Understanding A2A with Heiko Hotz and Sokratis Kartakis – O’Reilly

Generative AI within the Actual World

Generative AI within the Actual World: Understanding A2A with Heiko Hotz and Sokratis Kartakis

Play Episode


Pause Episode

Mute/Unmute Episode


Rewind 10 Seconds

1x

Quick Ahead 30 seconds

00:00
/
33m 10s

Everyone seems to be speaking about brokers: single brokers and, more and more, multi-agent programs. What sort of functions will we construct with brokers, and the way will we construct with them? How will brokers talk with one another successfully? Why do we want a protocol like A2A to specify how they impart? Be part of Ben Lorica as he talks with Heiko Hotz and Sokratis Kartakis about A2A and our agentic future.

In regards to the Generative AI within the Actual World podcast: In 2023, ChatGPT put AI on everybody’s agenda. In 2025, the problem can be turning these agendas into actuality. In Generative AI within the Actual World, Ben Lorica interviews leaders who’re constructing with AI. Be taught from their expertise to assist put AI to work in your enterprise.

Try different episodes of this podcast on the O’Reilly studying platform.

Timestamps

• 0:00: Intro to Heiko and Sokratis.
• 0:24: It appears like we’re in a Cambrian explosion of frameworks. Why agent-to-agent communication? Some individuals would possibly assume we should always deal with single-agent tooling first.
• 0:53: Many builders begin growing brokers with fully totally different frameworks. In some unspecified time in the future they need to hyperlink the brokers collectively. A technique is to vary the code of your software. However it will be simpler should you may get the brokers speaking the identical language. 
• 1:43: Was A2A one thing builders approached you for?
• 1:53: It’s honest to say that A2A is a forward-looking protocol. We see a future the place one group develops an agent that does one thing and one other group in the identical group and even exterior wish to leverage that functionality. An agent may be very totally different from an API. Previously, this was carried out through API. With brokers, I want a stateful protocol the place I ship a activity and the agent can run asynchronously within the background and do what it must do. That’s the justification for the A2A protocol. Nobody has explicitly requested for this, however we can be there in a couple of months time. 
• 3:55: For builders on this house, essentially the most acquainted is MCP, which is a single agent protocol targeted on exterior device integration. What’s the relationship between MCP and A2A?
• 4:26: We imagine that MCP and A2A can be complementary and never rivals. MCP is restricted to instruments, and A2A connects brokers with one another. That brings us to the query of when to wrap a performance in a device versus an agent. If we take a look at the technical implementation, that provides us some hints when to make use of every. An MCP device exposes its functionality by a structured schema: I want enter A and B and I provide the sum. I can’t deviate from the schema. It’s additionally a single interplay. If I wrap the identical performance into an agent, the best way I expose the performance is totally different. A2A expects a pure language description of the agent’s performance: “The agent provides two numbers.” Additionally, A2A is stateful. I ship a request and get a consequence. That offers builders a touch on when to make use of an agent and when to make use of a device. I like to make use of the analogy of a merchandising machine versus a concierge. I put cash right into a merchandising machine and push a button and get one thing out. I discuss to a concierge and say, “I’m thirsty; purchase me one thing to drink.”
• 7:09: Possibly we can assist our listeners make the notion of A2A much more concrete. I inform nonexperts that you simply’re already utilizing an agent to some extent. Deep analysis is an agent. I discuss to individuals constructing AI instruments in finance, and I’ve a notion that I need to analysis, however I’ve one agent taking a look at earnings, one other taking a look at different information. Do you’ve gotten a canonical instance you utilize?
• 8:13: We are able to parallelize A2A with actual enterprise. Think about separate brokers which might be totally different staff with totally different abilities. They’ve their very own enterprise playing cards. They share the enterprise playing cards with the purchasers. The shopper can perceive what duties they need to do: find out about shares, find out about investments. So I name the precise agent or server to get a specialised reply again. Every agent has a enterprise card that describes its abilities and capabilities. I can discuss to the agent with dwell streaming or ship it messages. It is advisable outline the way you talk with the agent. And you have to outline the safety technique you’ll use to alternate messages.
• 9:45: Late final yr, individuals began speaking about single brokers. However individuals have been already speaking about what the agent stack can be: reminiscence, storage, observability, and so forth. Now that you’re speaking about multi-agents or A2A, are there essential issues that should be launched to the agentic stack?
• 10:32: You’ll nonetheless have the identical. You’d arguably want extra. Statefulness, reminiscence, entry to instruments.
• 10:48: Is that going to be like a shared reminiscence throughout brokers?
