The Agentic Coordination Stack Arrives Faster Than Expected. However the Hard Problems Still Remain

Series: From Automation Tools to Agentic Orchestration - A Telemetry Guide for the Travel Industry.

This is Part 1b - The Infrastructure Interlude.  Read Part 1 – Why Semantic Telemetry Matters here.

The first instalment of this series examined why semantic telemetry matters as travel companies build reasoning workflows.  Before continuing with instrumentation, I need to address something that has changed materially since October 2025, the infrastructure those reasoning systems are now connecting to.  Your telemetry challenge just got significantly more complex and this article explains why.

Executive Summary.  The Agentic Coordination Stack is an evolving four-layer framework consisting of the Infrastructure Layer (MCP), Conversation Layer (A2A), Commerce Layer (UCP) and Trust Layer (candidates such as ERC-8004).  While connectivity has arrived via Big Tech coalitions, the travel industry still faces critical challenges in multi-agent liability, security surface area and regulatory vacuums.

---

Four months ago, I wrote about travel tech’s foundational shift towards agentic architecture.  The central argument was that AI agents would fundamentally change how queries flow through travel’s proven but fragmented infrastructure - shifting from broadcast searches to precision requests.  I also identified what I called the “missing layer”, how would agents actually find each other across an ecosystem of thousands of independent operators?

That layer is no longer missing.  It is under construction.

The telemetry series addresses visibility at the application layer - can you explain what your AI did and why?  This article addresses the layer beneath - can the infrastructure your AI depends on actually coordinate reliably across organisational boundaries.  They are the same problem at different altitudes.  The emerging coordination stack fundamentally changes what “observable” means for your reasoning systems.

In the original article, I suggested that industry standards would “begin forming, probably painfully, through market failures” in the 2027–2030 timeframe.  I was wrong, not about the standards arriving but about how they would arrive and how quickly.  Between October 2025 and February 2026, the coordination layer emerged not through painful market failures it emerged through unprecedented Big Tech coalition-building.  The Model Context Protocol now has 97 million monthly SDK downloads.  Google launched a commerce protocol backed by Visa, Mastercard, Shopify and Walmart.  Large travel companies joined the ecosystem.  For example, Sabre deployed an MCP server connecting AI agents to 50 petabytes of live travel data;  Turkish Airlines built their MCP server through its Digital Lab,  Expedia is exposing travel recommendations through the same standard.

The speed matters because it changes the strategic calculus.  When I expected standards to emerge over years through trial and error, organisations had time to watch and learn. When they arrive in months through coordinated industry action, the window for “wait and see” closes much faster than anyone - including me - planned for.

The coordination question has shifted from “will someone build this?” to “which parts of the stack will your organisation connect to first and let’s see how they plumb together.”

Here is what actually exists, what it means for travel and what nobody is talking about yet.

The Stack Takes Shape.  Four Layers, One Foundation

The coordination layer did not arrive as a single protocol.  It arrived as a stack - four complementary layers, each solving a different problem.  Understanding which layer does what is now a strategic requirement for anyone making infrastructure investment decisions.

The Infrastructure Layer. MCP Becomes the Universal Connector

The Model Context Protocol, introduced by Anthropic in November 2024, has become the de facto standard for connecting AI agents to tools, data and applications.  OpenAI adopted it in March 2025.  Google DeepMind followed in April.  By November 2025, the ecosystem had grown to over 10,000 active MCP servers with SDK downloads approaching 100 million per month.

In December 2025, Anthropic donated MCP to the newly formed Agentic AI Foundation under the Linux Foundation - co-founded by Anthropic, Block and OpenAI with support from Google, Microsoft, AWS and Bloomberg.  This matters because it moves MCP from “one company’s project” to vendor-neutral infrastructure governed the same way Kubernetes and PyTorch are governed.

