Is MCP Still Viable? A One-Year Review and the Rise of A2A

01 MCP One‑Year Update (2025‑11‑25)

On 2025‑11‑25 the Model Context Protocol (MCP) released version 2025‑11‑25, adding four major changes:

Task abstraction (SEP‑1686) – an experimental primitive that lets an agent start a long‑running task, receive a handle, and poll for status. Supported states: working, input_required, completed, failed, cancelled. Marked experimental, indicating production‑grade async support is not yet stable.

Client registration overhaul – replaces Dynamic Client Registration with URL‑based Client ID Metadata Documents (CIMD). The client_id is a controlled URL; the authorization server fetches metadata, simplifying onboarding.

Security and enterprise features – adds local server installation requirements (SEP‑1024), default scope definitions (SEP‑835), OAuth client‑credentials flow for machine‑to‑machine auth (SEP‑1046), and enterprise identity‑provider policy control (SEP‑990). These patches address high‑severity vulnerabilities (e.g., command injection, token leakage, session hijacking) with CVSS scores up to 9.6.

Sampling with Tools – enables MCP servers to issue sampling requests that embed tool definitions, allowing server‑side agents to run multi‑step reasoning using client tokens. This provides limited server‑initiated intelligence.

02 From MCP to A2A – Paradigm Shift

MCP assumes a single‑direction, synchronous “tool connector” model where a host pulls resources, prompts and tools from MCP servers. This works for short, tool‑centric tasks but does not scale to long‑running, collaborative workflows.

A2A defines a peer‑to‑peer, bidirectional, asynchronous protocol. Each agent publishes an Agent Card – a JSON self‑description containing supported capabilities, contact information and protocol version. Agents discover each other, negotiate cooperation, and manage long‑running workflows via a built‑in Task abstraction that includes lifecycle management, progress tracking and artifact output.

Security : A2A follows a “Secure by Default” model with enterprise‑grade identity, role‑based access control (RBAC), audit logging and reliance on mature web standards (HTTP, Server‑Sent Events, JSON‑RPC). MCP’s security improvements are reactive; issues such as session‑ID exposure in URLs and unsigned tool definitions remain.

Extensibility : MCP adds an Extension mechanism to plug new capabilities, indicating core rigidity. A2A’s Agent Card naturally accommodates new features without a separate extension layer.

Ecosystem : Over 50 technology leaders (Google Cloud, Atlassian, Salesforce, Workday, GitLab, etc.) back A2A, fostering broader enterprise adoption. MCP’s ecosystem is concentrated on developer tools and personal productivity.

03 Implications for Agentic Systems

Choosing between MCP’s single‑agent, short‑term, tool‑focused model and A2A’s multi‑agent, long‑term, collaborative architecture impacts security posture, scalability and lock‑in. A2A’s design is better suited for complex multi‑step, multi‑agent scenarios, while MCP remains appropriate for simple, synchronous tool calls.

References

Model Context Protocol specification (2025‑11‑25)

A2A protocol repository: https://github.com/a2aproject/A2A

A2A official documentation: https://google.github.io/A2A