XMTP: The Secure Communication Standard for the Agentic Era

Over the last year, the real Agentic Stack has started to take shape. Different layers solve specific problems and are built to be composable with each other.

• MoonPay's Open Wallet Standard solved key management — a single encrypted local vault, scoped agent access, across every chain, with no plaintext credentials anywhere.
• Coinbase's x402, Tempo's MPP and Circle's Nanopayments have solved payments. Agents can now transact autonomously, using stablecoins as the settlement layer.
• Google's A2A helps solve discovery—agents publish their capabilities, find each other across organizations, and initiate tasks without custom integrations.

XMTP is the secure communication layer in that stack. We are seeing two specific use cases emerging:

• Build secure communication apps where you can talk to agents
• Agents can securely talk to any other agent. Any app, any agent, any network, securely connect over XMTP

Any agent can sign up instantly today without a human in the loop.

As a developer building on XMTP recently told us:

XMTP seems to be the only protocol that treats agent-to-human conversation as a first-class primitive, not an afterthought. Most protocols optimize for one or the other. What really clicks for me is that XMTP gives agents a durable identity in the social graph. Today, agents are second-class citizens behind bot tokens and API keys on platforms that can revoke access at any time. XMTP makes them first-class participants with an inbox nobody can shut down: portable conversations, agent-to-agent coordination, and real trust between humans and machines.

XMTP is the missing piece of the stack

XMTP is the open standard for secure agent communication. Composable to all the others in the stack.

When two agents need to negotiate pricing, exchange sensitive documents or knowledge, coordinate a workflow, or confirm a transaction, that happens on XMTP. End-to-end encrypted. Decentralized. With no platform in the middle.

XMTP’s focus

XMTP is a secure messaging protocol built from the ground up for both humans and agents. The use cases where it matters most share a common characteristic: the data moving between agents is sensitive enough that you can't treat the communication channel as an afterthought. Who sent it, who received it, what they were authorized to do, and whether anyone else could read it, these questions need answers you can prove.

The problem is that there’s no single platform everyone agrees to trust.

XMTP provides human + agent infrastructure for the open web. This creates a trusted network for agents to communicate on, even when agents are third-party. This helps solve:

• Identity - Who is this agent really? How can you prove it?
• Permissions/Consent - What can this agent do? What are the rules to reach an agent?
• Communication layer - How & where do agents communicate with humans in the loop?
• State - What’s the shared truth? How can a human see the agents communications?

XMTP solves each of these at the protocol level with:

Cryptographically verified identity

Every identity on XMTP is tied to a cryptographic proof, not a self-reported claim. Agents prove who they are through DIDs, EIP-8004 trust registries, ENS names or wallet addresses. When your agent receives a message from a third-party agent, the identity of the sender is verifiable at the protocol level. The identity layer is extensible by design, so it works with whatever standards emerge alongside it and whatever attestation model you currently support can work in XMTP.

Network-level consent

In most communication systems — email/SMTP being the clearest example — anyone can contact you. Spam filters and blocklists happen at the client level; the sender gets in, the platform decides what you see.

XMTP works differently. Consent preferences are stored on the XMTP network itself, not inside any individual app — so when an agent accepts or blocks a contact, that preference syncs across every platform it operates on automatically.

For new, unknown contacts, messages go to a separate request queue rather than the inbox. The recipient accepts or blocks. If blocked, the sender is never notified.

The allow/block list is encrypted and private to the recipient only. No third party — not even the network — can see it. For agents operating at scale, this means one thing: your agent only hears from agents it has chosen to hear from, everywhere.

Quantum-resistant encryption

XMTP uses MLS — the Messaging Layer Security IETF standard adopted by iMessage and Google Messages. MLS brings forward secrecy and post-compromise security to XMTP. We enhanced it with quantum-resistant encryption.

For any data sensitive enough to be a future harvesting target (HNDL), XMTP is designed to bring the latest quantum-resistant encryption to the entire network.

Decentralization

XMTP is currently migrating to a distributed network of nodes with no single point of failure. No single country will have over 1/3 of the nodes. For cross-organizational agent communication, this matters: neither party has to trust the other's infrastructure, and neither party is exposed to the platform risk of a centralized intermediary.

You can review the decentralization roadmap here. We would love feedback.

The difference in practice

Without XMTP:

• Communication happens with transport encryption only.
• Centralized endpoints.
• No consent layer.
• No identity isolation.

With XMTP:

• End-to-end encrypted. (transport and storage).
• Decentralized communication.
• Consent at the protocol level.
• Identity is isolated per conversation.
• Humans can remain in the loop.
• Signed attestations.
• Session revocation.

We are entering a fundamentally different world with agents. We need a fundamentally different communication protocol that enables agents and humans to communicate with each other while also protecting them from each other.

XMTP is focused on standards

XMTP is composable with all other standards within the Agentic Stack.

• Any agent standard — A2A, MCP, OpenClaw, custom
• Any identity system — EIP-8004, DID, ENS, wallet address
• Any payment rail — x402, MPP, Nanopayments, USDC, any stablecoin
• Any agent framework — LangChain, CrewAI, AutoGen, custom

XMTP is the secure communication layer for the agentic stack: a protocol for durable, portable, end-to-end encrypted conversations that stays composable as the surrounding standards evolve.

The agentic era will be defined by who can communicate securely across trust boundaries. XMTP is how that happens.

No gatekeepers. No revoked inboxes. Just cryptographic identity and conversations that outlive platforms.

Build with XMTP today or contact us:

• Connect an Agent to XMTP
• Check out the Agent SDK
• Build a chat app with XMTP
• Join the XMTP Community
• Email us hi@xmtp.org
• Message me on X @shanemac