"Jeff Bezos's API Mandate" moment for AI Agents
In 2002, Bezos mandated that every Amazon team must expose data and functionality via APIs. This mandate led to the development of AWS and cloud computing as we know it today, where every resource can be allocated and configured via API calls.
In the same year, Jeffrey Snover published the Monad Manifesto. The manifesto described the vision of the PowerShell language, automation, and configuration on the Windows platform. Powershell is now a cross-platform DevOps tool for managing Windows and Linux servers.
A bit earlier, Bill Gates's email "The Internet Tidal Wave" from 1995 pivoted Microsoft towards the Internet. This change produced Internet Explorer, a web server, search engines, and many other Microsoft tools to dominate the new area.
Something similar is happening right now with AI Agents. The AI Agent Manifest means that we need to think about Agent-based use cases first, and software companies need to convert their SaaS products into AI Agents with the support of open communication standards such as MCP or the A2A protocol.
Anthropic developed the MCP (Model Context Protocol) to provide a reach context to LLM. Imagine a situation in which you are learning a new concept with a chatbot and want to save a summary in your notes or the next steps in your to-do app. You can manually copy from a chat into the app, but with MCP, you can say, ' Save it in my to-do list'. Internally, the bot will call a tool that will do the job. So, MCP provides a glue to connect a chatbot with any software you can think of. In terms of MCP, a chatbot is a host, a server is a program that exposes an interface for creating notes and to-do items, and a client connects the server and host.
On the other hand, Google has proposed the Agent2Agent (A2A) protocol. The main difference from MCP is that it connects Agents rather than tools and resources. A2A knows that task execution can take a lot of time, so it has the concept of a Task to the protocol and multi-turn conversations. Both protocols are stateful, built on top of JSON-RPC and have built-in discovery mechanisms (Agent card and Capabilities).
There are already thousands of different MCP servers out there, which were built in just a few months. So, significant growth in adoption also means that the security community has started to pay attention. There are several attack areas: fake tools mimicking real ones, spoofed installers injecting malware, backdoors, escapes from secure sandboxes, etc. Unfortunately, these problems have not yet been fully solved.
References:
MCP Specification - https://modelcontextprotocol.io/
A2A Specification - https://google.github.io/A2A
Paper: Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions - https://arxiv.org/abs/2503.23278