• 10:52: All of it will depend on the structure. The best way I think about a vanilla structure, the consumer speaks to a router agent, which is the first contact of the consumer with the system. That router agent does quite simple issues like saying “good day.” However as soon as the consumer asks the system “Guide me a vacation to Paris,” there are a lot of steps concerned. (No agent can do that but). The capabilities are getting higher and higher. However the best way I think about it’s that the router agent is the boss, and two or three distant brokers do various things. One finds flights; one books resorts; one books automobiles—all of them want data from one another. The router agent would maintain the context for all of these. In case you construct all of it inside one agentic framework, it turns into even simpler as a result of these frameworks have the ideas of shared reminiscence inbuilt. But it surely’s not essentially wanted. If the resort reserving agent is inbuilt LangChain and from a unique group than the flight reserving agent, the router agent would determine what data is required.
• 13:28: What you simply mentioned is the argument for why you want these protocols. Your instance is the canonical easy instance. What if my journey includes 4 totally different nations? I would want a resort agent for each nation. As a result of resorts would possibly should be specialised for native information.
• 14:12: Technically, you won’t want to vary brokers. It is advisable change the information—what agent has entry to what information. 
• 14:29: We have to parallelize single brokers with multi-agent programs; we transfer from a monolithic software to microservices which have small, devoted brokers to carry out particular duties. This has many advantages. It additionally makes the lifetime of the developer simpler as a result of you’ll be able to check, you’ll be able to consider, you’ll be able to carry out checks earlier than shifting to manufacturing. Think about that you simply gave a human 100 instruments to carry out a activity. The human will get confused. It’s the identical for brokers. You want small brokers with particular phrases to carry out the precise activity. 
• 15:31: Heiko’s instance drives dwelling why one thing like MCP is probably not sufficient. When you have a grasp agent and all it does is combine with exterior websites, however the integration will not be sensible—if the opposite aspect has an agent, that agent may very well be considering as properly. Whereas agent-to-agent is one thing of a science fiction in the intervening time, it does make sense shifting ahead.
• 16:11: Coming again to Sokratis’s thought, once you give an agent too many instruments and make it attempt to do too many issues, it simply turns into an increasing number of doubtless that by reasoning via these instruments, it can choose the improper device. That will get us to analysis and fault tolerance. 
• 16:52: In some unspecified time in the future we’d see multi-agent programs talk with different multi-agent programs—an agent mesh.
• 17:05: Within the state of affairs of this resort reserving, every of the smaller brokers would use their very own native mannequin. They wouldn’t all depend on a central mannequin. Nearly all frameworks let you select the precise mannequin for the precise activity. If a activity is straightforward however nonetheless requires an LLM, a small open supply mannequin may very well be adequate. If the duty requires heavy “mind” energy, you would possibly need to use Gemini 2.5 Professional.
• 18:07: Sokratis introduced up the phrase safety. One of many earlier assaults towards MCP is a state of affairs when an attacker buries directions within the system immediate of the MCP server or its metadata, which then will get despatched into the mannequin. On this case, you’ve gotten smaller brokers, however one thing could occur to the smaller brokers. What assault situations fear you at this level?
• 19:02: There are lots of ranges at which one thing would possibly go improper. With a single agent, it’s a must to implement guardrails earlier than and after every name to an LLM or agent.
• 19:24: In a single agent, there’s one mannequin. Now every agent is utilizing its personal mannequin. 
• 19:35: And this makes the analysis and safety guardrails much more problematic. From A2A’s aspect, it helps all of the totally different safety sorts to authenticate brokers, like API keys, HTTP authentication, OAuth 2. Inside the agent card, the agent can outline what you have to use to make use of the agent. Then you have to consider this as a service risk. It’s not only a duty of the protocol. It’s the duty of the developer.
• 20:29: It’s equal to proper now with MCP. There are literally thousands of MCP servers. How do I do know which to belief? However on the similar time, there are millions of Python packages. I’ve to determine which to belief. At some degree, some vetting must be carried out earlier than you belief one other agent. Is that proper?
• 21:00: I might assume so. There’s an amazing article: “The S in MCP Stands for Safety.” We are able to’t converse as a lot to the MCP protocol, however I do imagine there have been efforts to implement authentication strategies and tackle safety considerations, as a result of that is the primary query enterprises will ask. With out correct authentication and safety, you’ll not have adoption in enterprises, which implies you’ll not have adoption in any respect. WIth A2A, these considerations have been addressed head-on as a result of the A2A group understood that to get any likelihood of traction, inbuilt safety was precedence 0. 
