aiagentrank.io
Subscribe
🔬Research7 min read

Agentic AI Standards 2026: The Foundations Every Vendor Is Joining

Why agentic AI standards bodies and foundations matter in 2026, what they're actually doing, the major players (MCP, A2A, Agent Protocol, the AI alliance landscape), and what enterprise buyers should expect from vendor standards posture.

Eyal ShlomoPublished May 23, 2026

Standards in agentic AI matter more than the marketing wars between vendors. The vendors who'll still be around in five years are the ones whose customers can move off them without rewriting. The ones who fight standards are the ones who'll see their customers walk to the ones who embrace them. This guide is the landscape in May 2026 — which standards are real, which are emerging, and what enterprise buyers should demand.

The agent layer is mid-standardization. MCP won 2025. Other layers — agent-to-agent communication, identity delegation, observability schemas, eval rubrics — are still in motion. This article maps what's settled, what's contested, and what buyers and builders should care about today.

It sits next to agent stack reference, AI agent compliance, best MCP servers 2026, and state of agentic AI May 2026.

Why standards matter to buyers

Three reasons enterprise buyers care about agentic AI standards in 2026:

1. Reduce vendor lock-in

Build 50 agent workflows on proprietary vendor X's tool format and your switching cost when vendor X disappears, gets acquired, or raises prices is brutal. Build them on open standards (MCP for tools, portable prompts, exportable configurations) and the switching cost stays manageable.

2. Compose best-in-class

The agent stack has 7 layers (see agent stack reference). Standards let you pick best-in-class at each layer rather than buying a vertically-integrated suite where the worst layer drags down the rest.

3. Procurement and compliance

Standards bodies and compliance frameworks reduce vendor evaluation cost. "SOC 2 Type II + ISO 27001 + MCP-compatible" is a much faster procurement conversation than "trust us."

The standards that have settled

MCP (Model Context Protocol)

The clearest winner of the 2024–2026 standards race. Anthropic-introduced, vendor-neutral, now supported across all major coding agents and most orchestration frameworks.

What MCP standardizes: how an AI agent calls a tool (a function with a typed schema), how the tool replies, the conversation protocol between agent and tool server. It's deliberately narrow — it doesn't standardize the orchestration framework, the model interface, or the agent's reasoning.

Practical impact: an MCP server you write today (or pick from our best MCP servers 2026) works across Claude Code, Cursor, Cline, Codex CLI and the rest.

See MCP, how to use MCP.

OpenTelemetry for agent traces

Not agent-specific but increasingly the standard for emitting agent observability traces. Langfuse, Helicone and Arize all accept OTel input. Future-proofs the observability layer.

See AI agent observability, agent observability.

Existing identity and access standards

OAuth 2.0, OIDC, SAML, FIDO2 — these existed before AI agents and remain the right base layer. AI agent identity layers on top.

See agentic AI identity stack, AI agent security.

The standards still in motion

Agent-to-agent communication

Multi-agent systems need a way for agents to talk to each other across vendor boundaries. Multiple efforts exist:

  • The MCP project has discussed extending into agent-to-agent.
  • Independent agent-protocol proposals from various working groups.
  • Vendor-specific implementations (CrewAI's "process," LangGraph's sub-graphs, AutoGen's group chat).

Convergence likely through 2026–2027. Until then, expect vendor-specific implementations.

Eval and benchmark rubrics

There's no universally-accepted "agent reliability" eval framework yet. Multiple efforts compete:

  • SWE-bench for coding agents.
  • GAIA benchmark for general agents.
  • Domain-specific evals.
  • Vendor-specific benchmarks.

Expect more standardization through 2026 — independent benchmark consortia are forming. See AI evals, benchmark.

Delegation and consent

When an agent acts on a user's behalf, the consent and delegation chain needs to be standardized. OAuth's "Rich Authorization Requests" (RAR) and GNAP (Grant Negotiation and Authorization Protocol) are emerging but not yet ubiquitous.

Agent identity

How an agent identifies itself to other agents, services and audit logs is still vendor-specific in 2026. SPIFFE/SPIRE for workload identity is the closest thing to a base layer; agent-specific extensions are emerging.

Memory / context interchange

Moving an agent's memory between platforms — taking your Letta memory and putting it into someone else's stack — has no standard yet. Significant ecosystem effort needed.

The major standards bodies and foundations

A non-exhaustive map:

  • Linux Foundation — multiple AI-flavored projects; agent-related working groups.
  • AI Alliance (IBM-Meta-led) — coordinates open AI work across major contributors.
  • OpenAI / Anthropic / Google — each maintains their own developer ecosystem; each contributes to open standards selectively.
  • NIST — AI RMF (US federal-adjacent reference).
  • ISO / IEC — formal international standards including the AI management standard ISO/IEC 42001.
  • IEEE — engineering-flavored AI standards.
  • CNCF (Cloud Native Computing Foundation) — for cloud-native AI agent infrastructure.
  • OpenSSF — security for open-source AI software supply chain.
  • W3C — web standards including some AI-adjacent work.
  • ETSI — European telecom AI standards.

Plus countless industry-specific and national bodies. The picture is fragmented; convergence happens incrementally.

What enterprise buyers should ask vendors

Six markers for "this vendor's standards posture is mature":

  1. MCP support for the tool layer.
  2. Open API documentation for the agent and its components.
  3. Portable prompt and configuration formats — can you export your work?
  4. Compliance certifications — SOC 2 Type II, ISO 27001, FedRAMP if applicable. See AI agent compliance.
  5. OpenTelemetry compatibility for observability traces.
  6. Documented sub-processor list and DPA in the standard formats.

Vendors checking all six are enterprise-ready. Vendors checking 0–2 are not yet, regardless of their demo polish.

What standards posture won't yet check (in 2026)

These remain open and shouldn't be a procurement blocker:

  • Universal agent-to-agent protocol.
  • Universal eval rubric.
  • Memory interchange format.
  • Cross-vendor agent identity.

When a vendor says "we follow the agent standard for X" in these areas, ask which one — there isn't one yet.

The right strategy

Three rules for buyers in May 2026:

  1. Buy on capability + standards posture. Don't wait for standards convergence; do require strong standards posture.
  2. Prefer open over proprietary at the connector layer. MCP, OpenTelemetry, OIDC, etc.
  3. Plan for migration. Whatever you build today will probably be partially rebuilt in 3–5 years as standards mature. Cleanly-architected stacks make migration cheaper.

The honest summary

Standards in agentic AI are mid-formation. Some layers (tool calling via MCP) have settled. Others (agent-to-agent, memory interchange, evals) are still moving. The vendors who'll be around in five years are the ones embracing the settled standards and contributing constructively to the ones still being made.

For enterprise buyers, the practical advice doesn't change with standards velocity: buy on capability and standards posture today; expect to migrate components as the field matures; don't wait for the future to ship.

For broader buying and architectural framing see agent stack reference, how to pick an AI agent, how to evaluate AI agent, methodology, and the leaderboard.

Agents mentioned in this post

More from the blog

← All posts