AP
AI Protocol OS
by Techvisory
March 2026
The Agentic AI Protocol Landscape

The TCP/IP Moment
for AI Agents

11 protocols across 5 categories โ€” agent-to-tool, agent-to-agent, agent-to-user, domain-specific, and governance โ€” all converging under the Agentic AI Foundation at the Linux Foundation.

97M+
Monthly MCP SDK Downloads
10,000+
Published MCP Servers
60,000+
AGENTS.md Projects
50+
A2A Ecosystem Partners
๐Ÿ“
The Agent Protocol Stack
How protocols layer together โ€” similar to the TCP/IP model
Governance Layer
Standards, identity, policy & tooling
AAIF AGENTS.md Goose
Open standards, identity, policy, and developer tooling
Domain Layer
Industry-specific workflows
UCP AP2
Commerce, payments, and industry-specific workflows
UI / Interaction Layer
Agent-to-user interfaces
AG-UI A2UI
Stream state, events, and dynamic interfaces to users
Agent Communication
Agent-to-agent discovery & messaging
A2A ACP ANP NLIP
Agents discover, message, and delegate tasks to each other
Tool / Context Layer
Agent-to-tool integration
MCP UTCP
Agents connect to tools, data sources, and APIs

MCP โ€” Model Context Protocol

Created by Anthropic (Nov 2024) ยท De facto industry standard ยท JSON-RPC 2.0 over stdio / HTTP+SSE

97M+
SDK Downloads
10K+
MCP Servers
6
Major Adopters

MCP servers expose four core primitive types that clients can interact with:

Tools
Functions the LLM can invoke โ€” like API calls, calculations, or code execution. Defined input schemas and structured outputs.
Search, query, compute, transform, execute
Resources
Data sources the agent can read โ€” documents, database records, file contents, or live data feeds. Similar to GET endpoints in REST.
Files, DB records, configs, knowledge bases
Prompts
Pre-built prompt templates that guide the LLM for specific workflows. Include placeholders for dynamic context injection.
Analysis templates, report generators, workflows
Sampling
Allows the server to request LLM completions through the client, enabling recursive or agentic patterns within the server itself.
Agentic loops, chain-of-thought, sub-tasks

The 6-step lifecycle of an MCP interaction:

1
Initialize
Client connects to server. Capability negotiation.
2
Discover
Client queries available tools, resources, prompts.
3
Invoke
LLM selects a tool. Client sends JSON-RPC call.
4
Execute
Server runs the tool against native endpoint.
5
Respond
Server returns structured result to client.
6
Notify
Async events for resource changes.

Client-Server Model โ€” The Host manages one or more MCP Clients, each connected to a separate MCP Server that exposes tools, resources & prompts.

MCP HOST
e.g. Claude Desktop, Coding Assistant
MCP CLIENT
LLM
APPLICATION
JSON-RPC โ†’
MCP Server A
Database Connector
โ†’
PostgreSQL
MCP Server B
Web API Wrapper
โ†’
REST API
MCP Server C
File System Access
โ†’
Local Files
โœ• The Old Way โ€” Custom Code Per Integration
FormulaN agents ร— M tools = Nร—M integrations
Per ToolCustom code for each agent
AuthHandled differently each time
Schema ChangesBreak all connected agents
Example3 agents ร— 3 tools = 9 integrations
โœ“ The MCP Way โ€” One Standard Protocol
FormulaN agents + M tools = N+M integrations
Per ToolBuild once, works with every agent
AuthStandardized OAuth 2.1
Schema ChangesHandled by MCP server
Example3 agents + 3 tools = 6 integrations
MCP transforms integration complexity from O(Nร—M) to O(N+M) โ€” the same insight that made USB and HTTP transformative.

MCP supports multiple transport modes โ€” choosing the right one depends on where your tools live:

LOCAL (stdio)
Transportstdin/stdout pipes
LifecycleHost spawns & kills process
LatencyMinimal โ€” in-process IPC
AuthImplicit โ€” same machine
Best ForFile access, local DBs, CLI tools
ExampleSQLite, git, filesystem MCP servers
REMOTE (HTTP + SSE)
TransportHTTP POST + Server-Sent Events
LifecycleAlways running, independent
LatencyNetwork round-trip added
AuthOAuth 2.1 required
Best ForSaaS APIs, shared services, cloud
ExampleGitHub, Slack, Salesforce MCP servers
stdio
Agent spawns MCP server as a subprocess for local processes
HTTP + SSE
Standard HTTP with Server-Sent Events for remote streaming
Streamable HTTP
New in 2025 โ€” replaces deprecated HTTP+SSE with better lifecycle management

OAuth 2.1 Authorization Flow: Client โ†’ Auth Server โ†’ MCP Server โ†’ Resources

OWASP MCP Top 10 published in 2025 provides a security checklist. OAuth 2.1 improves auth, but unified identity across MCP + A2A + AG-UI remains an open challenge.

Tool Poisoning
Malicious MCP servers can inject harmful instructions via tool descriptions, manipulating LLM behavior.
Rug Pulls
Server behavior can change post-approval, executing different code than what was reviewed and approved.
Token Theft
Compromised servers could intercept OAuth tokens or session credentials for unauthorized access.
Privilege Escalation
Overly broad tool permissions could allow unintended system access beyond the intended scope.

