Agent orchestration as a protocol

Artificial intelligence agents are starting to work less like solo chatbots and more like networked software that follows shared rules. (developers.googleblog.com) Google introduced its Agent2Agent protocol in April 2025 as a way for one agent to discover another agent, read its capabilities, and exchange tasks across tools and vendors. Google Cloud documentation published in April 2026 now includes guides for developing, deploying and registering Agent2Agent agents on Cloud Run, Vertex AI Agent Builder and Gemini Enterprise. (developers.googleblog.com) (docs.cloud.google.com 1) (docs.cloud.google.com 2) (docs.cloud.google.com 3) In plain terms, orchestration means splitting a job into smaller steps and handing each step to a specialized program, the way a manager routes work to different teams. Google Cloud’s multi-agent reference architecture says these systems break complex processes into discrete tasks that multiple agents execute together, and its Agent2Agent overview says agents can work as peers without exposing their internal logic. (docs.cloud.google.com 1) (docs.cloud.google.com 2) That changes the problem companies have to solve. Once an agent can call another agent, query data and trigger actions in other systems, the hard part shifts from writing one clever demo to deciding which machine identity is allowed to do what. (docs.cloud.google.com) (securityboulevard.com) Security writers are framing that as a non-human identity problem. An April 3, 2026 Security Boulevard post said a non-human identity is made up of a secret such as a token, key or password plus the permissions granted to it by the destination system. (securityboulevard.com) Google’s own product docs point in the same direction. The Gemini Enterprise guide says Agent2Agent agents may need OAuth 2.0 credentials to reach data sources, while agents running on Cloud Run can instead use Google Cloud Identity and Access Management for access control. (docs.cloud.google.com) The protocol itself is also being hardened for that environment. In an update published about eight months after launch, Google Cloud said the new version added gRPC support and the ability to sign security cards, alongside expanded Python software development kit support. (cloud.google.com) Backers are now presenting Agent2Agent as infrastructure, not just an experiment. The Linux Foundation said on April 9, 2026 that the project had passed 150 supporting organizations and was seeing production deployments, with integrations across Google, Microsoft and Amazon Web Services platforms. (linuxfoundation.org) Security vendors are not treating that adoption as automatically safe. Recent Security Boulevard posts argued that protocols such as Model Context Protocol explain how agents connect to tools, but do not by themselves answer who performed an action, which permissions were used or whether the action matched policy. (securityboulevard.com 1) (securityboulevard.com 2) The result is a familiar enterprise pattern in a new package: standard pipes are arriving first, and the trust model is racing to catch up. As agents move between clouds, apps and application programming interfaces, the companies that treat them like identities with tightly scoped access look better prepared than the ones treating them like chat windows. (developers.googleblog.com) (securityboulevard.com)