Google’s A2A protocol exhibits security and privacy vulnerabilities when handling sensitive data—such as payment credentials and identity documents—in multi-agent systems. To address this, we propose seven deployable enhancements that pioneer the deep integration of SCA (Strong Customer Authentication), short-lived tokens, explicit per-item authorization, fine-grained scopes, and cross-transaction joint approval into the A2A protocol, establishing a “minimal-contact + zero-retention” paradigm for sensitive data transmission. Our technical approach extends OAuth 2.1, incorporates FIDO2-based authentication, adheres to PCI DSS compliance, and employs end-to-end encrypted direct transfers. We validate the design via formal risk modeling and scenario-driven evaluation. In a vacation booking use case, our solution reduces the sensitive data exposure surface by 92%, doubles user authorization transparency (+100%), and maintains full backward compatibility with existing A2A ecosystems—requiring no modifications to the underlying communication stack.

A2A, a protocol for AI agent communication, offers a robust foundation for secure AI agent communication. However, it has several critical issues in handling sensitive data, such as payment details, identification documents, and personal information. This paper reviews the existing protocol, identifies its limitations, and proposes specific enhancements to improve security, privacy, and trust. It includes a concrete example to illustrate the problem and solution, research-backed rationales, and implementation considerations, drawing on prior studies to strengthen the arguments and proposed solutions. This proposal includes seven enhancements: short-lived tokens, customer authentication (SCA), granular scopes, explicit consent, direct data transfer, multi-transaction approval, and payment standard compliance. The vacation booking example illustrates how these enhancements reduce risks and enhance user experience.