This study addresses critical security deficiencies in AI-driven multi-agent system (MAS) communication protocols. We conduct the first empirical comparative analysis of the official CORAL implementation versus a high-fidelity ACP implementation built upon its SDK, evaluating performance across five security dimensions: authentication, authorization, integrity, confidentiality, and availability. Leveraging a 14-category vulnerability taxonomy, high-fidelity SDK simulation, Server-Sent Events (SSE) gateway testing, JSON Web Signature (JWS) verification, and literature-based benchmarking, we systematically identify design flaws: CORAL exhibits authentication and authorization logic vulnerabilities, while ACP suffers from weakened confidentiality and message-level integrity gaps. Based on these findings, we propose a hybrid security paradigm that integrates CORAL’s architectural scalability with ACP’s fine-grained signature mechanism. Experimental validation confirms substantial improvements in overall security strength, offering both theoretical foundations and practical guidelines for secure AI agent communication protocol design.

Multi-agent systems (MAS) powered by artificial intelligence (AI) are increasingly foundational to complex, distributed workflows. Yet, the security of their underlying communication protocols remains critically under-examined. This paper presents the first empirical, comparative security analysis of the official CORAL implementation and a high-fidelity, SDK-based ACP implementation, benchmarked against a literature-based evaluation of A2A. Using a 14 point vulnerability taxonomy, we systematically assess their defenses across authentication, authorization, integrity, confidentiality, and availability. Our results reveal a pronounced security dichotomy: CORAL exhibits a robust architectural design, particularly in its transport-layer message validation and session isolation, but suffers from critical implementation-level vulnerabilities, including authentication and authorization failures at its SSE gateway. Conversely, ACP's architectural flexibility, most notably its optional JWS enforcement, translates into high-impact integrity and confidentiality flaws. We contextualize these findings within current industry trends, highlighting that existing protocols remain insufficiently secure. As a path forward, we recommend a hybrid approach that combines CORAL's integrated architecture with ACP's mandatory per-message integrity guarantees, laying the groundwork for resilient, next-generation agent communications.