• 22:25: Are you aware of the buzzword “massive motion fashions”? The notion that your mannequin is now multimodal and may take a look at screens and setting states.
• 22:51: Inside DeepMind, we now have Mission Mariner, which leverages Gemini’s capabilities to ask in your behalf about your pc display.
• 23:06: It is sensible that it’s one thing you need to keep away from should you can. If you are able to do issues in a headless approach, why do you need to faux you’re human? If there’s an API or integration, you’ll go for that. However the actuality is that many instruments information employees use could not have these options but. How does that influence how we construct agent safety? Now that individuals would possibly begin constructing brokers to behave like information employees utilizing screens?
• 23:45: I spoke with a financial institution within the UK yesterday, they usually have been very clear that they should have full observability on brokers, even when which means slowing down the method. Due to regulation, they want to have the ability to clarify each request that went to the LLM, and each motion that adopted from that. I imagine observability is the important thing on this setup, the place you simply can’t tolerate any errors. As a result of it’s LLM-based, there’ll nonetheless be errors. However in a financial institution you should not less than be able to elucidate precisely what occurred.
• 24:45: With most clients, each time there’s an agentic answer, they should share that they’re utilizing an agentic answer and the best way [they] are utilizing it’s X, Y, and Z. A authorized settlement is required to make use of the agent. The shopper must be clear about this. There are different situations like UI testing the place, as a developer, I would like an agent to start out utilizing my machine. Or an elder who’s linked with buyer help of a telco to repair a router. That is not possible for a nontechnical particular person to attain. The worry is there, like nuclear power, which can be utilized in two alternative ways. It’s the identical with brokers and GenAI. 
• 26:08: A2A is a protocol. As a protocol, there’s solely a lot you are able to do on the safety entrance. At some degree, that’s the duty of the builders. I could need to sign that my agent is safe as a result of I’ve employed a 3rd occasion to do penetration testing. Is there a approach for the protocol to embed information concerning the further step?
• 27:00: A protocol can’t deal with all of the totally different instances. That’s why A2A created the notion of extensions. You may lengthen the information construction and likewise the strategies or the profile. Inside this profile, you’ll be able to say, “I would like all of the brokers to make use of this encryption.” And with that, you’ll be able to inform all of your programs to make use of the identical patterns. You create the extension as soon as, you undertake that for all of the A2A appropriate brokers, and it’s prepared. 
• 27:51: For our listeners who haven’t opened the protocol, how straightforward is it? Is it like REST or RPC?
• 28:05: I personally realized it inside half a day. For somebody who’s aware of RPC, with conventional web protocols, A2A may be very intuitive. You’ve gotten a server; you’ve gotten a shopper. All you have to study is a few particular ideas, just like the agent card. (The agent card itself may very well be used to sign not solely my capabilities however how I’ve been examined. You may even consider different metrics like uptime and success fee.) It is advisable perceive the idea of a activity. After which the distant agent will replace on this activity as outlined—for instance, each 5 minutes or [upon] completion of particular subtasks.
• 29:52: A2A already helps JavaScript, TypeScript, Python, Java, and .NET. In ADK, the agent growth package, with one line of code we will outline a brand new A2A agent.
• 30:27: What’s the present state of adoption?
• 30:40: I ought to have seemed on the PyPI obtain numbers.
• 30:49: Are you conscious of groups or corporations beginning to use A2A?
• 30:55: I’ve labored with a buyer with an insurance coverage platform. I don’t know something about insurance coverage, however there’s the dealer and the underwriter, that are often two totally different corporations. They have been enthusiastic about constructing an agent for every and having the brokers discuss through A2A
• 31:32: Sokratis, what about you?
• 31:40: The curiosity is there for positive. Three weeks in the past, I introduced [at] the Google Cloud London Summit with a giant buyer on the mixing of A2A into their agentic platform, and we shared tens of consumers, together with the announcement from Microsoft. Many shoppers begin implementing brokers. In some unspecified time in the future they lack integration throughout enterprise items. Now they see the extra brokers they construct, the extra the necessity for A2A.
• 32:32: A2A is now within the Linux Basis, which makes it extra enticing for corporations to discover, undertake, and contribute to, as a result of it’s now not managed by a single entity. So resolution making can be shared throughout a number of entities.