Understanding A2A with Heiko Hotz and Sokratis Kartakis – O’Reilly

Generative AI within the Actual World

Generative AI within the Actual World: Understanding A2A with Heiko Hotz and Sokratis Kartakis

Play Episode


Pause Episode

Mute/Unmute Episode


Rewind 10 Seconds

1x

Quick Ahead 30 seconds

00:00
/
33m 10s

Everyone seems to be speaking about brokers: single brokers and, more and more, multi-agent programs. What sort of purposes will we construct with brokers, and the way will we construct with them? How will brokers talk with one another successfully? Why do we’d like a protocol like A2A to specify how they impart? Be a part of Ben Lorica as he talks with Heiko Hotz and Sokratis Kartakis about A2A and our agentic future.

Concerning the Generative AI within the Actual World podcast: In 2023, ChatGPT put AI on everybody’s agenda. In 2025, the problem will likely be turning these agendas into actuality. In Generative AI within the Actual World, Ben Lorica interviews leaders who’re constructing with AI. Study from their expertise to assist put AI to work in your enterprise.

Try different episodes of this podcast on the O’Reilly studying platform.

Timestamps

• 0:00: Intro to Heiko and Sokratis.
• 0:24: It seems like we’re in a Cambrian explosion of frameworks. Why agent-to-agent communication? Some individuals may suppose we should always give attention to single-agent tooling first.
• 0:53: Many builders begin creating brokers with fully totally different frameworks. In some unspecified time in the future they need to hyperlink the brokers collectively. A method is to alter the code of your utility. However it could be simpler if you happen to may get the brokers speaking the identical language. 
• 1:43: Was A2A one thing builders approached you for?
• 1:53: It’s truthful to say that A2A is a forward-looking protocol. We see a future the place one group develops an agent that does one thing and one other group in the identical group and even exterior wish to leverage that functionality. An agent could be very totally different from an API. Prior to now, this was performed by way of API. With brokers, I would like a stateful protocol the place I ship a activity and the agent can run asynchronously within the background and do what it must do. That’s the justification for the A2A protocol. Nobody has explicitly requested for this, however we will likely be there in a number of months time. 
• 3:55: For builders on this area, essentially the most acquainted is MCP, which is a single agent protocol targeted on exterior instrument integration. What’s the relationship between MCP and A2A?
• 4:26: We consider that MCP and A2A will likely be complementary and never rivals. MCP is particular to instruments, and A2A connects brokers with one another. That brings us to the query of when to wrap a performance in a instrument versus an agent. If we take a look at the technical implementation, that offers us some hints when to make use of every. An MCP instrument exposes its functionality by a structured schema: I would like enter A and B and I provide the sum. I can’t deviate from the schema. It’s additionally a single interplay. If I wrap the identical performance into an agent, the way in which I expose the performance is totally different. A2A expects a pure language description of the agent’s performance: “The agent provides two numbers.” Additionally, A2A is stateful. I ship a request and get a consequence. That offers builders a touch on when to make use of an agent and when to make use of a instrument. I like to make use of the analogy of a merchandising machine versus a concierge. I put cash right into a merchandising machine and push a button and get one thing out. I speak to a concierge and say, “I’m thirsty; purchase me one thing to drink.”
• 7:09: Possibly we will help our listeners make the notion of A2A much more concrete. I inform nonexperts that you simply’re already utilizing an agent to some extent. Deep analysis is an agent. I speak to individuals constructing AI instruments in finance, and I’ve a notion that I need to analysis, however I’ve one agent taking a look at earnings, one other taking a look at different knowledge. Do you’ve a canonical instance you utilize?
• 8:13: We will parallelize A2A with actual enterprise. Think about separate brokers which are totally different staff with totally different expertise. They’ve their very own enterprise playing cards. They share the enterprise playing cards with the shoppers. The consumer can perceive what duties they need to do: study shares, study investments. So I name the precise agent or server to get a specialised reply again. Every agent has a enterprise card that describes its expertise and capabilities. I can speak to the agent with dwell streaming or ship it messages. You should outline the way you talk with the agent. And you should outline the safety technique you’ll use to alternate messages.
• 9:45: Late final yr, individuals began speaking about single brokers. However individuals have been already speaking about what the agent stack could be: reminiscence, storage, observability, and so forth. Now that you’re speaking about multi-agents or A2A, are there necessary issues that should be launched to the agentic stack?
• 10:32: You’d nonetheless have the identical. You’d arguably want extra. Statefulness, reminiscence, entry to instruments.