SDK Support across 8 languages:

TypeScript Python Java Kotlin C# Go Swift Rust

Popular MCP Servers:

GitHub
Repository management, PRs, issues
Slack
Channel messaging, search, threads
Google Drive
File access, search, editing
PostgreSQL
Database queries, schema inspection
Puppeteer
Browser automation, web scraping
Stripe
Payment processing, customer data
Salesforce
CRM records, opportunities, contacts
Jira
Issue tracking, sprint management
Write Once, Use Everywhere: A Postgres MCP server you build today works identically across Claude, ChatGPT, Gemini, Copilot, and every other MCP-compatible client.

All MCP communication uses JSON-RPC 2.0. Here's what a tool call looks like on the wire:

REQUEST (Client โ†’ Server)
{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "query_database", "arguments": { "sql": "SELECT * FROM users WHERE active = true" } } }
RESPONSE (Server โ†’ Client)
{ "jsonrpc": "2.0", "id": 1, "result": { "content": [{ "type": "text", "text": "Found 142 active users. Top 5: Alice, Bob, Carol, Dave, Eve" }] } }

Core JSON-RPC Methods: tools/list, tools/call, resources/list, resources/read, prompts/list, prompts/get

Agentic AI Foundation (AAIF)

The neutral governance body for open agentic AI standards

Launched Dec 9, 2025
The AAIF is the neutral governance body for open agentic AI standards at the Linux Foundation. It was co-founded by competitors โ€” Anthropic, OpenAI, and Block โ€” who each donated cornerstone projects: MCP, AGENTS.md, and Goose respectively. Its mission is to ensure agentic AI infrastructure remains open, neutral, and community-driven.
Anthropic
MCP
Model Context Protocol
OpenAI
AGENTS.md
Coding agent instructions
Block
Goose
Agent framework
PLATINUM MEMBERS
AWS Anthropic Block Bloomberg Cloudflare Google Microsoft OpenAI

A2A โ€” Agent-to-Agent Protocol

Google โ†’ Linux Foundation ยท Agent collaboration and task delegation

Example: Enterprise Supply Chain โ€” Separate agents handle forecasting, inventory, logistics, and supplier communication, all coordinating through A2A.

Orchestrator Agent
Forecasting Agent
ML Models
Inventory Agent
Warehouse DB
Logistics Agent
Shipping APIs
Supplier Agent
EDI Systems
Each agent uses MCP to connect to its own tools ยท A2A handles inter-agent coordination
๐Ÿ”—
All 11 Protocols by Category
Comprehensive reference for the emerging agent protocol ecosystem
๐Ÿ”ง
Agent โ†’ Tool
How agents access external tools, data & APIs
MCP

Model Context Protocol

Anthropic (Nov 2024). The de facto standard for agent-to-tool integration. JSON-RPC 2.0, OAuth 2.1 auth, 97M+ monthly SDK downloads.

Anthropic JSON-RPC 2.0 AAIF
UTCP

Universal Tool Calling Protocol

Alternative to MCP with a different approach to tool definition and invocation across agents.

Tool Integration
๐Ÿค
Agent โ†’ Agent
How agents discover & collaborate with each other
A2A

Agent-to-Agent Protocol

Google โ†’ Linux Foundation. Enables agents to discover, message, and delegate tasks to each other in multi-agent systems.

Google 50+ Partners
ACP

Agent Communication Protocol

Alternative agent-to-agent communication standard for inter-agent messaging and coordination.

ANP

Agent Network Protocol

Network-level protocol for agent discovery and communication across distributed systems.

NLIP

Natural Language Interaction Protocol

Protocol enabling agents to communicate using natural language message passing.

๐Ÿ‘ค
Agent โ†’ User
How agents interact with human users via UI
AG-UI

Agent-User Interface Protocol

CopilotKit. Standardizes how agents stream state, events, and dynamic interfaces to human users.

CopilotKit UI Streaming
A2UI

Agent-to-User Interface

Alternative approach to agent-to-user interaction and dynamic interface rendering.

๐Ÿญ
Domain-Specific
Protocols for specific industry verticals
UCP

Universal Commerce Protocol

Google + Shopify. Standardizes agentic commerce interactions โ€” product discovery, ordering, payments.

Google Shopify Commerce
AP2

Agent Payment Protocol

Complementary to UCP, focuses specifically on payment workflows in agentic commerce scenarios.

Payments
๐Ÿ›๏ธ
Frameworks & Governance
Standards bodies, developer tooling & agent frameworks
AAIF

Agentic AI Foundation

Linux Foundation body co-founded by Anthropic, OpenAI, Google, Microsoft, AWS, and Block. Neutral governance for open agent standards.

Linux Foundation Dec 2025
AGENTS

AGENTS.md

OpenAI. Standard file format for coding agent instructions. 60K+ projects adopted since Aug 2025.

OpenAI 60K+ Projects
Goose

Goose Agent Framework

Block (Square). Open-source agent framework donated to AAIF as a foundational project.

Block Open Source