TL;DR: AI assistants can now buy and run security scans on their own through Oscar Six Radar. If you use AI tools to manage IT, they can talk directly to our scanner — no human in the loop required. Discover, pay, scan, and get results, all through a standard protocol.
We Just Did Something Nobody Else in Cybersecurity Has Done
Oscar Six Radar is one of the first cybersecurity platforms in the world to support Google's Agent-to-Agent (A2A) protocol. That means AI agents — the ones managing your IT infrastructure, running your helpdesk, monitoring your systems — can now discover our vulnerability scanner, purchase a scan, and receive results without a human ever touching a keyboard.
This isn't a proof of concept. It's live. Right now.
The same team that brought you enterprise-grade vulnerability scanning at $99 a pop is now pioneering agent-native security services. We didn't wait for the industry to figure this out. We built it.
Think about what that means: the paradigm has shifted. AI agents don't just assist anymore — they autonomously transact. They find services, negotiate terms, make payments, and consume results. And now, security scanning is one of those services.
What Is A2A?
A2A stands for Agent-to-Agent. It's a protocol designed by Google that gives AI agents a standard way to discover and talk to other AI-powered services. Think of it like a phone book combined with a common language — agents can look up what services exist, understand what they do, and interact with them using a shared set of rules.
You can read the full spec at Google's A2A repository.
Why does this matter? Because AI agents are multiplying fast. They're managing cloud infrastructure, triaging support tickets, handling procurement, and running security operations. But until A2A, every integration was custom. Agent A couldn't talk to Service B without someone writing bespoke glue code. A2A changes that. It's the missing standard that lets the agent ecosystem actually work.
How Oscar Six Implemented It
We built A2A into Radar from the ground up. Here's how it works under the hood.
Agent Card: The Discovery Mechanism
Every A2A-compatible service publishes an agent card at a well-known URL. Ours lives at:
https://radar.oscarsixsecurityllc.com/.well-known/agent.json
This JSON document tells any AI agent everything it needs to know: what we do, what inputs we need, what outputs we return, and how much it costs. It's the equivalent of a storefront window — agents browse it to decide whether to engage.
JSON-RPC 2.0 Endpoint
The actual work happens over JSON-RPC 2.0 at:
POST https://radar.oscarsixsecurityllc.com/a2a
We support three methods:
tasks/send— Submit a new vulnerability scantasks/get— Check the status of a running scantasks/cancel— Cancel a scan in progress
Tiered Domain Verification
Security is non-negotiable. Before we scan any domain, we verify ownership through a tiered system:
- Pre-verified (Tier 1): If the domain has already been verified by the same customer email, we skip verification entirely.
- Agent-initiated DNS (Tier 2): The agent receives DNS TXT record instructions and can add the record programmatically.
- Human fallback (Tier 3): If the agent can't handle DNS, we provide instructions for a human to complete verification.
This ensures no one — human or AI — can weaponize our scanner against domains they don't own.
Example Workflow: From Discovery to Report
Here's what a real A2A interaction looks like, step by step.
1. Discover. The AI agent fetches our agent card at /.well-known/agent.json. It learns we offer a vulnerability-scan skill at $99 per scan.
2. Send task. The agent sends a JSON-RPC request to /a2a with the target domain, customer email, and a Stripe payment token.
3. Domain verification. If the domain isn't already verified, we respond with DNS TXT instructions. The agent adds the record and re-sends.
4. Payment processing. We charge $99 via Stripe using the provided payment token. If payment fails, the task fails fast — no wasted compute.
5. Scan execution. Our engine kicks off the full assessment: reconnaissance, port scanning, OWASP Top 10 testing, SSL/TLS analysis, and AI-powered finding validation.
6. Poll for results. The agent calls tasks/get with its task access token to check progress. When the scan completes, the response includes the report URL.
7. Report delivery. The agent retrieves the PDF report — the same comprehensive document human customers receive — and can parse, summarize, or act on the findings.
The entire flow can happen without a single human interaction. An IT management agent could run weekly scans, flag critical findings, and create remediation tickets, all autonomously.
Why This Matters for Security
We've always been about making enterprise security accessible at retail prices. A2A doesn't change that mission — it extends it to a new kind of customer: the AI agent.
Security scanning is becoming a composable service. Just like you can call an API to send an email or process a payment, AI agents can now call an API to run a vulnerability scan. That's a fundamental shift in how security services are delivered.
And this is where Oscar Six stays on the bleeding edge. The same innovation we bring to scanning your infrastructure — 5,000+ attack simulations, AI-powered validation, actionable reports — we now bring to the delivery model itself. We're not just scanning differently. We're selling differently.
What's Next
A2A on Radar is just the beginning. We're building toward A2A as a platform-wide capability. Patrol, our upcoming email security gateway, and future Oscar Six solutions will all speak A2A.
We're building for the agent-native future — where AI agents are first-class customers, not afterthoughts. The infrastructure is in place, the protocol is live, and we're ready for what comes next.
Oscar Six Radar finds the vulnerabilities before the bad guys do. 5,000+ attack simulations. AI-powered analysis. One report that tells you exactly what to fix, in plain English.
$99 per scan. No contracts. No "call for pricing."
Focus Forward. We've Got Your Six.