Understanding A2A with Heiko Hotz and Sokratis Kartakis – O’Reilly

Generative AI within the Actual World

Generative AI within the Actual World: Understanding A2A with Heiko Hotz and Sokratis Kartakis

Play Episode


Pause Episode

Mute/Unmute Episode


Rewind 10 Seconds

1x

Quick Ahead 30 seconds

00:00
/
33m 10s

Everyone seems to be speaking about brokers: single brokers and, more and more, multi-agent techniques. What sort of functions will we construct with brokers, and the way will we construct with them? How will brokers talk with one another successfully? Why do we’d like a protocol like A2A to specify how they convey? Be part of Ben Lorica as he talks with Heiko Hotz and Sokratis Kartakis about A2A and our agentic future.

Concerning the Generative AI within the Actual World podcast: In 2023, ChatGPT put AI on everybody’s agenda. In 2025, the problem might be turning these agendas into actuality. In Generative AI within the Actual World, Ben Lorica interviews leaders who’re constructing with AI. Study from their expertise to assist put AI to work in your enterprise.

Try different episodes of this podcast on the O’Reilly studying platform.

Timestamps

• 0:00: Intro to Heiko and Sokratis.
• 0:24: It seems like we’re in a Cambrian explosion of frameworks. Why agent-to-agent communication? Some individuals would possibly suppose we should always deal with single-agent tooling first.
• 0:53: Many builders begin growing brokers with utterly totally different frameworks. Sooner or later they need to hyperlink the brokers collectively. A method is to vary the code of your utility. However it will be simpler for those who might get the brokers speaking the identical language. 
• 1:43: Was A2A one thing builders approached you for?
• 1:53: It’s truthful to say that A2A is a forward-looking protocol. We see a future the place one staff develops an agent that does one thing and one other staff in the identical group and even exterior wish to leverage that functionality. An agent could be very totally different from an API. Prior to now, this was accomplished through API. With brokers, I want a stateful protocol the place I ship a job and the agent can run asynchronously within the background and do what it must do. That’s the justification for the A2A protocol. Nobody has explicitly requested for this, however we might be there in a number of months time. 
• 3:55: For builders on this house, probably the most acquainted is MCP, which is a single agent protocol centered on exterior software integration. What’s the relationship between MCP and A2A?
• 4:26: We consider that MCP and A2A might be complementary and never rivals. MCP is particular to instruments, and A2A connects brokers with one another. That brings us to the query of when to wrap a performance in a software versus an agent. If we have a look at the technical implementation, that provides us some hints when to make use of every. An MCP software exposes its functionality by a structured schema: I want enter A and B and I provide the sum. I can’t deviate from the schema. It’s additionally a single interplay. If I wrap the identical performance into an agent, the way in which I expose the performance is totally different. A2A expects a pure language description of the agent’s performance: “The agent provides two numbers.” Additionally, A2A is stateful. I ship a request and get a end result. That offers builders a touch on when to make use of an agent and when to make use of a software. I like to make use of the analogy of a merchandising machine versus a concierge. I put cash right into a merchandising machine and push a button and get one thing out. I discuss to a concierge and say, “I’m thirsty; purchase me one thing to drink.”
• 7:09: Perhaps we might help our listeners make the notion of A2A much more concrete. I inform nonexperts that you simply’re already utilizing an agent to some extent. Deep analysis is an agent. I discuss to individuals constructing AI instruments in finance, and I’ve a notion that I need to analysis, however I’ve one agent earnings, one other different information. Do you may have a canonical instance you utilize?
• 8:13: We are able to parallelize A2A with actual enterprise. Think about separate brokers which can be totally different staff with totally different abilities. They’ve their very own enterprise playing cards. They share the enterprise playing cards with the shoppers. The consumer can perceive what duties they need to do: study shares, study investments. So I name the fitting agent or server to get a specialised reply again. Every agent has a enterprise card that describes its abilities and capabilities. I can discuss to the agent with reside streaming or ship it messages. It’s essential to outline the way you talk with the agent. And you have to outline the safety methodology you’ll use to alternate messages.
• 9:45: Late final 12 months, individuals began speaking about single brokers. However individuals have been already speaking about what the agent stack could be: reminiscence, storage, observability, and so forth. Now that you’re speaking about multi-agents or A2A, are there necessary issues that have to be launched to the agentic stack?
• 10:32: You’ll nonetheless have the identical. You’d arguably want extra. Statefulness, reminiscence, entry to instruments.
• 10:48: Is that going to be like a shared reminiscence throughout brokers?