For travel specifically, the implications are already tangible.  Sabre launched a proprietary MCP server in September 2025, enabling AI agents to search, book and service trips through its SabreMosaic platform.  (February 2026: Mindtrip, Sabre and Paypal have announced their partnership on an agentic end to end solution.)  Turkish Airlines has an MCP server accessible through Claude and VS Code, developed through its Digital Lab as an evolving initiative rather than a finalised product.  Apaleo launched an MCP server for hotel operations - availability checking, reservation modifications - alongside an AI agent marketplace for hospitality.  Expedia is exposing travel recommendations through MCP endpoints.  Flightradar24 has deployed an official MCP server that gives agents access to real-time flight positions, arrival data and airport activity - the operational intelligence layer that allows an agent to rebook a traveller before they even know their flight is delayed.

The pattern extends beyond booking and inventory into the real-time operational data that makes agents genuinely useful.  MCP is becoming the standard interface through which agents interact with travel infrastructure at every layer - from trip planning through to in-journey servicing.  I have made the argument before that agents will route around systems that cannot be queried.  What has changed is that “queryable” now has a specific technical definition - an MCP endpoint - and the cost of not having one is becoming measurable in lost agent traffic rather than theoretical competitive risk.

The Conversation Layer. A2A Enables Agents to Find Each Other

MCP connects agents to tools.  It does not connect agents to other agents.  That is the role of Google’s Agent-to-Agent protocol (A2A), launched in April 2025 with over 50 technology partners and now supported by more than 150 organisations.

A2A introduces “Agent Cards” - JSON-format discovery documents published at standardised endpoints that describe what an agent can do.  The idea is that when a traveller’s personal agent needs to find a hotel booking agent, it reads these cards to understand capabilities, negotiate interaction terms and coordinate tasks.  Google donated A2A to the Linux Foundation in June 2025.  What happened next illustrates how this space is maturing. IBM’s competing Agent Communication Protocol (ACP), which addressed gaps in MCP around persistent memory and long-running tasks, merged its governance into A2A rather than continuing as a rival standard.  The pioneer protocols are converging - experimentation is giving way to consolidation under shared governance.

A2A has significant institutional backing but limited production deployment evidence.  Most announced partnerships represent commitments to support the protocol rather than verified live implementations.  Some observers note that the developer ecosystem has consolidated more heavily around MCP, with Google itself adding MCP compatibility to its AI services.  A2A’s long-term role may be as the coordination standard for enterprise multi-agent business to business workflows - the protocol through which a travel management company’s agent negotiates with an airline’s agent - rather than as a broadly deployed consumer-facing layer.

The Commerce Layer.  UCP Changes the Transaction Equation

Google’s Universal Commerce Protocol, unveiled on 11 January 2026 at the National Retail Federation conference, may prove to be the most consequential development for travel since I wrote the original article.

UCP creates a common language for agentic commerce across the entire transaction journey: discovery, checkout and post-purchase support.  It was co-developed with Shopify and endorsed by more than 20 partners including Visa, Mastercard, American Express, Stripe, Adyen, Walmart and Target.  Merchants publish a capability manifest at /.well-known/ucp - a machine-readable declaration of what services they support, from checkout to loyalty programmes to fulfilment options.  Agents discover these capabilities, negotiate what they can handle and complete transactions.

The architecture is deliberately modular.  Shopify’s engineering team described the design philosophy, “Commerce is humanity’s longest-running trade.  Universal, but not uniform.”  Payment options differ by cart, buyer and market.  Discount rules rival tax codes in complexity.  Fulfilment options create what they call “runaway permutations.”  UCP accommodates this complexity through layered capabilities and extensions that merchants and agents can adopt selectively.

For travel, the implications are significant.  UCP is compatible with both MCP and A2A, meaning an autonomous agent can discover a hotel’s capabilities through its UCP manifest, interact with its booking system through MCP and coordinate with other agents through A2A.  The protocol currently powers checkout on Google’s AI Mode in Search and the Gemini app - initially US-only, with global expansion planned for later in 2026.

The strategic tension within UCP is clear as it threatens to turn the 'search and compare' model - the multibillion-dollar moat of the OTAs - into a background utility.  If a traveller can discover, evaluate and book a property within a conversational AI interface without visiting an OTA’s website, the intermediary value proposition needs to be rebuilt around something other than search aggregation.

