Orchestrating the Hybrid Workforce, Part 5: The Standards and Interoperability Landscape

This is the fifth article in a 10-part series exploring AI orchestration and the hybrid workforce. Each article examines a critical dimension of how organizations coordinate multi-agent AI systems alongside human teams and includes an "Orchestration Playbook" section with actionable guidance.

The Protocol Moment

In Part 2 of this series, we described the three-layer orchestration architecture: workflow orchestration, agent orchestration, and human-AI orchestration. In Part 3, we examined the multi-agent design patterns that make orchestrated systems work. But architecture and patterns are only useful if agents from different vendors, built on different frameworks, running in different environments can talk to each other.

That is the interoperability problem, and it is now the central strategic question in enterprise AI orchestration.

Consider the math. Gartner projects the average Fortune 500 company will have over 150,000 AI agents by 2028. Microsoft reports 15x year-over-year growth in active agents within Microsoft 365 alone. By 2028, 80 percent of organizations will report that AI agents consume the majority of their APIs. Cloudflare confirmed in June 2026 that automated traffic, much of it agent-driven, has already surpassed human web traffic at 57.5 percent of all HTML requests.

When you have thousands of agents from dozens of vendors executing across hundreds of workflows, interoperability is not a technical nicety. It is the difference between an orchestrated system and a collection of disconnected automations. And after years of fragmentation, the AI industry is converging on a shared protocol stack that will define how agents communicate for the next decade.

MCP: The Tool Integration Layer

The Model Context Protocol, created by Anthropic and donated to the Linux Foundation's Agentic AI Foundation in December 2025, has become the de facto standard for how AI agents connect to tools, data sources, and services. The adoption curve has no precedent in enterprise software standards.

Combined monthly SDK downloads across npm and PyPI now exceed 400 million, up from 97 million when Anthropic announced the Linux Foundation donation seven months earlier. The MCP GitHub organization has 48,000 followers and 42 repositories, with official SDKs in 10 languages: TypeScript, Python, Java, Kotlin, C#, Go, PHP, Ruby, Rust, and Swift. The ecosystem has produced over 22,000 publicly listed MCP servers, and 41 percent of software organizations surveyed by Stacklok report running MCP in limited or broad production.

The enterprise adoption data is equally striking. Block deployed its MCP-based Goose agent to all 12,000 employees in eight weeks. Uber built an MCP Gateway and Registry as its agent control plane, with 5,000 engineers, 1,500 monthly active agents, and 60,000 agent executions per week. Bloomberg scaled its internal GenAI platform to production grade using MCP across 9,500 engineers. Morgan Stanley reported that its first API deployment using MCP shrank from two years to two weeks.

The protocol is maturing rapidly. The 2026-07-28 release candidate, published in May 2026, introduces a stateless protocol core that allows servers to run behind plain round-robin load balancers, first-class extensions with independent versioning, MCP Apps that ship interactive HTML UIs in sandboxed iframes, and hardened authorization aligned with OAuth 2.0 and OIDC. These changes address the core criticisms that MCP was too stateful for production and too loosely secured for enterprise deployment.

MCP solves the vertical integration problem: how an agent accesses data sources, APIs, and services. Think of it as the USB standard for AI agents. Just as USB eliminated the need for proprietary connectors between computers and peripherals, MCP eliminates the need for custom integrations between agents and the tools they use.

A2A: The Agent Coordination Layer

Google's Agent-to-Agent Protocol solves the complementary problem: how agents from different vendors discover each other, negotiate capabilities, and coordinate work. If MCP is the vertical axis (agent-to-tool), A2A is the horizontal axis (agent-to-agent).

A2A reached its v1.0 stable release in March 2026, introducing signed Agent Cards with domain verification, multi-tenancy support, and both JSON-RPC and gRPC transport. Over 150 organizations support the protocol, and its Technical Steering Committee includes AWS, Cisco, Google, IBM Research, Microsoft, Salesforce, SAP, and ServiceNow. The Python SDK has reached approximately 10.9 million monthly downloads, with production-ready SDKs available in six languages.

The protocol is already running in production at scale. Google's Gemini Enterprise Agent Platform (the rebranded Vertex AI) ships native A2A registration and management. Microsoft's Azure AI Foundry has A2A outbound support at general availability with incoming A2A in public preview as of Build 2026. AWS Bedrock AgentCore Runtime supports native A2A server deployment. Salesforce's Agentforce 3 includes native A2A alongside 30-plus partner A2A connectors in its AgentExchange marketplace.

At Google Cloud Next 2026, a cross-vendor demonstration showed a Salesforce Agentforce agent handing off to a Google agent, which queried a ServiceNow agent for IT data, all through A2A. This was not a slide deck promise. It was live cross-vendor agent coordination using an open protocol.

