protocol like A2A to specify how they convey? Be part of Ben Lorica as he talks with Heiko Hotz and Sokratis Kartakis about A2A and our agentic future.

In regards to the Generative AI within the Actual World podcast: In 2023, ChatGPT put AI on everybody’s agenda. In 2025, the problem might be turning these agendas into actuality. In Generative AI within the Actual World, Ben Lorica interviews leaders who’re constructing with AI. Study from their expertise to assist put AI to work in your enterprise.

Try different episodes of this podcast on the O’Reilly studying platform.

Timestamps

• 0:00: Intro to Heiko and Sokratis.
• 0:24: It looks like we’re in a Cambrian explosion of frameworks. Why agent-to-agent communication? Some folks would possibly assume we should always concentrate on single-agent tooling first.
• 0:53: Many builders begin growing brokers with fully completely different frameworks. In some unspecified time in the future they wish to hyperlink the brokers collectively. A technique is to alter the code of your software. However it could be simpler when you might get the brokers speaking the identical language. 
• 1:43: Was A2A one thing builders approached you for?
• 1:53: It’s truthful to say that A2A is a forward-looking protocol. We see a future the place one crew develops an agent that does one thing and one other crew in the identical group and even outdoors wish to leverage that functionality. An agent may be very completely different from an API. Prior to now, this was performed through API. With brokers, I want a stateful protocol the place I ship a process and the agent can run asynchronously within the background and do what it must do. That’s the justification for the A2A protocol. Nobody has explicitly requested for this, however we might be there in a couple of months time. 
• 3:55: For builders on this house, probably the most acquainted is MCP, which is a single agent protocol targeted on exterior software integration. What’s the relationship between MCP and A2A?
• 4:26: We imagine that MCP and A2A might be complementary and never rivals. MCP is particular to instruments, and A2A connects brokers with one another. That brings us to the query of when to wrap a performance in a software versus an agent. If we have a look at the technical implementation, that provides us some hints when to make use of every. An MCP software exposes its functionality by a structured schema: I want enter A and B and I provide the sum. I can’t deviate from the schema. It’s additionally a single interplay. If I wrap the identical performance into an agent, the best way I expose the performance is completely different. A2A expects a pure language description of the agent’s performance: “The agent provides two numbers.” Additionally, A2A is stateful. I ship a request and get a consequence. That offers builders a touch on when to make use of an agent and when to make use of a software. I like to make use of the analogy of a merchandising machine versus a concierge. I put cash right into a merchandising machine and push a button and get one thing out. I speak to a concierge and say, “I’m thirsty; purchase me one thing to drink.”
• 7:09: Possibly we will help our listeners make the notion of A2A much more concrete. I inform nonexperts that you simply’re already utilizing an agent to some extent. Deep analysis is an agent. I speak to folks constructing AI instruments in finance, and I’ve a notion that I wish to analysis, however I’ve one agent earnings, one other different information. Do you’ve got a canonical instance you employ?
• 8:13: We are able to parallelize A2A with actual enterprise. Think about separate brokers which can be completely different staff with completely different expertise. They’ve their very own enterprise playing cards. They share the enterprise playing cards with the purchasers. The consumer can perceive what duties they wish to do: study shares, study investments. So I name the best agent or server to get a specialised reply again. Every agent has a enterprise card that describes its expertise and capabilities. I can speak to the agent with reside streaming or ship it messages. It is advisable to outline the way you talk with the agent. And you have to outline the safety technique you’ll use to alternate messages.
• 9:45: Late final 12 months, folks began speaking about single brokers. However folks had been already speaking about what the agent stack could be: reminiscence, storage, observability, and so forth. Now that you’re speaking about multi-agents or A2A, are there essential issues that should be launched to the agentic stack?
• 10:32: You’ll nonetheless have the identical. You’d arguably want extra. Statefulness, reminiscence, entry to instruments.
• 10:48: Is that going to be like a shared reminiscence throughout brokers?
