A Security Engineer's Guide to the A2A Protocol

Semgrep's guide explores the Agent to Agent (A2A) protocol, a standard for enabling communication between LLM-based software agents, which aids in agentic interoperability by allowing agents to perform specific tasks and coordinate with one another, as exemplified by a travel agent coordinating with flight and hotel agents. The A2A protocol, distinct from the agent-to-tool MCP protocol, leverages JSON-RPC, gRPC, and REST for communication, emphasizing the importance of adopting standards to reduce bespoke coding and improve code review processes. Security concerns are discussed, highlighting risks such as prompt injection, OAuth token vulnerabilities, and serialization issues, all of which require careful implementation to prevent unauthorized access and data leakage. The guide emphasizes the potential revival of capability-based access controls to manage the intricate interactions of LLMs, acknowledging that while A2A's current adoption is limited, interest is growing, particularly among large-scale deployments and foundation model providers. As A2A adoption expands, there is a pressing need for security professionals to anticipate and mitigate associated risks, with the guide offering insights and checklists for auditing A2A implementations.