• 10:48: Is that going to be like a shared reminiscence throughout brokers?
• 10:52: All of it relies on the structure. The way in which I think about a vanilla structure, the person speaks to a router agent, which is the first contact of the person with the system. That router agent does quite simple issues like saying “howdy.” However as soon as the person asks the system “E book me a vacation to Paris,” there are numerous steps concerned. (No agent can do that but). The capabilities are getting higher and higher. However the way in which I think about it’s that the router agent is the boss, and two or three distant brokers do various things. One finds flights; one books motels; one books vehicles—all of them want data from one another. The router agent would maintain the context for all of these. Should you construct all of it inside one agentic framework, it turns into even simpler as a result of these frameworks have the ideas of shared reminiscence in-built. But it surely’s not essentially wanted. If the resort reserving agent is in-built LangChain and from a special group than the flight reserving agent, the router agent would determine what data is required.
• 13:28: What you simply mentioned is the argument for why you want these protocols. Your instance is the canonical easy instance. What if my journey includes 4 totally different nations? I would want a resort agent for each nation. As a result of motels may should be specialised for native data.
• 14:12: Technically, you won’t want to alter brokers. You should change the info—what agent has entry to what knowledge. 
• 14:29: We have to parallelize single brokers with multi-agent programs; we transfer from a monolithic utility to microservices which have small, devoted brokers to carry out particular duties. This has many advantages. It additionally makes the lifetime of the developer simpler as a result of you’ll be able to take a look at, you’ll be able to consider, you’ll be able to carry out checks earlier than shifting to manufacturing. Think about that you simply gave a human 100 instruments to carry out a activity. The human will get confused. It’s the identical for brokers. You want small brokers with particular phrases to carry out the precise activity. 
• 15:31: Heiko’s instance drives residence why one thing like MCP is probably not sufficient. If in case you have a grasp agent and all it does is combine with exterior websites, however the integration will not be sensible—if the opposite facet has an agent, that agent may very well be pondering as effectively. Whereas agent-to-agent is one thing of a science fiction in the intervening time, it does make sense shifting ahead.
• 16:11: Coming again to Sokratis’s thought, while you give an agent too many instruments and make it attempt to do too many issues, it simply turns into increasingly more probably that by reasoning by means of these instruments, it’ll decide the mistaken instrument. That will get us to analysis and fault tolerance. 
• 16:52: In some unspecified time in the future we would see multi-agent programs talk with different multi-agent programs—an agent mesh.
• 17:05: Within the situation of this resort reserving, every of the smaller brokers would use their very own native mannequin. They wouldn’t all depend on a central mannequin. Virtually all frameworks can help you select the precise mannequin for the precise activity. If a activity is easy however nonetheless requires an LLM, a small open supply mannequin may very well be adequate. If the duty requires heavy “mind” energy, you may need to use Gemini 2.5 Professional.
• 18:07: Sokratis introduced up the phrase safety. One of many earlier assaults in opposition to MCP is a situation when an attacker buries directions within the system immediate of the MCP server or its metadata, which then will get despatched into the mannequin. On this case, you’ve smaller brokers, however one thing could occur to the smaller brokers. What assault situations fear you at this level?
• 19:02: There are a lot of ranges at which one thing may go mistaken. With a single agent, you must implement guardrails earlier than and after every name to an LLM or agent.
• 19:24: In a single agent, there may be one mannequin. Now every agent is utilizing its personal mannequin. 
• 19:35: And this makes the analysis and safety guardrails much more problematic. From A2A’s facet, it helps all of the totally different safety sorts to authenticate brokers, like API keys, HTTP authentication, OAuth 2. Throughout the agent card, the agent can outline what you should use to make use of the agent. Then you should consider this as a service chance. It’s not only a duty of the protocol. It’s the duty of the developer.
• 20:29: It’s equal to proper now with MCP. There are literally thousands of MCP servers. How do I do know which to belief? However on the similar time, there are millions of Python packages. I’ve to determine which to belief. At some stage, some vetting must be performed earlier than you belief one other agent. Is that proper?
• 21:00: I’d suppose so. There’s an excellent article: “The S in MCP Stands for Safety.” We will’t communicate as a lot to the MCP protocol, however I do consider there have been efforts to implement authentication strategies and deal with safety considerations, as a result of that is the primary query enterprises will ask. With out correct authentication and safety, you’ll not have adoption in enterprises, which implies you’ll not have adoption in any respect. WIth A2A, these considerations have been addressed head-on as a result of the A2A group understood that to get any likelihood of traction, in-built safety was precedence 0. 
