But for AI agents, which interact with the world on someone’s behalf, the possibilities are far riskier. For example, one AI agent, made to read and send emails for someone, has already been shown to be vulnerable to what’s known as an indirect prompt injection attack. Some researchers believe that protocols like MCP should prevent agents from carrying out harmful actions like this. Although MCP and A2A are two of the most popular agent protocols available today, there are plenty of others in the works. Others, including Chen, want users to be able to rate different services in something like a Yelp for AI agent tools.