Lessons from SOAP and the API era
When a new paradigm arrives, the first step is often to agree on how systems will talk, not yet on how to make those conversations safe. In the early 2000s, web services faced this problem head-on. SOAP, or Simple Object Access Protocol, offered a structured and often verbose way to exchange data between systems. It was a milestone in interoperability, but it was not security. SOAP did not stop data leaks, enforce strong authentication, or protect against malicious payloads.
It took years, along with the evolution toward REST, JSON APIs, and mature microservices patterns, before security became as standardized as the communication itself. By that point, hardened API controls such as authentication, authorization, schema validation, and rate limiting had become inseparable from the idea of doing APIs right. The lesson was clear: standards can define the rules of engagement, but only security makes those engagements safe.
We are now in the SOAP phase of agentic AI. Early protocols such as Model Context Protocol, or MCP, and Agent2Agent, or A2A, are establishing the handshake and the shared language for discovery, negotiation, and integration. They are necessary, but they are not sufficient. Just as SOAP could not make integrations trustworthy, today’s AI protocols cannot make autonomous agents safe by default.