The early signals suggest the major OTAs understand this. Expedia has deployed an MCP server exposing travel recommendations - hotels, flights, activities and cars - to AI agents including ChatGPT.  Separately, Google has named Expedia alongside Booking.com, Marriott, IHG, Choice Hotels and Wyndham as a partner in building out its broader agentic commerce experience.  The architecture is revealing that discovery is open through MCP, however, the transaction relationship is being protected through partnership with the commerce layer.  The value proposition is shifting from “we help you find it” to “we own the trusted infrastructure where payment, fulfilment and accountability converge.”  This reinforces my central thesis: in an agentic world, the moat is no longer just your data, i.e. what you know, it is now also how reliably you can act on that data.

That said, UCP is one month old.  Calling it the “HTTP of commerce” - as some have - is premature.  It is the strongest candidate for a universal commerce standard, backed by the most powerful coalition.  However, production deployment at travel industry scale remains ahead, not behind us.

The Trust Layer. ERC-8004 as an Emerging Signal

Ethereum’s ERC-8004 standard, which went live on mainnet in late January 2026, takes a fundamentally different approach to the trust problem.  Rather than relying on corporate identity (as A2A does) or merchant declarations (as UCP does), it creates on-chain registries for agent identity, reputation and validation.  This enables autonomous agents to build verifiable track records without pre-existing institutional trust relationship.

An important distinction.  ERC-8004 is not a transaction execution layer.  Agents will negotiate and transact at the speed of MCP and A2A.  The blockchain remains far too latent for the millisecond coordination agents require.  Instead, ERC-8004 provides a reputation anchor.  Think of it as the difference between a live conversation and the official transcript. An agent completes a booking through MCP and settles payment through UCP; then the outcome – the successful delivery, dispute, cancellation – is recorded on-chain as a verifiable credential.

While the blockchain provides the immutable record, the actual "trust signal" is consumed by agents via high-speed indexers.  This ensures that a hotel’s reputation is available at the millisecond speeds required for real-time discovery, even if the underlying "Golden Record" on-chain only updates every few minutes.  Over time, these credentials accumulate into a “trust score” that any other agent can query before deciding whether to engage.  You are not trusting the blockchain to do the work; you are trusting its immutable memory to recall who performed reliably.  (This feels like a full circle moment as I think back to my early forays into blockchain with the Rezchain settlement solution in 2019 - the tech has evolved, but the fundamental need for a "single source of truth" remains).

For most travel enterprises, ERC-8004 is not an immediate "plug-and-play" action item.  While the standard is live, its ecosystem is nascent, with primary traction currently limited to Web3-native contexts like DeFi and decentralised marketplaces.  However, the problem it addresses – ‘how do you trust an agent you have never interacted with before?’ - is genuinely important for the long-tail travel economy.

A boutique hotel in Bali cannot practically sign enterprise contracts with every emerging agent platform.  A mechanism that allows that hotel to build algorithmic reputation through verified service delivery could eventually reduce the barriers to global distribution.

The more likely near-term path for trust in travel agent coordination will run through enterprise standards - OAuth tokens, corporate identity, UCP merchant verification.  However, even these carry assumptions that agentic systems challenge.  When an agent acts on behalf of a traveller, what identity does it present?  What permissions does it inherit and how are those permissions scoped, time-limited and revoked?

Delegation - the mechanism by which a human grants an agent authority to act - is currently an active security battlefield with no settled standard.  Practitioners are already flagging that AI-augmented attacks can secure elevated privileges in minutes, far faster than traditional human-in-the-loop verification can intercept.

The trust layer must eventually solve identity delegation at "machine speed."  While ERC-8004 acts as a vital historical record, it is a lagging indicator. It tells you whether an agent performed reliably last month, not whether its credentials have been compromised in the last hour.

The immediate challenge for the industry is ensuring that the enterprise trust mechanisms we default to are fit for agentic coordination.  We cannot simply inherit security models from a human-paced world; we need a hybrid approach where enterprise credentials provide immediate access and decentralised registries ensure long-term integrity.