• 10:52: All of it relies on the structure. The way in which I think about a vanilla structure, the person speaks to a router agent, which is the first contact of the person with the system. That router agent does quite simple issues like saying “whats up.” However as soon as the person asks the system “Ebook me a vacation to Paris,” there are numerous steps concerned. (No agent can do that but). The capabilities are getting higher and higher. However the way in which I think about it’s that the router agent is the boss, and two or three distant brokers do various things. One finds flights; one books inns; one books automobiles—all of them want data from one another. The router agent would maintain the context for all of these. When you construct all of it inside one agentic framework, it turns into even simpler as a result of these frameworks have the ideas of shared reminiscence inbuilt. But it surely’s not essentially wanted. If the resort reserving agent is inbuilt LangChain and from a special staff than the flight reserving agent, the router agent would resolve what data is required.
• 13:28: What you simply stated is the argument for why you want these protocols. Your instance is the canonical easy instance. What if my journey includes 4 totally different international locations? I’d want a resort agent for each nation. As a result of inns would possibly have to be specialised for native information.
• 14:12: Technically, you won’t want to vary brokers. It’s essential to change the info—what agent has entry to what information. 
• 14:29: We have to parallelize single brokers with multi-agent techniques; we transfer from a monolithic utility to microservices which have small, devoted brokers to carry out particular duties. This has many advantages. It additionally makes the lifetime of the developer simpler as a result of you may take a look at, you may consider, you may carry out checks earlier than shifting to manufacturing. Think about that you simply gave a human 100 instruments to carry out a job. The human will get confused. It’s the identical for brokers. You want small brokers with particular phrases to carry out the fitting job. 
• 15:31: Heiko’s instance drives dwelling why one thing like MCP might not be sufficient. When you’ve got a grasp agent and all it does is combine with exterior websites, however the integration just isn’t good—if the opposite facet has an agent, that agent may very well be considering as properly. Whereas agent-to-agent is one thing of a science fiction for the time being, it does make sense shifting ahead.
• 16:11: Coming again to Sokratis’s thought, if you give an agent too many instruments and make it attempt to do too many issues, it simply turns into an increasing number of possible that by reasoning by means of these instruments, it should decide the fallacious software. That will get us to analysis and fault tolerance. 
• 16:52: Sooner or later we’d see multi-agent techniques talk with different multi-agent techniques—an agent mesh.
• 17:05: Within the situation of this resort reserving, every of the smaller brokers would use their very own native mannequin. They wouldn’t all depend on a central mannequin. Nearly all frameworks help you select the fitting mannequin for the fitting job. If a job is straightforward however nonetheless requires an LLM, a small open supply mannequin may very well be ample. If the duty requires heavy “mind” energy, you would possibly need to use Gemini 2.5 Professional.
• 18:07: Sokratis introduced up the phrase safety. One of many earlier assaults towards MCP is a situation when an attacker buries directions within the system immediate of the MCP server or its metadata, which then will get despatched into the mannequin. On this case, you may have smaller brokers, however one thing could occur to the smaller brokers. What assault situations fear you at this level?
• 19:02: There are lots of ranges at which one thing would possibly go fallacious. With a single agent, you must implement guardrails earlier than and after every name to an LLM or agent.
• 19:24: In a single agent, there’s one mannequin. Now every agent is utilizing its personal mannequin. 
• 19:35: And this makes the analysis and safety guardrails much more problematic. From A2A’s facet, it helps all of the totally different safety varieties to authenticate brokers, like API keys, HTTP authentication, OAuth 2. Throughout the agent card, the agent can outline what you have to use to make use of the agent. Then you have to consider this as a service risk. It’s not only a accountability of the protocol. It’s the accountability of the developer.
• 20:29: It’s equal to proper now with MCP. There are literally thousands of MCP servers. How do I do know which to belief? However on the identical time, there are millions of Python packages. I’ve to determine which to belief. At some stage, some vetting must be accomplished earlier than you belief one other agent. Is that proper?
• 21:00: I might suppose so. There’s an excellent article: “The S in MCP Stands for Safety.” We are able to’t converse as a lot to the MCP protocol, however I do consider there have been efforts to implement authentication strategies and tackle safety issues, as a result of that is the primary query enterprises will ask. With out correct authentication and safety, you’ll not have adoption in enterprises, which implies you’ll not have adoption in any respect. WIth A2A, these issues have been addressed head-on as a result of the A2A staff understood that to get any likelihood of traction, inbuilt safety was precedence 0. 
