Five protocols redefine the architecture of the agentic web: MCP, A2A, AP2, ACP and Trusted Agent Protocol. Together, they standardize exchanges, orchestration and autonomous payments between agents and services.
The future of AI and the web will be agentic or it will not be. But to respond to the growth in uses and standardize practices, universal protocols are necessary. Hence the proliferation in recent months of protocols dedicated, some to data integration, others to communication with third-party tools or even payment. Currently, five of them stand out, or even already established themselves.
MCP: the reference protocol for model/tool communication
The MCP for Model Context Protocol is, without a doubt, the most used standard in AI. Launched by Anthropic in November 2024, MCP allows LLMs to communicate with external tools and data sources in a standardized way. Before its emergence, every API integration, for example, required custom connectors.
In November 2025, MCP servers number in the thousands and cover connections with the main digital workplaces: Google Drive, Slack, GitHub, Office 365, etc. The architecture is based on a client-server model around three components: tools, prompt, and resources. However, the protocol is still relatively young, with security and scalability issues still being resolved.
A2A: the future of inter-agent communication
This is certainly the protocol that could explode in the coming months. Announced by Google in April 2025 and taken up during the summer by the Linux foundation, A2A, for agent to agent, allows agents to communicate with each other. Even if production deployments are still limited, the future multiplication of communications between agents should make the protocol essential. A2A is based on tasks, tasks that the agent knows how to perform autonomously, such as sending a message, planning a call or analyzing a file. Each task follows a specific life cycle: it is created, executed, then closed once completed.
An agent’s capabilities are described in JSON. The agent’s metadata includes its skills, the types of interaction it accepts, and its authentication methods. Concretely, A2A makes possible what was until now very complex: an agent hosted by OpenAI can now communicate with an agent running on a Google platform, all orchestrated by a Salesforce service, without going through complex integrations.
AP2: the secure agent payment protocol
AP2 for Agent Payments Protocol was also presented by Google in September with contributions from PayPal, Coinbase, Mastercard, Stripe and the Ethereum Foundation. The AP2 must allow agents to make secure payments with complete autonomy. The protocol is comprised of three warrants, cryptographically signed digital contracts serving as verifiable proof of user instructions. The Intent Mandate saves the initial instruction with critical constraints, for example “buy Apple AirPods Pro headphones as soon as they are on sale, maximum 200 euros”. The Cart Mandate formalizes the exact details of the purchase after the agent has created their basket. And finally the Payment Mandate includes agent ID and transaction amount. It is sent to the seller to finalize the transaction.
AP2 allows two types of payment: purchase validated by a human and autonomous purchase under human mandate. In the latter case, the agent monitors opportunities and executes automatically when the conditions predefined by the human (previously) are met. The protocol supports bank cards as well as stablecoins and instant transfers.
ACP: the OpenAI / Stripe payment protocol
Faced with AP2, OpenAI and Stripe have developed an alternative approach favoring simplicity: ACP. Also announced in September, ACP (for Agentic Commerce Protocol) allows a user to purchase directly in a conversation with an AI assistant, without going through a third-party site. The protocol is based on a standardized flow: the merchant publishes its product catalog, the AI agent initiates a payment session via a REST API, then the payment is secured by delegated tokens managed by Stripe. Unlike AP2 which allows complete autonomy via mandates signed in advance, ACP requires explicit confirmation from the user for each transaction. Everything only requires around fifty lines of code to be deployed. The protocol, even if deployed in Apache 2, is more restrictive and is not currently widely adopted outside the OpenAI ecosystem.
Trusted Agent Protocol: authenticate agents before a payment
Finally, the Trusted Agent Protocol is the most recent protocol. It was announced by Visa in October in partnership with Cloudflare. It does not focus on payment authorization, but on agent authentication at the point of sale. With the latter, each agent approved by Visa receives a unique cryptographic key serving as an identifier. When an agent visits a merchant’s site, they transmit three types of verifiable information. Agent Intent indicates that they are acting legitimately to complete a commercial action (e.g. a purchase or reservation). THE Consumer Recognition provides elements allowing the site to identify the real consumer it represents. And finally, the Payment Information bring together the data necessary for payment, transmitted in the form of secure tokens.
The end goal differs from payment protocols: it is not about authorizing a transaction, but about creating a whitelist allowing merchants to let legitimate agents browse while blocking malicious bots. Moreover, Visa claims that it is complementary to different payment protocols.
These five protocols are those which, in November 2025, take center stage. However, each of these standards already has its variations: Mastercard has developed its own equivalent of the Visa protocol. The acceleration of recent weeks and recent releases suggest a new way of designing the web, more automated but also more fragmented, at least initially.
