MCP tool spoofing succeeds 100% of the time. A new paper maps 12 security risks across 4 agent protocols.

MCP now has over 10,000 public servers. More than 50 companies are building A2A. AI agent protocols are growing fast. But security research is not keeping up. For Agora and ANP, almost no security analysis existed before this paper. In February 2026, researchers from the Canadian Institute for Cybersecurity and Mastercard published a paper that organizes 12 risks across 4 protocols ( arXiv:2602.11327 ). The Four Protocols AI agent communication has different layers for different jobs. MCP , released by Anthropic in November 2024, connects AI to external tools and data using OAuth 2.1. It is already in production. A2A , announced by Google in April 2025, handles agent-to-agent communication with OAuth 2.0+JWT and is currently in draft stage. Agora , proposed by Marro et al. in October 2024, is a meta-protocol that dynamically generates and negotiates communication rules using hash-based authentication. It remains at the research stage. ANP , proposed by Chang et al. in July 2025, provid