Agent Card Poisoning: A Metadata Injection Vulnerability In The Systems Using Google A2A Protocol
Summary
A metadata injection vulnerability called 'Agent Card Poisoning' has been identified in systems using Google's Agent-to-Agent (A2A) protocol, which enables communication between AI agents. The flaw allows maliciously crafted metadata to redirect sensitive data transmissions to attacker-controlled endpoints. The vulnerability was documented by Semiconductor Engineering, which covers technology relevant to industrial and manufacturing automation systems.
Why It Matters
As manufacturers accelerate adoption of multi-agent AI architectures for process automation, predictive maintenance, and supply chain orchestration, the A2A protocol is becoming infrastructure-level technology on the factory floor. A metadata injection vulnerability of this nature carries serious operational risk: compromised agent communications could expose proprietary process parameters, production schedules, quality control data, or supplier credentials to external actors. For facilities running lights-out or semi-autonomous operations where AI agents interact with PLCs, MES platforms, and ERP systems, a poisoned agent card could silently reroute operational telemetry without triggering standard intrusion detection. Security teams responsible for OT/IT convergence environments should audit any deployed A2A-enabled systems, apply vendor patches as they become available, and treat inter-agent communication channels with the same zero-trust scrutiny applied to other network segments.