• 22:25: Are you acquainted with the buzzword “massive motion fashions”? The notion that your mannequin is now multimodal and might have a look at screens and atmosphere states.
• 22:51: Inside DeepMind, now we have Challenge Mariner, which leverages Gemini’s capabilities to ask in your behalf about your laptop display screen.
• 23:06: It is sensible that it’s one thing you need to keep away from for those who can. If you are able to do issues in a headless manner, why do you need to fake you’re human? If there’s an API or integration, you’d go for that. However the actuality is that many instruments information staff use could not have these options but. How does that influence how we construct agent safety? Now that folks would possibly begin constructing brokers to behave like information staff utilizing screens?
• 23:45: I spoke with a financial institution within the UK yesterday, they usually have been very clear that they should have full observability on brokers, even when meaning slowing down the method. Due to regulation, they want to have the ability to clarify each request that went to the LLM, and each motion that adopted from that. I consider observability is the important thing on this setup, the place you simply can not tolerate any errors. As a result of it’s LLM-based, there’ll nonetheless be errors. However in a financial institution it’s essential to at the least be ready to clarify precisely what occurred.
• 24:45: With most prospects, at any time when there’s an agentic resolution, they should share that they’re utilizing an agentic resolution and the way in which [they] are utilizing it’s X, Y, and Z. A authorized settlement is required to make use of the agent. The client must be clear about this. There are different situations like UI testing the place, as a developer, I need an agent to start out utilizing my machine. Or an elder who’s linked with buyer assist of a telco to repair a router. That is unattainable for a nontechnical individual to realize. The worry is there, like nuclear power, which can be utilized in two alternative ways. It’s the identical with brokers and GenAI. 
• 26:08: A2A is a protocol. As a protocol, there’s solely a lot you are able to do on the safety entrance. At some stage, that’s the accountability of the builders. I could need to sign that my agent is safe as a result of I’ve employed a 3rd get together to do penetration testing. Is there a manner for the protocol to embed information concerning the additional step?
• 27:00: A protocol can’t deal with all of the totally different circumstances. That’s why A2A created the notion of extensions. You may prolong the info construction and likewise the strategies or the profile. Inside this profile, you may say, “I need all of the brokers to make use of this encryption.” And with that, you may inform all of your techniques to make use of the identical patterns. You create the extension as soon as, you undertake that for all of the A2A appropriate brokers, and it’s prepared. 
• 27:51: For our listeners who haven’t opened the protocol, how simple is it? Is it like REST or RPC?
• 28:05: I personally realized it inside half a day. For somebody who’s acquainted with RPC, with conventional web protocols, A2A could be very intuitive. You may have a server; you may have a consumer. All you have to be taught is a few particular ideas, just like the agent card. (The agent card itself may very well be used to sign not solely my capabilities however how I’ve been examined. You may even consider different metrics like uptime and success price.) It’s essential to perceive the idea of a job. After which the distant agent will replace on this job as outlined—for instance, each 5 minutes or [upon] completion of particular subtasks.
• 29:52: A2A already helps JavaScript, TypeScript, Python, Java, and .NET. In ADK, the agent growth equipment, with one line of code we are able to outline a brand new A2A agent.
• 30:27: What’s the present state of adoption?
• 30:40: I ought to have seemed on the PyPI obtain numbers.
• 30:49: Are you conscious of groups or corporations beginning to use A2A?
• 30:55: I’ve labored with a buyer with an insurance coverage platform. I don’t know something about insurance coverage, however there’s the dealer and the underwriter, that are normally two totally different corporations. They have been occupied with constructing an agent for every and having the brokers discuss through A2A
• 31:32: Sokratis, what about you?
• 31:40: The curiosity is there for positive. Three weeks in the past, I offered [at] the Google Cloud London Summit with a giant buyer on the mixing of A2A into their agentic platform, and we shared tens of shoppers, together with the announcement from Microsoft. Many shoppers begin implementing brokers. Sooner or later they lack integration throughout enterprise models. Now they see the extra brokers they construct, the extra the necessity for A2A.
• 32:32: A2A is now within the Linux Basis, which makes it extra enticing for corporations to discover, undertake, and contribute to, as a result of it’s now not managed by a single entity. So determination making might be shared throughout a number of entities.