• 10:52: All of it will depend on the structure. The way in which I think about a vanilla structure, the consumer speaks to a router agent, which is the first contact of the consumer with the system. That router agent does quite simple issues like saying “whats up.” However as soon as the consumer asks the system “Guide me a vacation to Paris,” there are lots of steps concerned. (No agent can do that but). The capabilities are getting higher and higher. However the best way I think about it’s that the router agent is the boss, and two or three distant brokers do various things. One finds flights; one books resorts; one books automobiles—all of them want info from one another. The router agent would maintain the context for all of these. Should you construct all of it inside one agentic framework, it turns into even simpler as a result of these frameworks have the ideas of shared reminiscence in-built. However it’s not essentially wanted. If the lodge reserving agent is in-built LangChain and from a distinct crew than the flight reserving agent, the router agent would determine what info is required.
• 13:28: What you simply stated is the argument for why you want these protocols. Your instance is the canonical easy instance. What if my journey entails 4 completely different international locations? I would want a lodge agent for each nation. As a result of resorts would possibly should be specialised for native information.
• 14:12: Technically, you may not want to alter brokers. It is advisable to change the info—what agent has entry to what information. 
• 14:29: We have to parallelize single brokers with multi-agent programs; we transfer from a monolithic software to microservices which have small, devoted brokers to carry out particular duties. This has many advantages. It additionally makes the lifetime of the developer simpler as a result of you may check, you may consider, you may carry out checks earlier than transferring to manufacturing. Think about that you simply gave a human 100 instruments to carry out a process. The human will get confused. It’s the identical for brokers. You want small brokers with particular phrases to carry out the best process. 
• 15:31: Heiko’s instance drives residence why one thing like MCP will not be sufficient. In case you have a grasp agent and all it does is combine with exterior websites, however the integration will not be sensible—if the opposite facet has an agent, that agent may very well be pondering as effectively. Whereas agent-to-agent is one thing of a science fiction in the mean time, it does make sense transferring ahead.
• 16:11: Coming again to Sokratis’s thought, once you give an agent too many instruments and make it attempt to do too many issues, it simply turns into increasingly probably that by reasoning by these instruments, it’s going to choose the unsuitable software. That will get us to analysis and fault tolerance. 
• 16:52: In some unspecified time in the future we would see multi-agent programs talk with different multi-agent programs—an agent mesh.
• 17:05: Within the situation of this lodge reserving, every of the smaller brokers would use their very own native mannequin. They wouldn’t all depend on a central mannequin. Virtually all frameworks can help you select the best mannequin for the best process. If a process is straightforward however nonetheless requires an LLM, a small open supply mannequin may very well be enough. If the duty requires heavy “mind” energy, you would possibly wish to use Gemini 2.5 Professional.
• 18:07: Sokratis introduced up the phrase safety. One of many earlier assaults towards MCP is a situation when an attacker buries directions within the system immediate of the MCP server or its metadata, which then will get despatched into the mannequin. On this case, you’ve got smaller brokers, however one thing might occur to the smaller brokers. What assault eventualities fear you at this level?
• 19:02: There are a lot of ranges at which one thing would possibly go unsuitable. With a single agent, you need to implement guardrails earlier than and after every name to an LLM or agent.
• 19:24: In a single agent, there’s one mannequin. Now every agent is utilizing its personal mannequin. 
• 19:35: And this makes the analysis and safety guardrails much more problematic. From A2A’s facet, it helps all of the completely different safety sorts to authenticate brokers, like API keys, HTTP authentication, OAuth 2. Throughout the agent card, the agent can outline what you have to use to make use of the agent. Then you have to consider this as a service risk. It’s not only a accountability of the protocol. It’s the accountability of the developer.
• 20:29: It’s equal to proper now with MCP. There are millions of MCP servers. How do I do know which to belief? However on the identical time, there are literally thousands of Python packages. I’ve to determine which to belief. At some stage, some vetting must be performed earlier than you belief one other agent. Is that proper?
• 21:00: I might assume so. There’s an amazing article: “The S in MCP Stands for Safety.” We are able to’t communicate as a lot to the MCP protocol, however I do imagine there have been efforts to implement authentication strategies and tackle safety considerations, as a result of that is the primary query enterprises will ask. With out correct authentication and safety, you’ll not have adoption in enterprises, which implies you’ll not have adoption in any respect. WIth A2A, these considerations had been addressed head-on as a result of the A2A crew understood that to get any likelihood of traction, in-built safety was precedence 0. 