What Nobody Is Solving. The Problems That Will Determine Whether Any of This Works

The protocol stack is impressive.  The coalition backing it is unprecedented.  None of it addresses the hardest problems in travel agent coordination…

Liability in Multi-Agent Failures

When a traveller’s agent coordinates with an OTA’s agent, which negotiates with a hotel’s agent and the booking fails mid-transaction - who pays?  UCP specifies that merchants remain the seller of record.  However what happens when the failure occurs in the coordination layer itself?  When stale data causes a booking that should not have been possible?  When payment is processed but inventory has been released to another agent simultaneously?

This is not a hypothetical problem waiting to emerge from the agentic future.  It is an existing problem that the coordination stack inherits.  Not long ago, our family party of seven arrived at a hotel for a stay we had booked and paid for months in advance.  The hotel had no record of our payment.  Somewhere in the chain of intermediaries between our booking and the property, settlement had failed - the money had left us but had not reached them.  The hotel staff wanted to help but understandably needed assurance they would be covered.  We spent what should have been the first evening of a holiday on the phone to intermediaries, arguing with systems that could not tell us where the breakdown had occurred.

In today’s human-mediated system, you can at least pick up a phone, escalate through a complaints process and eventually find a person with enough authority to override the system.  It is stressful and inefficient, but the resolution path exists because humans can exercise judgment outside the system’s rules.  Now imagine that same failure distributed across three protocol layers, four agents and two payment systems - each logging in different formats with different retention policies.  The coordination stack does not create this problem.  It amplifies it by removing the human judgment that currently provides the safety net while adding complexity that makes diagnosis harder.  When every interaction is automated but no single system holds the authoritative record of what happened, you have not just automated the transaction – you have automated the ambiguity.

The semantic telemetry challenge from Part 1 of this series - reconstructing why an AI made a specific decision - compounds at the coordination level.  It is one thing to trace reasoning within a single application.  It is another entirely to trace a decision path across four agents, three protocol layers and two payment systems.  No protocol in the current stack defines liability for coordination failures or mandates the cross-system traceability needed to resolve them.  Until it does, the trust gap will not close.  McKinsey’s analysis of the Skift State of Travel 2025 report found that over 90% of consumers report confidence in AI-generated travel information - but only 2% are willing to grant an AI tool full autonomy to make and modify bookings without human oversight.  That is a 45x gap between trusting information and trusting action and it exists precisely because the accountability infrastructure has not been built.

Security Surface Area Expanding Faster Than Security Solutions

The identity and delegation challenges raised above sit within a broader security landscape that is already showing strain.  MCP has produced documented vulnerabilities - command injection in the mcp-remote package compromising over 437,000 developer environments, browser-based attacks enabling remote code execution in MCP Inspector.  Security researchers flagged outstanding issues as early as April 2025, including prompt injection risks, inadequate tool permissions and confused deputy attacks.  Enterprise gateway products are emerging to address these risks but the security tooling is trailing the protocol adoption by months, not leading it.

The deeper concern is architectural.  Every protocol layer in the coordination stack generates security events - authentication requests, permission negotiations, data access patterns, transaction flows.  The volume of events that agentic systems will push into security monitoring infrastructure (SIEM and SOAR platforms) is materially different from what those systems were designed to handle.  If the detection, triage and containment of threats cannot operate at the same speed as the agents creating the traffic, then security teams are left investigating breaches that completed before the alert was processed.  Some enterprise security platforms currently measure ingest and processing times in hours, not the milliseconds-to-seconds range that agentic coordination demands (or will demand).  The coordination stack does not just introduce new vulnerabilities - it operates at a tempo that renders traditional security operations architecturally insufficient.

Settlement and Reconciliation in Distributed Transactions

Current travel platforms own entire transactions.  One point of failure equals one point of accountability.  Agentic systems distribute coordination across multiple agents, creating micro-failure points at massive scale.  Nobody in the current protocol ecosystem is publicly addressing how settlement works when a multi-agent booking spans three different protocol layers, two payment systems and four independent service providers.  The “boring” infrastructure of compensating transactions, automated rollback and financial reconciliation remains unbuilt.