Enterprise results are emerging. Danfoss automated 80 percent of transactional decisions in email-based order processing using A2A, cutting response times from 42 hours to near real-time. Suzano built a natural language-to-SQL agent on Google's ADK with A2A, reducing query time by 95 percent for 50,000 employees.

The relationship between MCP and A2A is complementary, not competitive. Organizations using both report 40 to 60 percent faster workflow development compared to proprietary integration approaches. A joint A2A-MCP interoperability specification is expected in Q3 2026, which will formalize how the two protocols work together.

The Broader Standards Ecosystem

MCP and A2A are the anchors, but the standards landscape extends further.

The Linux Foundation's Agentic AI Foundation, created in December 2025, has grown to 190 member organizations within six months, surpassing CNCF's early growth trajectory. Its eight platinum members (AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, and OpenAI) span every major AI platform. The foundation hosts four projects: MCP, Goose (Block's open-source agent), AGENTS.md (OpenAI's specification for declaring agent capabilities), and agentgateway (Solo.io's agent traffic management layer, which joined in June 2026). Seven working groups cover reliability, agentic commerce, governance and regulation, identity and trust, observability, security, and workflow processes.

IBM's Agent Communication Protocol took a pragmatic path. Rather than competing with A2A, the ACP team merged its work into A2A in August 2025, contributing its messaging layer expertise to the broader standard. The consolidation was healthy: one less standard to evaluate, and the combined protocol is stronger for it.

NIST launched its AI Agent Standards Initiative in February 2026 with three pillars: industry-led standards, open-source protocol development, and security and identity research. Its red-team testing found an 81 percent task-hijacking success rate against AI agents, compared to an 11 percent baseline, underscoring the security dimension that standards must address. An AI Agent Interoperability Profile is planned for Q4 2026.

Newer standards are filling specific gaps. Google's Agentic Resource Discovery specification, co-authored with Microsoft and Hugging Face, standardizes how agents and tools are discovered at scale. The Agent Payments Protocol, announced at Cloud Next 2026 with over 60 supporting organizations, addresses agent-driven transactions. And an IETF draft for agent authentication, authored by engineers from AWS, OpenAI, Okta, and Zscaler, introduces an Agent Identity Management System with short-lived credentials.

The standards picture is still messy, but the trajectory is clear: MCP and A2A are consolidating as the core protocol stack, with specialized standards filling gaps around discovery, payments, identity, and security.

The Security Reckoning

The speed of MCP adoption has outpaced its security posture, and the gap is now a first-order enterprise concern.

Over 40 CVEs have been filed against MCP implementations in the first half of 2026. An analysis of 2,614 MCP implementations found that 82 percent handling file operations are vulnerable to path traversal, 67 percent have code injection risk, and only 8.5 percent use OAuth authentication. The Cloud Security Alliance declared an "MCP Security Crisis" in May 2026, calling these issues systemic design flaws rather than isolated implementation bugs.

This is not a reason to avoid MCP. It is a reason to adopt it with enterprise-grade security controls. The 2026-07-28 release candidate addresses many of these issues with six Security Enhancement Proposals aligning MCP authentication with OAuth 2.0 and OIDC. But organizations deploying MCP today need to implement their own security layer rather than relying on the protocol's defaults.

The broader agent security landscape is equally sobering. Eighty-eight percent of organizations reported confirmed or suspected AI agent security incidents in the last year. Only 22 percent of teams treat agents as independent identities, with most relying on shared API keys. Two in three organizations cannot tell whether a given action was taken by a human or an AI agent. And 99 percent of attack attempts originate from authenticated sources, increasingly from rogue agents with legitimate credentials.

Okta's Cross App Access framework, launching August 2026 with 25-plus early adopters including Anthropic, Atlassian, Cloudflare, and Slack, aims to replace long-lived API keys with real-time identity propagation for agents. Combined with IETF work on agent authentication, the security standards ecosystem is responding, but it trails the adoption curve by 12 to 18 months.

The Lock-in Calculus

Vendor lock-in in multi-agent systems is qualitatively different from traditional software lock-in, and the stakes are higher.

When an organization builds agent workflows on a proprietary platform, the business logic, decision patterns, escalation rules, and human-AI coordination structures become embedded in vendor-specific configurations. These are not commodity workloads. They encode how the organization operates. A Zapier survey of 542 C-level executives found that 81 percent are concerned about AI vendor dependency, 74 percent say losing their primary AI vendor would disrupt daily operations, and only 6 percent believe they could switch without material disruption. Among those who attempted a platform migration, 58 percent say it failed or required far more effort than expected.

