Agent Interoperability
- Updated: 2025/12/09
With open standards, developers and automation administrators can enable enterprise-wide Agent Interoperability. This means that different AI Agents and automation systems can talk to each other, share data and context, and work together smoothly across different platforms and vendors. It removes automation barriers across all interfaces.
Benefits
You can connect Automation Anywhere AI Agents with agents from other companies. This allows for smooth teamwork across different platforms. It helps avoid isolated systems, keeps the system up-to-date, and ensures it can grow easily—without being tied to one vendor.
- Seamless collaboration across Automation Anywhere AI agents, third-party AI Agents, and enterprise systems.
- Lower integration costs by eliminating custom point-to-point connectors.
- Dynamic discovery of tools and actions at runtime.
- Reliable automation with built-in context continuity across calls.
- Unified governance and security through centralized authentication, logging, and access control.
- Composable orchestration for flexible, multi-agent workflows.
Architecture
Model Context Protocol (MCP) inbound [powered by our Process Reasoning Engine (PRE)] allows third-party AI Assistants to safely start Automation Anywhere automations using a multi-tenant, user-aware MCP gateway. See Process Reasoning Engine and generative AI.
- Inbound connectivity: Automation Anywhere is receiving request from third-party AI Agents and third-party AI Assistants.
- Outbound connectivity: Automation Anywhere AI Agents are making requests to third-party AI systems and AI Agents.
- Agents A, B, and C: These are individual AI Agents built with different frameworks and specialized in various tasks, such as an HR agent or a Data agent. They can act as both clients (starting requests) and servers (providing services).
- Interoperability Layer: This is the main part of the system that allows agents to communicate smoothly with each other.
- Discovery Service (Registry): A directory where agents register their abilities and endpoints using standardized metadata in JSON format. Client agents use this service to find the right remote agents for a specific task.
- Communication Protocols: (MCP, A2A) These are common language and rules for agents to interact. They manage message exchange, task handovers, and conversation history (session management). A2A (Agent to Agent) focuses on peer-to-peer communication, while protocols like MCP can manage connections to tools.
- Security & Governance: All agent interactions are controlled using RBAC, authentication, AI governance, and guardrails. These tools makes sure everything is secure, follows the rules, and can be watched. They take care of checking who you are, what you can do, and keeping track of what happens to ensure safe and rule-following actions.
- Shared Context/Memory: A common place or system for agents to access shared context, ongoing task status, and conversation memory, preventing information silos.
- External Systems (APIs/Tools Gateway, Databases): These are existing enterprise tools and data sources that agents interact with to perform actions (such as accessing an employee database or using a scheduling API). MCP often defines how agents connect to these tools.
Security and governance
Security and governance are very important in Agent Interoperability. The safeguards, encryption, and trust boundaries used in this framework are crucial.
Security is a key part of MCP. It protects sensitive data and ensures that customers follow the necessary rules. We make sure that all MCP tool calls are authenticated using a zero-trust approach; nothing can move through the Agent Interoperability framework without authentication.
- Every user accessing or trying to use these tool calls must be authenticated first. We support API key-based authentication.
- Everything is controlled by role-based access control (RBAC). The place where MCP inbound tools are created (on the Agent connection page) is RBAC. Only authorized users can create new MCP inbound tools.
- When accessing a bot [using our Process Reasoning Engine (PRE)], you must ensure that the user whose identity is being used to run the automation can only access the MCP inbound tools for which they have permissions in the repository. This user must have minimum run permission.
All interactions between the MCP client and MCP server, and between the MCP server and the Automation Anywhere Control Room, are encrypted. We use TLS 1.2 encryption, which means all communication goes through a secure channel.
All MCP inbound tool calls are logged for traceability and governance purposes.
Traditional APIs versus Agent Interoperability
| Feature | Traditional APIs | Agent Interoperability |
|---|---|---|
| Tool discovery | Static, predefined; require agents to know endpoints and parameters upfront | Dynamic, runtime discovery; agents discover capabilities at runtime |
| Context | Manual management | Automatic continuity; maintains context continuity and governance across calls |
| Orchestration | External, brittle; APIs break easily with unexpected inputs | Built-in, composable |
| Vendor support | Locked-in | Cross-vendor, open |
| Security | Fragmented | Centralized governance |
Availability
| License type | Accessible features |
|---|---|
| Base license |
|
| Enterprise license | Besides what is included in the Base license, the PRE/Automation Discovery Service is also available. |