The Regulation Vacuum

No jurisdiction has clear rules for agent-mediated transactions.  Who is the “consumer” when an agent books on their behalf - the human or the agent?  How does GDPR apply when agents negotiate using anonymised requirement specifications?  What insurance frameworks cover multi-agent coordination failures?  These questions require answers before mainstream adoption and the answers are unlikely to emerge from protocol specifications alone.

What This Means Now.  Protocols Existing Is Not Protocols Working

The coordination stack is real.  The investment signals are clear.  The competitive dynamics between Anthropic, OpenAI, Google and Microsoft have produced complementary standards now converging under open governance.  The parallel that matters is not the often-cited “this is like the early internet” but a specific lesson from it.  The internet’s security architecture was bolted on years after the connectivity layer shipped.  SSL did not arrive until 1995, six years after Tim Berners-Lee’s first web server.  The agentic coordination stack is repeating this pattern - connectivity first, security and accountability later.  The difference is that the transactions flowing through this stack involve real money and real travel from day one.

I have argued consistently - in the original agentic architecture piece, in work on loyalty evolution and elsewhere in my writing - that the competitive advantage belongs to whoever makes distributed coordination reliable when it matters most.  That thesis has not changed.  What has changed is that “reliable coordination” is no longer an abstract aspiration.  It has specific, actionable dimensions that did not exist four months ago.

Here is what is different now that the protocols exist:

• The telemetry requirement has a new floor.  If your organisation is building reasoning workflows (the subject of this series), your observability stack now needs to trace across MCP calls, A2A negotiations and UCP transaction flows.  The instrumentation challenge from Part 1 does not just apply within your application - it extends across every protocol boundary your agents touch.  This is the practical connection between the telemetry series and this infrastructure interlude.

• The build-versus-wait decision has collapsed.  When I expected standards to take years, “wait for clarity” was defensible.  With MCP at 97 million monthly downloads and UCP backed by Visa and Mastercard, the clarity window is closing.  The question is no longer whether to engage with the coordination stack but which layer to engage with first - and for most travel companies, that means an MCP endpoint for your core inventory and pricing data.

• The hard problems now have names.  Before February 2026, “we need to solve trust” was vague.  Now, the unsolved problems are specific: liability allocation in multi-agent failures, cross-protocol transaction tracing, settlement and reconciliation across distributed booking flows and regulatory clarity on agent-mediated consumer rights.  These are engineering and governance challenges that can be scoped, resourced and prioritised - not abstract concerns to worry about later.

• Nobody has answered the cost question.  The protocols are open but participation is not free.  Every MCP interaction requires passing tool manifests to the language model - a per-query token cost that compounds at booking-volume scale.  Security compliance expands because every new protocol endpoint is a new attack surface requiring audit.  Integration maintenance is ongoing because the protocols themselves are evolving monthly.  The assumption that MCP “flattens” distribution may prove naive - early signals suggest that intermediaries are wrapping legacy inventory in MCP-compatible interfaces, positioning themselves as protocol gatekeepers rather than being disintermediated.  What does all of this actually cost a mid-size hotel chain?  What’s the ROI timeline when agent-mediated bookings represent 2–5% of volume?  How do smaller suppliers - the boutique hotel in Bali, the independent tour operator - participate in a protocol ecosystem designed by and for the largest technology companies?  Until someone answers these questions, the coordination stack risks becoming infrastructure that only the well-resourced can afford to join.

The stack is here.  The construction site is open.  The hardest work, i.e. making it reliable, accountable, affordable and trustworthy, has not started.

---

This is Part 1b of the series “From Automation Tools to Agentic Orchestration - A Telemetry Guide for the Travel Industry.”  It also follows “Travel Tech’s Foundational Shift Towards Agentic Architecture” (October 2025).  Sources include protocol documentation from MCP, A2A and UCP; Linux Foundation and AAIF announcements; Sabre, Shopify and Google engineering publications; McKinsey and PhocusWire travel industry analysis; and independent developer assessments.  Where claims about adoption or deployment status are made, they reflect the most conservative interpretation of available evidence as of February 2026.