Tavro formally announces the Agent Metadata Specification as an open source project on GitHub.
Consistent Agent Metadata is Critical for Agent Risk Management
AI agents are proliferating across the enterprise. This requires a consistent approach for Agent Risk with frameworks such as OWASP AI Vulnerability Scoring System (AIVSS). Agent Metadata is a critical underpinning for Agent Risk Assessments. However, the level of agent metadata varies significantly by platform. The Agent Metadata Specification is an open source project to introduce standards for Agent Metadata. You can find the latest publication here.
Enhancing the Google Agent2Agent (A2A) Protocol
The Google Agent2Agent (A2A) is an open protocol that provides a standard way for agents to collaborate with each other, regardless of the underlying framework or vendor. Agents can advertise their capabilities using an “Agent Card” in JSON format, allowing the client agent to identify the best agent that can perform a task and leverage A2A to communicate with the remote agent.
The Agent Card lays the operational foundation for agents to find each other, understand basic capabilities (modalities), and handshake for collaboration.
However, the Agent Card does not address the business context, risk management, and governance. The Agent Metadata Specification seeks to enhance the Google Agent Card to address these additional topics.
Areas of Focus
Here are some topics where we would appreciate input:
- Conceptual Model: We would appreciate input on additional attributes, relations, and asset classes for agents.
- Industry-Specific Agent Metadata: We already have an industry-extension for Medical Devices and look forward to additional areas of collaboration (e.g., Model Risk Management in Banking).
- Producers versus Consumers of Metadata: Are there differences in Agent Metadata requirements for producers of agent metadata (Agent Development Platforms) versus consumers of agent metadata (Agent Registries)?
Agents as Medical Devices
We have already introduced custom attributes to represent agents in the Medical Device industry. For example, the U.S. Food & Drug Administration already classifies software as a medical device in certain cases. If AI Agents were to be classified as Medical Devices then they would need custom attributes such as Universal Device Identifier (UDI), FDA Device Classification, and relationships to physical hardware.
How to Participate
These are exciting new developments. We already have a diverse and growing list of contributors, with more joining daily. Please let Sanjeev or me know if you would like to contribute or click here to get started.