• 22:25: Are you accustomed to the buzzword “massive motion fashions”? The notion that your mannequin is now multimodal and might take a look at screens and setting states.
• 22:51: Inside DeepMind, we now have Venture Mariner, which leverages Gemini’s capabilities to ask in your behalf about your laptop display screen.
• 23:06: It is smart that it’s one thing you need to keep away from if you happen to can. If you are able to do issues in a headless means, why do you need to fake you’re human? If there’s an API or integration, you’d go for that. However the actuality is that many instruments data staff use could not have these options but. How does that affect how we construct agent safety? Now that folks may begin constructing brokers to behave like data staff utilizing screens?
• 23:45: I spoke with a financial institution within the UK yesterday, they usually have been very clear that they should have full observability on brokers, even when meaning slowing down the method. Due to regulation, they want to have the ability to clarify each request that went to the LLM, and each motion that adopted from that. I consider observability is the important thing on this setup, the place you simply can not tolerate any errors. As a result of it’s LLM-based, there’ll nonetheless be errors. However in a financial institution it’s essential to a minimum of be able to elucidate precisely what occurred.
• 24:45: With most prospects, at any time when there’s an agentic resolution, they should share that they’re utilizing an agentic resolution and the way in which [they] are utilizing it’s X, Y, and Z. A authorized settlement is required to make use of the agent. The shopper must be clear about this. There are different situations like UI testing the place, as a developer, I would like an agent to start out utilizing my machine. Or an elder who’s related with buyer help of a telco to repair a router. That is unattainable for a nontechnical individual to attain. The worry is there, like nuclear vitality, which can be utilized in two other ways. It’s the identical with brokers and GenAI. 
• 26:08: A2A is a protocol. As a protocol, there’s solely a lot you are able to do on the safety entrance. At some stage, that’s the duty of the builders. I’ll need to sign that my agent is safe as a result of I’ve employed a 3rd get together to do penetration testing. Is there a means for the protocol to embed data concerning the further step?
• 27:00: A protocol can’t deal with all of the totally different circumstances. That’s why A2A created the notion of extensions. You’ll be able to lengthen the info construction and likewise the strategies or the profile. Inside this profile, you’ll be able to say, “I would like all of the brokers to make use of this encryption.” And with that, you’ll be able to inform all of your programs to make use of the identical patterns. You create the extension as soon as, you undertake that for all of the A2A appropriate brokers, and it’s prepared. 
• 27:51: For our listeners who haven’t opened the protocol, how straightforward is it? Is it like REST or RPC?
• 28:05: I personally realized it inside half a day. For somebody who’s accustomed to RPC, with conventional web protocols, A2A could be very intuitive. You’ve a server; you’ve a consumer. All you should be taught is a few particular ideas, just like the agent card. (The agent card itself may very well be used to sign not solely my capabilities however how I’ve been examined. You’ll be able to even consider different metrics like uptime and success charge.) You should perceive the idea of a activity. After which the distant agent will replace on this activity as outlined—for instance, each 5 minutes or [upon] completion of particular subtasks.
• 29:52: A2A already helps JavaScript, TypeScript, Python, Java, and .NET. In ADK, the agent improvement equipment, with one line of code we will outline a brand new A2A agent.
• 30:27: What’s the present state of adoption?
• 30:40: I ought to have appeared on the PyPI obtain numbers.
• 30:49: Are you conscious of groups or firms beginning to use A2A?
• 30:55: I’ve labored with a buyer with an insurance coverage platform. I don’t know something about insurance coverage, however there’s the dealer and the underwriter, that are normally two totally different firms. They have been excited about constructing an agent for every and having the brokers speak by way of A2A
• 31:32: Sokratis, what about you?
• 31:40: The curiosity is there for positive. Three weeks in the past, I introduced [at] the Google Cloud London Summit with an enormous buyer on the combination of A2A into their agentic platform, and we shared tens of consumers, together with the announcement from Microsoft. Many shoppers begin implementing brokers. In some unspecified time in the future they lack integration throughout enterprise models. Now they see the extra brokers they construct, the extra the necessity for A2A.
• 32:32: A2A is now within the Linux Basis, which makes it extra engaging for firms to discover, undertake, and contribute to, as a result of it’s now not managed by a single entity. So choice making will likely be shared throughout a number of entities.