Agent-to-Agent Trust Without Data Sharing

The TPRM process is broken at the format level. Your vendor fills out a 300-question questionnaire manually. You get a spreadsheet with 287 "Yes." You trust it. You set a reminder for next year. Nobody verifies whether a single control actually works. Today I'm releasing Corsair: an open compliance infrastructure protocol, custom-built for the GRC engineering world. Corsair gives security tools a standard way to sign their output into a cryptographically verifiable proof. A CPOE (Certificate of Proof of Operational Effectiveness). And it gives relying parties a standard way to verify it.  It's not SaaS. It's a protocol. One format. Any tool can produce it. Anyone can verify it. No vendor account required. Three surfaces: CLI: Six primitives that compose like git commands: sign, log, trust-txt generate, verify, diff, signal. Built for pipelines and terminals. (brew, npm, or git clone, all available) API: REST endpoints for signing, verifying, and logging from any system. Integrate directly without the CLI. Agent skill: npx skills add grcorsair/corsair on skills.sh. Native skill for Claude Code, Cursor, Copilot, and 25+ other AI agents. On trust.txt: Trust centers exist because there was no open, machine-readable standard for making compliance evidence discoverable. They were built for humans to consume. trust.txt is that standard. Instead of a vendor maintaining a closed portal, they publish a trust.txt file. An agent fetches it, discovers their CPOEs, and runs corsair verify. No portal login. No proprietary system. No human review required on either side. Strong adoption makes the closed trust centre model structurally unnecessary. This is the most underrated primitive in the set. The deeper implication: as AI agents operate autonomously in procurement and security review workflows, they need to establish trust with each other without human attestation in the middle. CPOEs are the cryptographic basis for that exchange. Corsair is the infrastructure layer for agent-to-agent trust in GRC contexts. That layer didn't exist before today. That's why Corsair has no "LLM" features in it. I wanted it to be agentic-first vs. adding another subjectivity layer. Your AI agent supplies the intelligence. Corsair supplies the proof. The signature is either valid or it isn't. No LLM asked to decide. I'm working on blog posts and videos covering each primitive in depth because I know it's a lot. Real integration patterns, workflow examples, and the full disruption case for TPRM and beyond. If there's a specific workflow you want covered first, drop it in the comments. This week's GRC Engineer launch newsletter has the full protocol breakdown and why I named it after pirates 🏴☠️. Link in the comments. Thanks to Anecdotes for sponsoring this week's newsletter!  Apache 2.0. CPOE spec is CC BY 4.0.  → grcorsair.com

AI Agents: A Deep Dive into the MCP × A2A Framework What if AI systems could collaborate as seamlessly as human teams? This question lies at the heart of Cheonsu Jeong’s (SAMSUNG) study on interoperability for LLM-based autonomous agents. Let’s break down why this matters, what’s new, and how it solves real-world challenges. 👉 WHY THIS MATTERS Modern AI systems face two critical bottlenecks: 1. Isolated expertise: Single agents struggle with complex tasks requiring diverse skills (e.g., analyzing stock trends and generating investment advice). 2. Fragmented communication: Agents built on different platforms often can’t share data or coordinate workflows effectively. Without standardized protocols, multi-agent collaboration resembles a polyglot team without interpreters – full of potential but hobbled by misalignment. 