I'm Randy, founder of Oscar Six Security. We build vulnerability scanning tools for small businesses and MSPs.
Today I'm sharing something I'm genuinely excited about: we shipped native support for Google's A2A (Agent-to-Agent) protocol in our Radar scanner. Here's what that actually means in practice:
An AI agent — anything built on Google ADK, LangChain, CrewAI, or any A2A-compatible framework — can now:
1. Discover Radar's capabilities via our agent card at /.well-known/agent.json 2. Initiate payment via Stripe SPT or saved payment method (no human credit card entry) 3. Submit a domain for scanning 4. Poll for results and receive a structured vulnerability report
The entire vulnerability scanning lifecycle, with no human in the loop.
We handle domain verification before any scan runs — DNS challenge or web-based fallback — which an agent can resolve programmatically. Tier 1 pre-verified domains skip verification entirely.
Why build this now? We think security tooling is about to go agent-native fast. If your SOC automation or compliance pipeline runs on AI agents, having to context-switch to a browser portal to run a scan is a UX cliff. We're removing that cliff.
Scans are $99. The A2A endpoint is live today.
Technical details: JSON-RPC 2.0, agent card at /.well-known/agent.json, tiered domain verification (pre-verified / DNS challenge / web fallback).
Blog post with full technical walkthrough: https://blog.oscarsixsecurityllc.com/blog/oscar-six-radar-a2a-agent-to-agent-vulnerability-scanning?utm_source=hackernews&utm_medium=social&utm_campaign=a2a_announcement
Platform: https://radar.oscarsixsecurityllc.com/?utm_source=hackernews&utm_medium=social&utm_campaign=a2a_announcement
Happy to go deep on the implementation, the A2A spec, or the domain verification design. Ask anything.