# Agent protocols harden: MCP goes stateless, A2A passes 150 orgs
> The 28 July 2026 MCP spec makes the protocol stateless and adds sandboxed MCP Apps; A2A reaches v1.2 with signed agent cards at the Linux Foundation

**Meta:** type: story · date: 2026-06-01 · heads: El cambio silencioso, Quién decide · 11 takes · 3 lenses · 2 regions

## Summary

The agent-interoperability layer is standardising fast. [Anthropic's](/es/entity/anthropic) [Model Context Protocol](/es/entity/mcp-protocol), the de facto agent-to-tool standard, ~97M downloads, ships a 28 July 2026 specification that makes the protocol **stateless** via six enhancement proposals, adds **MCP Apps** (servers shipping interactive HTML rendered in a sandboxed iframe), and demotes Tasks to an extension. In parallel, Google's [Agent2Agent](/es/entity/a2a-protocol) protocol, now hosted by the Linux Foundation's Agentic AI Foundation, passed **150 organisations** in production (Microsoft, AWS, Salesforce, SAP, ServiceNow) and reached v1.2 with cryptographically **signed agent cards**. The emerging consensus: MCP for vertical tool calls, A2A for horizontal agent-to-agent delegation, with a Q3 2026 joint spec as the first formal bridge.

## By the numbers

- 2026-07-28, MCP specification release date (stateless protocol layer).
- 6, Specification Enhancement Proposals delivering statelessness.
- ~97M, cumulative MCP downloads.
- 150+, organisations running A2A in production.
- 12 months, minimum between MCP feature deprecation and removal.

## Why it matters

These two specs decide how AI agents call tools and talk to each other across vendors, the plumbing of the agentic economy. Statelessness eases enterprise scaling; signed agent cards and OAuth 2.1 address the security gap that has blocked production. Whoever steers the specs steers the interoperability rules.

## What to watch

- The 28 July 2026 MCP spec landing and MCP Apps' sandbox security record.
- The Q3 2026 MCP/A2A joint specification and shared authorization model.
- Whether OpenAI, Google and Microsoft keep converging or fork the stack.

## Regional takes (batched by bias / lens)

### unlabelled
- **Model Context Protocol Blog** (United States, en) — The MCP project's own post on the 2026-07-28 specification release candidate, the headline change makes MCP stateless at the protocol layer via six Specification Enhancement Proposals, adds sandboxed-iframe MCP Apps, and moves Tasks into an extension. The primary record for the spec change.
  Source: https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
- **Linux Foundation (A2A)** (United States, en) — The Linux Foundation's record that the Agent2Agent protocol passed 150 organisations, reached production across Microsoft, AWS, Salesforce, SAP and ServiceNow, and added cryptographically signed agent cards, the governance counterpart to MCP's tool layer.
  Source: https://www.linuxfoundation.org/press/a2a-protocol-surpasses-150-organizations-lands-in-major-cloud-platforms-and-sees-enterprise-production-use-in-first-year
- **Stacktree** (United States, en) — 
  Source: https://stacktr.ee/blog/mcp-2026-spec-changes
- **TokenMix** (United States, en) — 
  Source: https://tokenmix.ai/blog/mcp-updates-changelog-every-protocol-change-2026
- **IBM** (United States, en) — 
  Source: https://www.ibm.com/think/topics/agent2agent-protocol
- **The Next Web** (Netherlands, en) — 
  Source: https://thenextweb.com/news/google-cloud-next-ai-agents-agentic-era
- **Stellagent** (United States, en) — 
  Source: https://stellagent.ai/insights/a2a-protocol-google-agent-to-agent
- **Digital Applied** (United States, en) — 
  Source: https://www.digitalapplied.com/blog/ai-agent-protocol-ecosystem-map-2026-mcp-a2a-acp-ucp
- **WorkOS / arXiv threat model** (United States, en) — 
  Source: https://arxiv.org/pdf/2602.11327

### enterprise-identity engineering view
- **WorkOS** (United States, en) — Maps the 2026 MCP stack for enterprises, Streamable HTTP transport, OAuth 2.1 with Resource Indicators, the stateless redesign and the Active/Deprecated/Removed feature lifecycle, arguing governance maturation, not new features, is what makes MCP deployable inside regulated firms.
  > "MCP's 2026 story is governance, not features: stateless transport, OAuth 2.1, and a 12-month deprecation lifecycle make it deployable in regulated enterprises."
  Source: https://workos.com/blog/everything-your-team-needs-to-know-about-mcp-in-2026

### agent-protocol convergence analysis
- **Zylos Research** (United States, en) — Argues the two-layer stack, MCP for vertical agent-to-tool calls, A2A for horizontal agent-to-agent delegation, has become the enterprise default, with a Q3 2026 MCP/A2A joint specification as the first step toward formal protocol bridges and shared authorization.
  > "The MCP (tools) + A2A (agents) two-layer stack is now the enterprise default; a Q3 2026 joint spec is the first formal bridge between them."
  Source: https://zylos.ai/research/2026-03-26-agent-interoperability-protocols-mcp-a2a-acp-convergence/

## Across the graph
- Related: [[openmdw-g7-open-weights-2026]], [[ai-safety-report-2026]]
- Entities: Mcp Protocol, A2a Protocol, Anthropic, Google, Microsoft, United States

---
Canonical: https://rbtfl.xyz/es/n/mcp-stateless-spec-2026