Agentic Supply Chain

Demystifying AI Agent Technology for Tangible Supply Chain ROI

Agentic Interoperability: Why Your AI Agents Shouldn't Be Hermits

May 20, 2026 By Srini Pattabiraman

A Fortune 500 CPG I sat with last quarter has shipped — by their own count — eleven AI agents into production across planning, procurement, and logistics. SAP IBP demand sensing flags a regional spike. A Coupa Navi agent renegotiates payment terms with a Tier 2 supplier. A Manhattan slotting agent inside their 3PL re-balances the DC. A Project44 visibility agent flags a port dwell.

Eleven agents. Zero of them talk to each other.

What connects them is a planner in Cincinnati who reads the SAP alert, opens a Teams thread with the 3PL, emails the carrier rep, and updates the supplier portal by hand. The agents made every individual step faster. The handoffs between them are exactly as slow as they were in 2019.

This is the agentic supply chain in 2026: vertical brilliance, lateral muteness. We've built a tower of Babel and called it autonomy.

The standardization war nobody is winning yet

The reason your agents don't talk to each other is that the industry hasn't decided how they should. Right now, three plays are happening in parallel.

The protocol play. Anthropic's MCP (Model Context Protocol) shipped in late 2024 as the open spec for connecting agents to tools and data. Google's A2A (Agent-to-Agent) followed as the equivalent for agent-to-agent handoffs. Both are open, both are gaining adoption, both are still missing major SC platforms.

The platform-hub play. SAP announced its AI Agent Hub at Sapphire 2026 — generally available Q3, included in the Business AI Platform at no extra charge — explicitly positioning it as "a single command center to discover, manage, and govern all AI agents, SAP and non-SAP." Microsoft is making the same play with Agent 365. ServiceNow with its Autonomous Security & Risk platform. Salesforce with Agentforce. Each one is, politely, an attempt to be the hub everyone else's agents register with.

The walled-garden default. Most enterprises, faced with the choice, are picking nothing — which by default means each vendor's agents stay inside that vendor's stack and the cross-stack traffic stays human. Coupa's agents talk to Coupa. Kinaxis's agents talk to Kinaxis. o9's agents talk to o9. The connective tissue is still the planner with eight browser tabs open.

For SC leaders, the question isn't "which standard will win" — that won't resolve for 18 to 24 months. The question is: what do I do this quarter so I'm not stuck inside one vendor's hub when the answer arrives?

Why interoperability is harder for supply chain than anywhere else

Most agentic-AI commentary assumes one organization, one tech stack, one accountability chain. Supply chain is the opposite of that. A single SKU touches a supplier's ERP, a manufacturer's MES, a 3PL's WMS, a carrier's TMS, a customs broker's portal, and a retailer's planning system — often six different vendors, six different tenants, six different legal entities, before a unit hits a shelf.

When the agentic layer enters that chain, every handoff that used to be "humans-with-EDI" becomes "agents-asking-agents-they-don't-trust." And here's the catch the platform-hub vendors don't lead with: an SAP AI Agent Hub can govern your non-SAP agents only if you own them. It cannot govern your supplier's agents, your 3PL's agents, or your carrier's agents. Those are someone else's hub.

This is the part the "agent-to-agent" demos skip. Agent-to-agent inside one company is a software problem. Agent-to-agent across companies is a contract problem with a software interface.

The five dimensions get sharper at the boundary

In ARMS — the pre-deployment risk lens we publish for enterprise agent rollouts — we score five dimensions: Accuracy, Experience, Compliance, Security, Bias. The minute an agent starts talking to another organization's agent, every dimension changes shape:

  • Accuracy. Whose master data wins? Your DC capacity table or the 3PL's? Most cross-org failures look like agent failures and are actually data-reconciliation failures the agents inherited.
  • Experience. What happens to the human when two agents disagree? Today the answer is usually "an email lands in someone's inbox at 2am" — which is to say, there is no agreed UX for cross-org agent disputes.
  • Compliance. Whose policy regime is the agent acting under? Your DPA, your supplier's, the destination country's? When a planning agent triggers an automatic reroute through a sanctioned port, the legal question — who authorized this? — has to have a single answer.
  • Security. Federated identity for agents is largely vapor. Most cross-org "integrations" today still rely on a shared service account with permissions that should make a CISO grimace. When an agent acts on behalf of another agent, the permission chain is exactly as good as the weakest link.
  • Bias. Two agents trained on different distributions, optimizing different metrics, negotiating with each other, will reliably produce outcomes that neither side intended. The cross-org version of "agent bias" looks like a price drift nobody can explain three quarters later.

These aren't reasons to wait. They are the design checklist for what cross-org agent interoperability actually requires before it ships.

A practical three-question gate

Before you let your agents shake hands with anyone else's, three questions decide whether you're building infrastructure or technical debt.

1. Which protocol are you publishing to? Pick one this quarter — MCP for tool access, A2A for agent-to-agent handoffs, or your platform vendor's native bus. The wrong answer is "we have a REST API." A REST API is a way for humans to integrate; it is not an agentic protocol. If your platform vendor cannot tell you which of MCP, A2A, or an equivalent open spec they expose, you are about to be locked in.

2. What is the trust contract at the boundary? Borrowing the trust ladder from earlier in this series — for every cross-org agent interaction, name the rung. Is the foreign agent allowed to observe (read-only telemetry)? Recommend (propose actions you approve)? Act-with-revert (move a PO inside a value cap, reversible within 24 hours)? Act-with-audit (move freely inside a policy boundary, audit catches drift)? If the rung is unnamed, the de facto answer is "act-with-no-recourse." That's not a contract. That's a lawsuit.

3. Where does the joint audit ledger live? When something goes wrong — and at cross-org agent scale, something will — both sides need to read the same record. Today most cross-org agent interactions log into the buyer's system, the supplier's system, and nowhere shared. The third question is who owns the shared trace, where it lives, and how long it persists. If you can't answer it, you are building a postmortem you won't be able to run.

These three questions don't require a vendor decision. They require an architectural one — and they're answerable today, against any of the protocols actually being deployed.

The point

Every agent your team is shipping right now is being shipped as a hermit. Brilliant in isolation, mute at the boundary. That is fine for a pilot. It is fatal for an operating model.

The leaders who win this cycle will be the ones who treat agent-to-agent interoperability as a procurement requirement — written into the next vendor evaluation, the next 3PL RFP, the next supplier onboarding doc — before the standards war is over, not after. Pick the protocol. Pick the trust contract. Pick the audit surface. Then let your agents shake hands.

If you're wiring agents across an S/4 ↔ Manhattan ↔ Project44 stack (or your equivalent) and trying to decide how loud to be on this, I'm working through exactly this question with a handful of design partners right now — would love to compare notes. If you want a quick read on where each of the five dimensions lands in your specific stack, ARMS is the 20-minute lens we use to scope it.