The economics confirm the difficulty. Research from VaasBlock found that 57 percent of IT leaders spent more than $1 million on platform migrations in the last year, with migration typically costing 2x the initial investment. AI vendor lock-in carries a 19 to 34 percent switching overhead. When Builder.ai collapsed, one manufacturing company spent $315,000 migrating just 40 AI workflows.

Lock-in deepens as agents scale. Salesforce closed 29,000 Agentforce deals generating $800 million in ARR, and each deal deepens the customer's dependence on Salesforce-specific agent configurations. Gartner warns that $234 billion in enterprise SaaS spending is at risk from "agentic arbitrage" by 2030, where vendors use agent capabilities to capture more of the workflow and make switching even harder.

This is where open standards become a strategic hedge, not just a technical preference. Organizations that build on MCP and A2A maintain the ability to swap agents, switch platforms, and avoid the compounding lock-in that proprietary agent ecosystems create.

The Vendor Landscape: Convergence with Caveats

Every major platform vendor now supports both MCP and A2A, with one notable exception.

Microsoft has unified MCP across GitHub, Copilot Studio, Dynamics 365, Azure AI Foundry, and Windows 11. Its Agent Framework 1.0, the merger of AutoGen and Semantic Kernel released in April 2026, supports both protocols natively. Google created A2A and has added MCP support across its Gemini Enterprise Agent Platform, Apigee serving as an MCP bridge. AWS Bedrock AgentCore supports both protocols in its runtime. Salesforce Agentforce 3, SAP Joule, and ServiceNow all run both protocols in production.

The notable exception is OpenAI. Despite co-founding the Agentic AI Foundation, OpenAI's Agents SDK does not support A2A. An open feature request on GitHub sits unanswered. OpenAI appears to be betting on MCP for tool integration while relying on its own ecosystem for agent-to-agent coordination. Organizations building on OpenAI should factor this gap into their interoperability planning.

The open-source framework ecosystem shows similar convergence. LangChain, CrewAI, LlamaIndex, Agno, PydanticAI, and Google's ADK all support both MCP and A2A natively. The major holdouts beyond OpenAI are HuggingFace's smolagents and Haystack, which support MCP but not A2A.

For enterprise buyers, the practical implication is that standards support is trending toward table stakes rather than a differentiator. Eighty-seven percent of IT leaders prioritize interoperability for agentic orchestration. The question is shifting from "does this platform support open standards?" to "how deeply does this platform implement them, and can I verify interoperability in practice?"

The Interoperability Maturity Path

NIST's five-level interoperability maturity model, part of its AI Agent Standards Initiative, provides a useful framework for assessing organizational readiness.

Level 1 is isolated agents: each agent operates independently with proprietary integrations. This is where most organizations sit today. Level 2 is point-to-point integration: agents communicate through custom connectors, typically within a single vendor ecosystem. Level 3 is protocol-based interoperability: agents use standardized protocols (MCP, A2A) for communication, but discovery and governance are manual. Level 4 is managed interoperability: a governance layer (the agent control plane discussed in Part 2) manages agent discovery, authentication, routing, and monitoring across vendors. Level 5 is adaptive interoperability: the system dynamically discovers new agents, negotiates capabilities, and reconfigures workflows based on changing conditions.

NIST Five-Level Interoperability Model

Most organizations that have adopted MCP are at Level 2 or early Level 3. The joint interoperability specification expected in Q3 2026 will enable more organizations to reach full Level 3. Reaching Level 4 requires the agent control plane capabilities that Forrester identified as an emerging category, with 40 percent of vendors reporting active RFPs from customers. Level 5 is aspirational for all but the most advanced deployments.

The practical lesson is that interoperability is a journey, not a switch. Organizations do not need to wait for Level 5 to capture value. Adopting MCP and A2A today, even at Level 2 or 3, creates optionality that proprietary-only approaches do not.

Why This Is a Strategic Decision

The standards conversation often gets relegated to technical architecture teams, but it is a strategic decision that belongs in the C-suite.

Three dynamics make this urgent. First, agent workflows encode business logic. Every orchestrated process that runs on proprietary protocols creates switching costs that compound over time. The longer an organization waits to adopt open standards, the more embedded it becomes in vendor-specific configurations. Second, the ecosystem is consolidating now. With AAIF growing to 190 members in six months, the joint interoperability specification on track for Q3 2026, and every major vendor except OpenAI supporting both MCP and A2A, the protocol stack is settling. Organizations that build on it gain the compounding benefit of ecosystem innovation. Third, regulation is arriving. The EU AI Act mandates interoperability requirements for high-risk AI systems, with full enforcement beginning August 2, 2026. Organizations that cannot demonstrate interoperability between their AI systems face regulatory exposure.