👉 WHAT THE STUDY SOLVES The paper introduces a unified approach combining two protocols: - A2A (Agent-to-Agent): Acts as a “common language” for agents to negotiate tasks, share results, and manage workflows.  - Example: A customer service agent seamlessly hands off complex queries to a billing specialist agent. - MCP (Model Context Protocol): Serves as a “universal adapter” for connecting agents to external tools (APIs, databases, etc.).  - Example: A research agent pulls live financial data via MCP, then shares insights with other agents via A2A. Key innovation: Combining these protocols creates a layered architecture where: - Agents collaborate dynamically (A2A) - Tools integrate consistently (MCP) - Security and scalability are baked in 👉 HOW IT WORKS IN PRACTICE A stock analysis system demonstrates the framework: 1. User query: “Analyze Samsung Electronics’ stock performance.” 2. Orchestrator agent breaks the request into sub-tasks using A2A:   - Price lookup agent → News aggregator agent → Financial analysis agent 3. Each agent uses MCP to access specialized tools:   - Stock APIs, news scrapers, financial databases 4. Results are synthesized into a unified report. Technical backbone: - LangGraph manages multi-agent workflows - JSON schemas ensure data compatibility - OAuth 2.0 secures inter-agent communication 👉 WHY DEVELOPERS SHOULD CARE - 70% less code for tool integration vs. custom APIs - 65% faster scaling when adding new agents - Enterprise-ready error handling and audit trails Key Takeaway This framework isn’t about replacing human teams – it’s about creating AI systems that mirror the best of human collaboration: specialized roles, clear communication, and shared tools. For developers, it offers a pragmatic path to build complex AI solutions without reinventing protocols. Paper link in comments. What use cases would "you" build with interoperable AI agents? Let’s discuss! Study: "A Study on the MCP × A2A Framework for Enhancing Interoperability of LLM-based Autonomous Agents" by Cheonsu Jeong (Samsung SDS)

🚀 Google’s Agent2Agent Protocol vs MCP: What’s the Real Difference? It feels like theres something new everyday with AI Agents but most people are still confuse how these agents actually talk to each other vs how they talk to tools. So let’s clear up the confusion with one post 👇 Google’s Agent2Agent (A2A) protocol and the Model Context Protocol (MCP) serve two very different purposes in the Agentic ecosystem - and both are essential if you’re building serious multi-agent applications. Here’s a breakdown that finally makes it click: 🧠 What is A2A? A2A Protocol was introduced by Google to enable agents to discover, collaborate securely, efficiently, and intelligently — without exposing their internal data or implementation. Think of it like this: A2A is a “conference room” where agents negotiate, share tasks, and coordinate actions - but only reveal what’s necessary. 📌 Key features: Secure agent discovery and collaboration Stateless or stateful negotiation between agents JSON “agent cards” to advertise capabilities Shared memory + coordination without sharing private data Perfect for: - Multi-agent planning - Dynamic workflows - Enterprise-grade security 🛠️ What is MCP? The Model Context Protocol (MCP) is the foundation for how an agent interfaces with external tools, APIs, and data sources. Think of MCP as a “toolbox workshop” — structured, schema-driven, focused on precision and execution.  