Introducing AP3
The Privacy Layer for
the Agentic Economy
AP3 is an open protocol for privacy-preserving multi-agent collaboration. Agents across organizations, jurisdictions, and vendors compute jointly.
The next bottleneck is not capability.
It is trust.
Individual agents are powerful. The problem starts when they need to work together across organizational boundaries. Today, cross-boundary agent collaboration means one of three things: share your data and lose confidentiality, withhold your data and lose the insight, or trust a third party and hope they do not get breached.
None of these are acceptable for financial services, healthcare, legal, or any domain where data has regulatory weight, or wherever there is confidential data that entities do not want to expose to one another, but still come to some decision
AP3 provides joint computation.
Zero exposure.
AP3 adds a cryptographic privacy layer to the inter-agent communication stack. Agents reason and compute together over sensitive inputs: context, memory, credentials, risk data, without any party seeing the other's information or the function logic itself.
This supports the agentic commerce flow by providing a a payment-protocol-agnostic binding layer for agentic commerce standards including AP2, x402, and the MPP family, enabling privacy-preserving commerce negotiation, followed by payment, workflows that compose AP3 confidentiality with existing mandate semantics.
The only thing returned is what the workflow requires:
Compliance attestation
Risk score within a bounded range
Sanctions screening result
Verified credential match
Negotiated price
AP3 uses privacy preserving tech.
Secure Multi-Party Computation (SMPC): Agents jointly evaluate functions over private inputs. The inputs never leave the originating agent. The computation happens collaboratively, with no intermediary holding the data.
Trusted Execution Environment (TEE) attestation: Hardware-rooted proof that the computation ran correctly and was not tampered with. Verifiable without trusting any single party.
AP3 is delivered as an extension to the Agent2Agent (A2A) protocol, with integration for major providers.
AP3 enables usecases across industries
Financial Risk Profiling
Securely assess risk across institutions without exposing underlying portfolios.
Cross-Border Compliance Screening
Verify compliance globally without sharing sensitive customer data.
Supply Chain Reconciliation
Coordinate and validate records across competing organizations with full privacy.
Private Commerce Negotiation
Enable confidential agent-to-agent negotiation with automated payment settlement.