• 22:25: Are you acquainted with the buzzword “giant motion fashions”? The notion that your mannequin is now multimodal and might have a look at screens and surroundings states.
• 22:51: Inside DeepMind, we have now Mission Mariner, which leverages Gemini’s capabilities to ask in your behalf about your laptop display.
• 23:06: It is smart that it’s one thing you wish to keep away from when you can. If you are able to do issues in a headless means, why do you wish to fake you’re human? If there’s an API or integration, you’ll go for that. However the actuality is that many instruments information staff use might not have these options but. How does that affect how we construct agent safety? Now that folks would possibly begin constructing brokers to behave like information staff utilizing screens?
• 23:45: I spoke with a financial institution within the UK yesterday, and so they had been very clear that they should have full observability on brokers, even when which means slowing down the method. Due to regulation, they want to have the ability to clarify each request that went to the LLM, and each motion that adopted from that. I imagine observability is the important thing on this setup, the place you simply can’t tolerate any errors. As a result of it’s LLM-based, there’ll nonetheless be errors. However in a financial institution you will need to not less than be ready to elucidate precisely what occurred.
• 24:45: With most clients, every time there’s an agentic answer, they should share that they’re utilizing an agentic answer and the best way [they] are utilizing it’s X, Y, and Z. A authorized settlement is required to make use of the agent. The client must be clear about this. There are different eventualities like UI testing the place, as a developer, I need an agent to start out utilizing my machine. Or an elder who’s related with buyer help of a telco to repair a router. That is not possible for a nontechnical particular person to attain. The concern is there, like nuclear power, which can be utilized in two alternative ways. It’s the identical with brokers and GenAI. 
• 26:08: A2A is a protocol. As a protocol, there’s solely a lot you are able to do on the safety entrance. At some stage, that’s the accountability of the builders. I’ll wish to sign that my agent is safe as a result of I’ve employed a 3rd occasion to do penetration testing. Is there a means for the protocol to embed information concerning the additional step?
• 27:00: A protocol can’t deal with all of the completely different instances. That’s why A2A created the notion of extensions. You possibly can prolong the info construction and likewise the strategies or the profile. Inside this profile, you may say, “I need all of the brokers to make use of this encryption.” And with that, you may inform all of your programs to make use of the identical patterns. You create the extension as soon as, you undertake that for all of the A2A suitable brokers, and it’s prepared. 
• 27:51: For our listeners who haven’t opened the protocol, how simple is it? Is it like REST or RPC?
• 28:05: I personally discovered it inside half a day. For somebody who’s acquainted with RPC, with conventional web protocols, A2A may be very intuitive. You’ve gotten a server; you’ve got a consumer. All you have to study is a few particular ideas, just like the agent card. (The agent card itself may very well be used to sign not solely my capabilities however how I’ve been examined. You possibly can even consider different metrics like uptime and success price.) It is advisable to perceive the idea of a process. After which the distant agent will replace on this process as outlined—for instance, each 5 minutes or [upon] completion of particular subtasks.
• 29:52: A2A already helps JavaScript, TypeScript, Python, Java, and .NET. In ADK, the agent growth package, with one line of code we will outline a brand new A2A agent.
• 30:27: What’s the present state of adoption?
• 30:40: I ought to have regarded on the PyPI obtain numbers.
• 30:49: Are you conscious of groups or firms beginning to use A2A?
• 30:55: I’ve labored with a buyer with an insurance coverage platform. I don’t know something about insurance coverage, however there’s the dealer and the underwriter, that are normally two completely different firms. They had been eager about constructing an agent for every and having the brokers speak through A2A
• 31:32: Sokratis, what about you?
• 31:40: The curiosity is there for certain. Three weeks in the past, I introduced [at] the Google Cloud London Summit with an enormous buyer on the combination of A2A into their agentic platform, and we shared tens of consumers, together with the announcement from Microsoft. Many shoppers begin implementing brokers. In some unspecified time in the future they lack integration throughout enterprise models. Now they see the extra brokers they construct, the extra the necessity for A2A.
• 32:32: A2A is now within the Linux Basis, which makes it extra enticing for firms to discover, undertake, and contribute to, as a result of it’s now not managed by a single entity. So resolution making might be shared throughout a number of entities.