As opposed to Benedict Evans yesterday on @LennysPodcast:
Benedict:
"My most controversial opinion is that I think that Al is as big a deal as the internet or mobile and only as big a deal as the internet or mobile."
Jay Graber, Bluesky CEO, moved to Seattle during pandemic, now leading 40M+ user decentralized social network built on AT Protocol. Company runs with 30-person team, no official headquarters. Graber describes herself as "pragmatic idealist" stewarding what she calls "collective organism" rather than commanding traditional startup. Protocol designed to outlast any single platform. Secured independence from Twitter before Musk acquisition, positioned Bluesky as infrastructure layer not just destination. Advocates user-controlled AI agents on social networks, sees parallels between printing press chaos and current tech transformation period.
Graber secured legal independence from Twitter before the Musk acquisition, positioning the AT Protocol as substrate rather than product. 30-person team, no HQ, "high agency, low ego" structure mirrors the decentralized architecture. She chose pragmatic adoption over purist decentralization when Dorsey pushed for purity, held ground, survived the $13M contract termination.
II. Reflection
Background spans digital rights activism, blockchain, crypto mining, privacy tech. The pattern: operator-educator who builds then teaches. Her AI framing cuts through hype: question isn't whether AI is good/bad but who controls it. Envisions users running own AI agents locally versus platform-optimized systems extracting value.
III. Question
Can protocol-as-substrate outlast platform incentives when VC returns require concentration not dispersion? Does pragmatic path toward mass adoption ultimately recreate centralization under different aesthetics? Can user-controlled AI agents compete with centralized providers given training costs and compute requirements?
IV. Paradox
Company must be expendable for protocol to become foundational. She explicitly unbundles company success from protocol success: "If the protocol becomes widely adopted, that's huge success" even if Bluesky fails. The accessibility that drives adoption creates lock-in that resists the promised portability.
V. Prediction
Near-term: 100M users, limited protocol adoption outside Bluesky. Critical juncture at 3-5 years: either multi-app ecosystem emerges or network effects concentrate around single implementation. Regulatory interoperability mandates (EU DMA expansion) could force protocol standardization. Wildcard: Bluesky fails but protocol outlasts company, another AT Protocol app achieves scale.
November 25 release, with RC on Nov 11—important that they’ve built in a 14-day validation window.
Working Groups & Interest Groups formalized, governance distributed.
MCP Registry now live as discovery backbone.
Async ops (SEP-1391) broaden use cases beyond quick tasks.
Statelessness & scalability addressed by Transport WG.
Server identity via .well-known makes discovery more intuitive.
Most popular protocol extensions being codified.
Tiering system for SDKs adds transparency on compliance & support.
Curious tension: MCP is positioning as both a protocol and an ecosystem backbone. Worth questioning whether tiered SDK support accelerates adoption or risks fragmentation.
Emergence suggests MCP is moving from “experimental” into “production AI plumbing.” If async, registry, & identity land cleanly, integration patterns could stabilize quickly.
1. Capability gating - Don't declare sampling capability during init for external/untrusted servers.
Keep it enabled only for internal trusted ones.
2. Human approval loops - Force manual review before any sampling request hits your LLM. Protocol says "SHOULD" not "MUST" so implementation varies.
3. Token rate limiting - Set max_tokens params client-side when calling LLM APIs. Again, relies on individual devs following policy.
4. True MCP proxy - Terminate & reestablish connections (not just network filtering). Enables granular controls like "sampling for tool A but not B."
The real issue: first 3 strategies depend on individual developers following security policies. Only #4 gives centralized control.
Sampling's a double-edged sword - shifts LLM costs from server to client (good for internal workflows) but opens denial-of-wallet attacks from malicious external servers.
Most orgs probably don't even know this feature exists yet.
Worth noting the travel booking example is compelling - instead of travel team paying tokens to format JSON responses, the requesting department's LLM budget handles it. Smart cost allocation if you can secure it properly.
Google launches AP2: an open payments protocol for AI agents
Google just announced Agent Payments Protocol (AP2): standard meant to let AI agents securely transact across cards, bank transfers & even stablecoins. It uses cryptographically-signed “mandates” to prove intent & create an auditable trail from request → cart → payment.
Apparently 60+ partners on board (Amex, PayPal, Mastercard, Coinbase, etc.).
Google frames this as the foundation of “agentic commerce.”
Is it possible that w/i 6 months an agent-to-agent transaction for a large sum will go wrong, exposing the accountability gaps AP2 is meant to solve?
Is AP2 the missing trust layer for autonomous commerce, or just the start of a messy collision btw agents, payments standards & liability?
IBM announced in March 2025 its Agent Communication Protocol (ACP) but is now abandoning the ACP name and merging ACP efforts with Google’s Agent2Agent (A2A) protocol at the Linux Foundation. The ACP team is winding down as the industry backs A2A for open, community-driven AI agent interoperability under Linux Foundation governance. This move aims to unify protocols and avoid fragmentation in AI agent standards.
That seems odd. Even with an A2A protocol, don’t you still need to standardize a client “surface” or “API” or whatever, so agents can describe IDE actions they want to trigger in the expected terms over that protocol?
Or is A2A like USB, where it acts as both a registry of, and “standardized standardization process” for, suites of concrete message types for each use-case?
Like, yeah, when a "client" drives an "agent", that's no different than what any generic "agent" would be doing to drive an "agent"; an IDE or what-have-you can just act as the "parent agent" in that context.
But when an "agent" is driving a "client", that's all about the "agent" understanding that the "client" isn't just some generic token-driven inference process, but an actual bundle of algorithms that does certain concrete things, and has to be spoken to a certain way to get it to do those concrete things.
I had assumed that IBM's older ACP was in large part concerned with formalizing that side of interoperation. Am I wrong?
The final level represents multiple autonomous agents collaborating on projects, each specialising in different aspects of software delivery. This level represents a fundamental rethinking of software development, with agentic AI teams delivering alongside human teams. As above, given current tech, it’s not possible to achieve this level without human supervision and direction, so we consider it experimental.
Benedict: "My most controversial opinion is that I think that Al is as big a deal as the internet or mobile and only as big a deal as the internet or mobile."
https://youtu.be/BD3vLtWhT5A