AP3 - Operations

Operations in AP3 are designed to be extensible: the protocol supports common privacy-preserving primitives today and is architected to accept additional operations as the ecosystem matures.

Below diagram illustrates a privacy‑preserving agent‑to‑agent workflow between two companies. 

• On the left, Agent A (blue box) belongs to Company A and holds its own sensitive dataset 𝑑𝑎
• On the right, Agent B (green box) belongs to Company B and guards a different private dataset 𝑑𝑏
• Neither firm is willing—or legally allowed—to reveal its raw data outside its boundary.

Instead of sharing data between the agents, AP3 helps in invoking a secure computation \( f_{\text{secure}}(d_a, d_b) \) between them using A2A protocol as it provides a vendor‑neutral “messaging lane” so autonomous agents can exchange requests, intermediate states, and results while respecting each organization’s authentication and access controls. Each side only sees the final output relevant to its workflow; all intermediate data stay encrypted or secret‑shared.

Popular, \( f_{\text{secure}}(d_a, d_b) \), functions include:

Supported Operations

Private Set Intersection (PSI)

Allows two parties to compute the intersection of their private sets without revealing elements not in the intersection.

Use Cases:

• Customer overlap analysis between companies
• Fraudulent account detection across institutions
• Supply chain partner verification

Note

AP3 will support more operations in the future as needed and there are plans to open the protocol for defining custom functions.