📌 Key features: Agent → MCP Server → Tools/Data Uses JSON schemas to define tool functions Supports local files, cloud APIs, search, and more Stateless and transactional Perfect for:  - File access, data retrieval  - API integrations  - Single-turn tool usage Why BOTH Matter? MCP is for when your agent needs to do something (query an API, fetch a doc). A2A is for when your agent needs to coordinate with other agents (collaborative tasks, delegation, negotiation). In complex enterprise environments — like those using LangGraph, Supabase, or Google’s AIDK — you’ll typically have MCP handling tool use and A2A handling multi-agent collaboration. You need both to scale. 😕 Still Confused? See the Diagram. I made a full breakdown in the visual above — same style I use when explaining this to engineering teams and AI architects. If I was going to use one phrase it'd be agent-to-tools (MCP) vs agent-to-agent (A2A) Bottom Line: If you’re building Agentic systems that: ✔️ Talk to tools (APIs, files, databases) → MCP ✔️ Talk to other agents (task routing, collaboration) → A2A Both protocols serve different layers of the Agentic stack — and combining them is how companies are scaling 10x. If you’re a founder or team lead exploring AI workflows, I’ve broken this down in our AI Progression Framework — the same one used by several of our enterprise clients. Follow for regular breakdowns on building practical AI agent systems in the wild. #AI #AgenticAI #GoogleA2A #MCP #MultiAgent #LLMs #AIEngineering #DevTools #WorkflowAutomation

𝗔𝗴𝗲𝗻𝘁𝟮𝗔𝗴𝗲𝗻𝘁 (𝗔𝟮𝗔): 𝗧𝗵𝗲 𝗢𝗽𝗲𝗻 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗳𝗼𝗿 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 Agent2Agent (A2A) Protocol is an open standard enabling 𝙨𝙚𝙖𝙢𝙡𝙚𝙨𝙨 𝙘𝙤𝙢𝙢𝙪𝙣𝙞𝙘𝙖𝙩𝙞𝙤𝙣 𝙖𝙣𝙙 𝙘𝙤𝙡𝙡𝙖𝙗𝙤𝙧𝙖𝙩𝙞𝙤𝙣 𝙗𝙚𝙩𝙬𝙚𝙚𝙣 𝘼𝙄 𝙖𝙜𝙚𝙣𝙩𝙨 - 𝙧𝙚𝙜𝙖𝙧𝙙𝙡𝙚𝙨𝙨 𝙤𝙛 𝙩𝙝𝙚𝙞𝙧 𝙪𝙣𝙙𝙚𝙧𝙡𝙮𝙞𝙣𝙜 𝙛𝙧𝙖𝙢𝙚𝙬𝙤𝙧𝙠. Google introduced the protocol in April 2025, and it’s now part of The Linux Foundation's open-source program. A2A acts as a communication layer and embraces Agentic Capabilities, allowing agents to talk, coordinate, and work together naturally. 𝗪𝗵𝗮𝘁 𝗰𝗮𝗻 𝗔𝟮𝗔 𝗱𝗼? 🔶𝘿𝙞𝙨𝙘𝙤𝙫𝙚𝙧 𝙘𝙖𝙥𝙖𝙗𝙞𝙡𝙞𝙩𝙞𝙚𝙨:: Identify other available agents and understand their functions. 🔶𝙉𝙚𝙜𝙤𝙩𝙞𝙖𝙩𝙚 𝙞𝙣𝙩𝙚𝙧𝙖𝙘𝙩𝙞𝙤𝙣: Determine the appropriate modality to exchange information —simple text, structured forms, perhaps even bidirectional multimedia streams. 🔶𝘾𝙤𝙡𝙡𝙖𝙗𝙤𝙧𝙖𝙩𝙚 𝙨𝙚𝙘𝙪𝙧𝙚𝙡𝙮: Execute tasks cooperatively, passing instructions and data reliably and safely without sharing the tools, memory of the other agents, which are proprietary to the target agent. 𝗔𝟮𝗔 𝘃𝘀 𝗠𝗖𝗣 – 𝗪𝗵𝘆 𝗯𝗼𝘁𝗵 𝗺𝗮𝘁𝘁𝗲𝗿? 🔶𝙈𝘾𝙋 (𝙈𝙤𝙙𝙚𝙡 𝘾𝙤𝙣𝙩𝙚𝙭𝙩 𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡) 𝘪𝘴 𝘮𝘦𝘢𝘯𝘵 𝘵𝘰 𝘤𝘰𝘯𝘯𝘦𝘤𝘵 𝘢𝘨𝘦𝘯𝘵𝘴 𝘵𝘰 𝘵𝘰𝘰𝘭𝘴, 𝘈𝘗𝘐𝘴, and resources with structured inputs/outputs. Think of it as the way agents access their capabilities. 🔶A2A (Agent2Agent Protocol) facilitates dynamic, multimodal communication 𝘣𝘦𝘵𝘸𝘦𝘦𝘯 𝘥𝘪𝘧𝘧𝘦𝘳𝘦𝘯𝘵 𝘢𝘨𝘦𝘯𝘵𝘴 𝘢𝘴 𝘱𝘦𝘦𝘳𝘴. It's how agents collaborate, delegate, and manage shared tasks Both these protocols are meant to complement each other. 𝗔𝟮𝗔 𝗖𝗼𝗿𝗲 𝗖𝗼𝗺𝗽𝗼𝗻𝗲𝗻𝘁𝘀 🔹𝘼2𝘼 𝙘𝙡𝙞𝙚𝙣𝙩 (𝙘𝙡𝙞𝙚𝙣𝙩 𝙖𝙜𝙚𝙣𝙩) - Initiates the request 🔹𝘼2𝘼 𝙨𝙚𝙧𝙫𝙚𝙧 (𝙧𝙚𝙢𝙤𝙩𝙚 𝙖𝙜𝙚𝙣𝙩) - Server Agent, takes requests, processes tasks, and responds with status updates or results 🔹𝘼𝙜𝙚𝙣𝙩 𝙘𝙖𝙧𝙙 - This JSON file contains information about an agent - name, description, version, service endpoint URL, supported modalities and authentication requirements. 🔹𝙏𝙖𝙨𝙠 - A task represents a unit of work with a unique ID for tracking long-running collaborations. 🔹𝙈𝙚𝙨𝙨𝙖𝙜𝙚 - Messages relay answers, context, instructions, prompts, questions, replies, and status updates. 🔹𝘼𝙧𝙩𝙞𝙛𝙖𝙘𝙩 - An artifact is a tangible product generated by the A2A server as a result of its work. It can be a document, image, or spreadsheet 🔹𝙋𝙖𝙧𝙩- A part is a piece of content inside a message or an artifact With A2A, AI agents can truly collaborate—across frameworks, platforms, and domains.

