Posted in Trending

Tired of Custom AI Wiring? There’s a Better Way

   Published Date: June 2, 2025  Leave a Comment on Tired of Custom AI Wiring? There’s a Better Way

Subscribe Previous Issues

The Protocol Foundation: Building Enterprise-Ready AI Agent Systemsst

I often hear a recurring concern from teams working with AI: will our agents truly integrate with our existing systems, or are we facing an endless cycle of custom wiring for each new tool? Agentic AI protocols are emerging as a potential solution. These protocols provide the essential “plumbing” that could transform a foundation model into a genuinely useful, interconnected enterprise asset. Much like the early days of internet standards, there’s a palpable urgency to establish reliable frameworks before the initial enthusiasm wanes.

Join our supporters: Help fund the content you love.

Agentic AI protocols enable agents – frequently powered by large language models (LLMs) – to reliably locate context, invoke tools, and collaborate with other systems. The ambition is for these protocols to fulfill a role for AI systems analogous to that of TCP/IP and HTTP for the internet. They seek to establish a common, agreed-upon structure, transforming bespoke integrations into more reusable components.

In the absence of such standards, developers of AI applications encounter significant challenges in achieving interoperability and scalability. This often necessitates custom solutions for fundamental interactions with file systems, APIs, or other agents.

How do they differ from the REST and RPC interfaces we already know?

Think of agentic AI protocols as an upgrade path from single-shot request/response APIs. In classic REST the server never stores client state, and while RPC may retain state it was never designed for open-ended dialogue; both patterns still expect a discrete call that should behave predictably when given identical inputs.

Agentic systems instead run dialogues that evolve over dozens of steps, producing probabilistic answers and side effects along the way. That’s why specs like the Model Context Protocol (MCP) bake in persistent session IDs, per-tool metadata, and server-sent streams so the agent can remember context, surface partial results, and pivot mid-flight – functions well outside the scope of most REST or gRPC endpoints.

Is there a useful way to classify the emerging protocols?

A useful approach to categorizing these emerging protocols involves a two-dimensional framework:

  • Context-oriented vs. inter-agent. Does the protocol focus on feeding a single agent with outside context, or on agents talking to each other?

  • General-purpose vs. domain-specific. Is it meant for broad use, or tuned to niches such as IoT or web content?

(click to enlarge)
What is the current state of Agentic AI protocols?

Several Agentic AI protocols are in various stages of development and adoption:

  • MCP (Model Context Protocol) from Anthropic is the most widely used and already employed for tool invocation in production-like environments. Although still unfinished, MCP has crossed the line from proof-of-concept to de-facto baseline. Multiple vendors now ship it by default, which has forced the specification to evolve in public: session-long sockets have been replaced by a stream-friendly HTTP option, the steering committee is widening to include neutral operators, and a vetted “package index” for MCP servers is on the drawing board. Each step deepens network effects; once everyday tooling depends on MCP, rival protocols must interoperate rather than displace it.

  • A2A (Agent-to-Agent) by Google and ANP (Agent Network Protocol) by the open-source ANP Community are both considered in a “landing” phase – meaning early implementation and testing are happening.

  • ACP (Agent Communication Protocol) was recently introduced by IBM and is in the “drafting” stage of development.

  • Domain-specific protocols like agents.json (for web content) and LMOS (for IoT and systems agents) are being drafted or deployed selectively.

A Protocol Selection Roadmap

Technical teams should evaluate protocols based on organizational context, implementation requirements, and the specific interaction patterns their applications demand. By considering factors such as ecosystem maturity and interoperability needs, tech leaders can select protocols that balance immediate functionality with future adaptability.

(click to enlarge)

Where Agent Protocols Stumble: A Field Guide

I don’t want to oversell the maturity of MCP – or of agent protocols in general. What prompted me to write this piece is the murmur of frustration I hear from teams wrestling with MCP’s design and patchy documentation. Adoption of the protocol has grown, but depth and polish have not always kept pace. Teams are starting to bump up against the limits of MCP’s transport stack, its sketchy documentation, and the growing gap between reference code and the written specification. Add in authorization asymmetries and an SDK-centric culture, and it’s no surprise that some regard the protocol as useful but prematurely frozen.

Some developers (including Leo Meyerovich) argue that MCP’s complicated log-in process could be simplified if applications just used the same web cookies that already handle single-sign-on. That change would spare teams from installing extra bits of code, and as AI agents take on wider roles, an easy “sign-in-when-needed” service will become ever more important.

Security is no exception. MCP servers are sprouting faster than they are being scrutinized, so the depth of testing – and, by extension, the attack surface – varies sharply from one deployment to the next. A recent Microsoft note urges basics such as stricter authentication paths, rate-limiting, and continuous auditing. Until a uniform vetting regimen emerges, expect a widening gap between well-hardened instances and the rest.

Subscribe now

Teams should also brace for a newer class of attacks: indirect prompt injections. As Jason Martin of HiddenLayer notes, an adversary can plant malicious instructions in the metadata or server-supplied descriptors that MCP dutifully forwards to the model. Because these directives arrive inside the protocol rather than through the user interface, ordinary input filters may never see them. The attack surface widens as function calling and tool plug-ins proliferate, granting agents more authority over external systems. Treat every server response as untrusted: validate payloads, constrain the commands an agent may execute, and log protocol-level instructions with the same rigor applied to end-user input.

(click to enlarge)

The same problems crop up in other protocols: code ships before a spec is finished, early releases lock in design flaws, and new standards pop up faster than they can be made to work together. Money complicates things – once a protocol gains traction, vendors often bolt on proprietary extras that trap users. With no shared yardsticks yet for speed, security, or flexibility, teams should plan for more changes ahead and design their systems so they can swap protocols without a major rebuild.

Where the Protocols Go From Here

The road to dependable agent systems mirrors the early web: user value first, governance next, architecture and measurement soon after. Today’s single-tool integrations are only the prologue. As standards evolve, firms that insulate each layer will swap components cheaply, measure performance in the open and, in time, broker secure conversations between fleets of agents. The organizations that will thrive in this evolving landscape are those that architect their systems to gracefully adapt to protocol changes.

(click to enlarge)

Source: The Tech Industry’s Workforce Crisis ; click HERE to enlarge.

Data Exchange Podcast

  1. Beyond Guardrails: Defending LLMs Against Sophisticated Attacks. Jason Martin of HiddenLayer, discusses “policy puppetry,” a universal attack technique that bypasses safety features in all major language models using structured formats like XML or JSON. The episode explores how this method works, the significant risks it poses to enterprises including brand damage and data breaches, and essential defensive strategies organizations can implement to protect their AI systems.

  2. The Highly Uncertain Future of OpenAI’s Dominance. Dan Schwarz (CEO & Co-Founder, Futuresearch) explains why his firm finds OpenAI’s $ 125 billion revenue projection highly implausible, citing fierce competition, pressure on ChatGPT/API revenue, and fleeting technical advantages. While AI agents present a potential path to scale, the current dynamics suggest advantages are temporary and dominance is far from guaranteed.

Ben Lorica edits the Gradient Flow newsletter. He helps organize the AI Conference, the AI Agent Conference, the NLP Summit, Ray Summit, and the Data+AI Summit. He is the host of the Data Exchange podcast. You can follow him on Linkedin, Mastodon, Reddit, Bluesky, YouTube, or TikTok. This newsletter is produced by Gradient Flow.

Gradient Flow

Author: admin

Leave a Reply

Your email address will not be published. Required fields are marked *