Every major analyst firm is sending the same message: adopt now with guardrails. The 2-to-5-year timeline to mainstream adoption means early movers who govern well gain durable advantage. Those who rush without governance join the 40 percent whose projects are canceled. And those who wait for "the standards to settle" will find that the window for building organizational capability at reasonable cost has closed.

As we argued in Part 4, the human-in-the-lead principle applies here too. Standards decisions are not about picking the right protocol. They are about maintaining the organizational agency to choose, switch, and adapt as the technology evolves. Lock-in is the opposite of agency.

Orchestration Playbook

Conduct a standards readiness assessment. Inventory your current AI platforms and agent deployments across three dimensions: which support MCP (agent-to-tool), which support A2A (agent-to-agent), and which rely on proprietary protocols only. For each proprietary integration, estimate the switching cost and the business logic embedded in the vendor-specific configuration. This assessment identifies your interoperability gaps and quantifies your lock-in exposure.

Weight interoperability in every vendor evaluation. Add three criteria to your vendor scorecard: native MCP support (not just announced, but production-ready with OAuth authentication), native A2A support (not just planned, but demonstrated in cross-vendor scenarios), and data portability (can you export your agent configurations, workflow definitions, and decision rules in a vendor-neutral format?). Reject any vendor that requires proprietary protocols for core agent communication. Standards support is no longer a bonus feature. It is a selection requirement.

Implement MCP with a security-first approach. Given the documented security gaps (82 percent path traversal vulnerability, only 8.5 percent OAuth adoption), do not deploy MCP servers without an enterprise security layer. Require OAuth authentication on all MCP endpoints. Deploy an API gateway or agent gateway (Kong, MuleSoft, Solo.io) in front of MCP servers. Implement the principle of least privilege: each agent gets access only to the tools it needs. Monitor for anomalous tool invocation patterns. Treat the security enhancement proposals in the 2026-07-28 release candidate as mandatory, not optional.

Build your agent control plane incrementally. You do not need to solve Level 5 interoperability on day one. Start with an agent registry that catalogs all deployed agents, their capabilities, and their protocol support. Add an authentication layer that gives each agent its own identity rather than shared API keys. Implement logging and tracing across agent interactions using W3C Trace Context (now standardized in MCP). Then add governance policies: which agents can communicate with which, what data can flow between them, and what human oversight applies at each boundary. The control plane grows with your deployment, not ahead of it.

Make the lock-in calculus explicit in every orchestration investment. For each new agent workflow, document three things: what business logic is encoded in vendor-specific configurations, what the estimated switching cost would be, and what standards-based alternatives exist. Share this analysis with business stakeholders, not just IT. The goal is not to avoid all vendor commitment. That is neither possible nor desirable. The goal is to make lock-in a conscious, quantified decision rather than an accidental consequence of rapid deployment.


This is Part 5 of the "Orchestrating the Hybrid Workforce" series. Part 6 will examine how organizations must redesign work itself for the hybrid workforce, including task decomposition, new role archetypes, team structures, and the manager's evolving role. For the companion frameworks from prior series, including the Dual Maturity Quick Diagnostic and Agentic AI Readiness Assessment, visit arionresearch.com. Follow Arion Research for ongoing analysis at arionresearch.com/blog.

Michael Fauscette

High-tech leader, board member, software industry analyst, author and podcast host. He is a thought leader and published author on emerging trends in business software, AI, generative AI, agentic AI, digital transformation, and customer experience. Michael is a Thinkers360 Top Voice 2023, 2024 and 2025, and Ambassador for Agentic AI, as well as a Top Ten Thought Leader in Agentic AI, Generative AI, AI Infrastructure, AI Ethics, AI Governance, AI Orchestration, CRM, Product Management, and Design.

Michael is the Founder, CEO & Chief Analyst at Arion Research, a global AI and cloud advisory firm; advisor to G2 and 180Ops, Board Chair at LocatorX; and board member and Fractional Chief Strategy Officer at SpotLogic. Formerly Michael was the Chief Research Officer at unicorn startup G2. Prior to G2, Michael led IDC’s worldwide enterprise software application research group for almost ten years. An ex-US Naval Officer, he held executive roles with 9 software companies including Autodesk and PeopleSoft; and 6 technology startups.

Books: “Building the Digital Workforce” - Sept 2025; “The Complete Agentic AI Readiness Assessment” - Dec 2025

Follow me:

@mfauscette.bsky.social

@mfauscette@techhub.social

@ www.twitter.com/mfauscette

www.linkedin.com/mfauscette

https://arionresearch.com
Next
Next

Orchestrating the Hybrid Workforce, Part 4: Human-in-the-Lead in Orchestrated Systems