On May 7, 2026, Telegram became the first billion-user messaging platform to enable native bot-to-bot communication. One bot can now send a private message directly to another bot by referencing its @username. No intermediary server. No custom routing layer.
For developers building multi-agent systems, this sounds like the answer. It isn't.
What Telegram Actually Shipped
The update is real and significant. Telegram's Bot API now supports direct agent-to-agent messaging with a mutual opt-in requirement. Both bots must explicitly enable the mode before they can exchange messages.
The use cases Telegram outlined are practical: a code-review bot delegating to a specialist bot, enterprise booking agents coordinating sub-tasks, multi-step AI workflows executing end-to-end without human relay.
With over 10 million bots already on the platform, those bots can now form networks. A research agent can offload data retrieval to a specialist bot and receive results back, all within Telegram's native infrastructure.
This is progress. But it comes with three structural limitations that matter for production multi-agent systems.
Limitation 1: Platform Lock-In
Telegram's bot-to-bot communication works inside Telegram. Your Claude-powered agent on Telegram can talk to your GPT-powered agent on Telegram. But what about the agent running on Slack? The one deployed on AWS Bedrock? The custom Python bot on your own infrastructure?
The moment your agent network spans more than one platform, Telegram's native communication becomes one channel among many, not the universal layer.
// With rosud-call: platform-independent agent messaging
import { RosudCall } from 'rosud-call';
const agent = new RosudCall({
agentId: 'procurement-bot-v3',
token: process.env.ROSUD_TOKEN
});
// This works regardless of where the other agent lives
// Telegram, Slack, AWS, your own server - same API
await agent.send('inventory-checker', {
type: 'stock-query',
sku: 'WIDGET-2000',
urgency: 'high'
});
// Subscribe to responses from any agent, any platform
agent.on('message', (msg) => {
if (msg.from === 'inventory-checker') {
console.log(`Stock level: ${msg.payload.quantity}`);
}
});
Limitation 2: Security Coverage Gap
The same week Telegram shipped bot-to-bot communication, a Georgia Tech study found that the best existing security framework for multi-agent systems covers only 65.3% of identified threat categories. Non-determinism and data leakage were the two most under-addressed risk domains.
A separate study from the Cooperative AI Foundation identified three structural failure modes specific to multi-agent architectures: miscoordination, conflict, and collusion. One compromised agent can cascade through trust relationships across an entire network.
Telegram's mutual opt-in is a start. But opt-in doesn't solve:
- Message integrity verification between agents
- Rate limiting per agent pair
- Payload schema validation
- Audit trails for compliance
- Credential scoping per conversation
// rosud-call: built-in security primitives
const secureChannel = new RosudCall({
agentId: 'finance-bot',
token: process.env.ROSUD_TOKEN,
security: {
verifyPeer: true, // Cryptographic identity check
maxMessagesPerMinute: 100, // Rate limiting per peer
schemaValidation: true, // Reject malformed payloads
auditLog: true // Every message logged
}
});
// Only accept messages from verified agents
secureChannel.on('message', (msg) => {
// msg.verified === true means cryptographic proof of sender
// msg.auditId links to immutable log entry
if (!msg.verified) return;
processPaymentRequest(msg.payload);
});
Limitation 3: No Observability by Default
Telegram mentions that users "who choose to watch can observe bot-to-bot conversations." That's consumer-grade visibility. Enterprise multi-agent systems need:
- Message latency metrics per agent pair
- Failure rate tracking with automatic retry
- Dead letter queues for undeliverable messages
- Circuit breakers when downstream agents are unhealthy
- Distributed tracing across multi-hop agent chains
These aren't nice-to-haves. When your procurement agent delegates to an inventory agent, which delegates to a supplier agent, and the chain fails silently at hop three, you need infrastructure-level observability to diagnose it.
// rosud-call: observability built into the SDK
const channel = new RosudCall({
agentId: 'orchestrator',
token: process.env.ROSUD_TOKEN,
observability: {
tracing: true, // Distributed trace IDs across hops
metrics: true, // Latency, throughput, error rates
deadLetterQueue: true // Capture failed deliveries
}
});
// Send with delivery guarantees
const result = await channel.send('supplier-agent', payload, {
timeout: 5000, // 5s deadline
retries: 3, // Automatic retry on failure
circuitBreaker: {
threshold: 5, // Open after 5 consecutive failures
resetAfter: 30000 // Try again after 30s
}
});
if (!result.delivered) {
// Message is in dead letter queue
// Alert, fallback, or escalate
await escalateToHuman(result.deadLetterId);
}
The Real Question
Telegram opening bot-to-bot communication validates the market. Over 10 million bots can now form networks on a billion-user platform. That's real.
But production multi-agent systems don't live inside a single messaging app. They span platforms, clouds, and custom infrastructure. They need security primitives that go beyond opt-in. They need observability that goes beyond "users can watch."
The protocol layer (A2A, MCP) tells agents how to discover each other. The platform layer (Telegram, Slack) gives them a place to exist. The SDK layer makes sure messages actually arrive, securely, with proof.
That's what rosud-call does. One npm install. Platform-independent. Security and observability built in. No lock-in to any single messaging platform.
npm install rosud-call
Telegram opened the door. Now build something that works everywhere the door leads.
Kavin Kim builds payment and communication infrastructure for AI agents at Rosud. Previously: 15 years designing global payment systems processing cross-border transactions across 172 countries.
Top comments (0)