𝐀𝐠𝐞𝐧𝐭𝐢𝐜 𝐀𝐈 𝐢𝐬 𝐜𝐨𝐦𝐢𝐧𝐠 𝐟𝐚𝐬𝐭. 𝐓𝐡𝐞 𝐫𝐞𝐚𝐥 𝐫𝐢𝐬𝐤? 𝐈𝐭’𝐬 𝐢𝐧𝐬𝐞𝐜𝐮𝐫𝐞 𝐜𝐨𝐨𝐫𝐝𝐢𝐧𝐚𝐭𝐢𝐨𝐧. As LLMs evolve into autonomous agents capable of delegating tasks, invoking APIs, and collaborating with other agents, the architecture shifts. We’re no longer building models. We’re building distributed AI systems. And distributed systems demand trust boundaries, identity protocols, and secure coordination layers. A new paper offers one of the first serious treatments of Google’s A2A (Agent2Agent) protocol. It tackles the emerging problem of agent identity, task integrity, and inter-agent trust. Key takeaways: • Agent cards act as verifiable identity tokens for each agent • Task delegation must be traceable, with clear lineage and role boundaries • Authentication happens agent to agent, not just user to agent • The protocol works closely with the Model Context Protocol (MCP), enabling secure state sharing across execution chains The authors use the MAESTRO framework to run a threat model, and it’s clear we’re entering new territory: • Agents impersonating others in long chains of delegation • Sensitive context leaking between tasks and roles • Models exploiting ambiguities in open-ended requests Why this matters If you’re building agentic workflows for customer support, enterprise orchestration, or RPA-style automation, you’re going to hit this fast. The question won’t just be “Did the agent work?” It’ll be: • Who authorized it? • What was it allowed to see? • How was the output verified? • What context was shared, when, and with whom? The strategic lens • We need agent governance as a native part of the runtime, not a bolt-on audit log • Platform builders should treat A2A-like protocols as foundational, not optional • Enterprise buyers will soon ask vendors, “Do you support agent identity, delegation tracing, and zero trust agent networks?” This is where agent architecture meets enterprise-grade engineering. Ignore this layer and you’re not just exposing data. You’re creating systems where no one can confidently answer what happened, who triggered it, or why. We’ve moved beyond the sandbox. Time to build like it.

AI-to-AI Agents: Powering Mobility Ecosystems Last week, I had the pleasure of meeting with several car manufacturers and Tier 1 suppliers. We had a fascinating and profound discussion about the role of AI agents in overcoming the data-sharing challenges that have long plagued the mobility ecosystem. The challenge is straightforward: to power a mobility ecosystem involving various stakeholders (cars, trucks, fleets, smart cities, citizens, etc.), data sharing has traditionally been the only solution. However, due to stringent regulations and strong data ownership by each player, achieving seamless data sharing has been incredibly difficult. AI-to-AI agent communication offers a promising alternative. By enabling agents to collaborate on various tasks without sharing data between stakeholders, we can maintain data privacy and ownership. For instance, a tire AI agent can monitor tire health and, based on specific alerts or conditions, communicate with the vehicle monitoring AI agent. This agent can then inform the AI driver agent to alert the driver about specific driving conditions requiring attention. Alternatively, the tire AI agent can communicate with the vehicle monitoring AI agent, which can then instruct the AI autonomous agent to adjust driving based on specific conditions. What excites me about AI-to-AI agent relationships is that each stakeholder can focus on their core competencies and data while contributing to a broader ecosystem without the need for complex data-sharing agreements. This discussion generated significant interest from car and truck OEMs and Tier 1 suppliers. What do you think? #AI #ArtificialIntelligence #Mobility #SmartCities #DataPrivacy #AutonomousVehicles #Innovation #Technology #Ecosystem #Collaboration