Google I/O 2026: MCP, A2A, and AGUI Settle as the Core Agentic Stack
Google I/O 2026 opened today — confirmed live by both @GoogleDeepMind and @GoogleAI on X — with a full slate of agentic demos. Beneath the keynote spectacle, a clearer signal has emerged: after a year of fragmented acronym accumulation, three of the six active agent protocols have consolidated into a buildable core stack, while the remaining three occupy genuinely contested or domain-specific terrain.
What the Source Actually Says
In a 3,774-word breakdown published the morning of I/O, Nate B Jones maps six protocols against three questions every agentic workflow must answer. MCP answers "what can the agent use?" — now with 14,000+ servers, it is the uncontested tool-and-data layer standardizing discovery and invocation across GitHub, Slack, Stripe, Postgres, Salesforce, and thousands more. Jones flags a critical implication: tool access is a security boundary, not a feature toggle. Invariant Labs has documented "tool poisoning attacks" — malicious instructions hidden inside tool descriptions that influence an agent through the very metadata that's meant to make tools discoverable.
A2A answers "who else can the agent work with?" via the "agent card" primitive — a remote agent's self-describing contract of capabilities, endpoints, and interaction terms. Google launched A2A with 50+ partners including Atlassian, Box, Cohere, MongoDB, PayPal, and Workday. AGUI closes the loop on "how does the human stay in control?" — providing streaming state, approvals, mid-run steering, and observability for long-running non-deterministic agents. "An agent that can't show its work becomes supervision debt for humans," Jones argues. These three form the settled core.
The other three protocols occupy narrower ground. A2UI handles agent-rendered structured UI via declarative components rather than arbitrary HTML — correct direction, but narrower scope than AGUI's full control surface. AP2, Google's agentic payments protocol with 60+ partners (AMEX, Mastercard, Coinbase, PayPal, UnionPay, Worldpay), uses cryptographically signed "mandates" to prove user authorization. X42 — Coinbase's HTTP-native protocol adopted by Cloudflare — handles agent micropayments for API calls and data resources without accounts or subscriptions. The payments layer is fragmented by design: Mastercard, Visa, AMEX, and PayPal are each fielding competing adjacent layers.
Jones' central warning: "Most teams are overfocused on model selection and very underspecified on the operating surface. They know which LLM they want. They don't know which tools the agent can or should see."
Strategic Take
MCP, A2A, and AGUI are now stable enough to build against — waiting carries more architectural risk than moving. The payments layer is a customer-experience decision as much as a technical one; protocol choice carries geography and authorization UX implications well beyond interoperability. H1 2026 is the window to set operating-surface foundations before the stack calcifies around early movers.
