End-to-End Encrypted Agent Communication

A2A Secure

End-to-end encrypted communication for AI agents

The encryption layer for agent protocols. Starting with Google A2A.

See it break ↓
The Gap

What's Missing from Google A2A

Google's Agent-to-Agent protocol defines how agents discover and talk to each other. It says nothing about securing that conversation.

Feature Google A2A A2A Secure
Authentication Bearer token Ed25519 signatures
Encryption None AES-GCM 256-bit
Key rotation Manual Automatic (24h)
Replay protection None 60s window + trace ID
Key compromise blast radius Full system Current session only
Self-healing on key change No /introduce auto-handshake
Architecture

How It Works

Three interlocking mechanisms that make agent communication both secure and resilient.

🔒
Cold/Hot Key Architecture
Your offline cold wallet delegates authority to a rotating hot key. Hot keys rotate every 24 hours. Compromise a hot key? Only one session exposed.
cold wallet → delegation → hot key → message signing
🔄
Self-Healing Trust
Keys rotate automatically. When a peer doesn't recognize your new key, the protocol re-introduces itself. Zero downtime, zero human intervention.
key rotation → 403 → /introduce → ✓ success
🌐
Google A2A Compatible
Drop-in extension for Google A2A. Same JSON-RPC 2.0 interface, with encryption and signatures added. Your existing A2A agents work unchanged. Starting with A2A — MCP support planned.
/.well-known/agent.json + POST /a2a · MCP next
Interactive Demo

Chaos Monkey

Now see it in action. Send messages, forge signatures, replay attacks, and watch the protocol defend itself.

Click a button to simulate a protocol scenario.
Event Log
00:00:00 Protocol simulation ready.
00:00:00 Zen and Neo online. 5 agents in network.
Why It Matters

When You Need A2A Secure

Google A2A tells agents how to talk. A2A Secure makes sure nobody else is listening.

🏢
Cross-Organization
When agents from different companies communicate — supply chains, M&A due diligence, multi-vendor workflows — HTTPS protects the pipe, not the payload. The server operator sees everything. A2A Secure provides true end-to-end encryption between agents.
agent (Acme) ⇄ agent (Logistics) — E2E, no intermediary reads
🛡
Regulated Industries
HIPAA, GDPR, and PCI-DSS require end-to-end encryption for sensitive data in transit. Transport-level HTTPS doesn't satisfy application-layer audit requirements — A2A Secure does.
§ HIPAA 164.312 / GDPR Art.32 → application-layer E2E ✓
🤝
Agent Marketplace
As agents cross organizational boundaries — open federations, agent-to-agent marketplaces — you need cryptographic identity, not just API keys. Cold keys prove who an agent is, not just which server it runs on.
cold_key = permanent identity → trust without central authority
Try It

Live Endpoints

These are real production endpoints. Two agents, running 24/7. Try them right now.

Agent Discovery (Neo @ Oracle Cloud)
# Fetch the Google A2A Agent Card
curl -s http://89.168.70.9:8080/.well-known/agent.json | jq .
Health Check
# Check if the agent is alive
curl -s http://89.168.70.9:8080/health | jq .
Send a Google A2A Message
# Send a message via the Google A2A JSON-RPC interface
curl -s -X POST http://89.168.70.9:8080/a2a \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": "demo-1",
    "method": "message/send",
    "params": {
      "message": {
        "role": "user",
        "parts": [{"kind": "text", "text": "Hello from the web!"}],
        "messageId": "web-test-1"
      }
    }
  }' | jq .
Zen @ AWS (Frankfurt)
# Same endpoints available on Zen
curl -s http://3.126.166.177:8080/.well-known/agent.json | jq .
Production Proven

Running 24/7 Since February 2026

Not a prototype. Not a whitepaper. Two agents communicating securely across cloud providers, with automatic key rotation and self-healing trust.

Zen
Provider: AWS EC2 (Frankfurt)
Instance: t3.micro
Primary model: Claude Sonnet 4.5
Channels: Telegram, Slack
A2A port: 8080
Neo
Provider: Oracle Cloud (Frankfurt)
Instance: A1.Flex ARM
Primary model: GPT-5.3 Codex
Channels: Telegram, Slack
A2A port: 8080
MIT License Python 3.10+ 0 dependencies Google A2A compatible MCP support planned Schema v2.6