Why A2UI Uses JSON (And Not HTML): The Security & Native Argument
A deep dive into the architectural decision behind A2UI. Why sending JSON data is superior to generating HTML for AI agents.
One of the most common questions we see since the A2UI launch is: “Why invent a new schema? Why not just let the LLM generate HTML?”
It’s a fair question. LLMs are great at writing HTML. But when building enterprise-grade agents, “generation capability” is only half the battle. The other half is Safety and User Experience.
The Security Nightmare of HTML
Imagine an agent that can render raw HTML in your banking app.
- Scenario A: The agent hallucinates a
<script>tag that steals your session token. - Scenario B: The agent generates an
<iframe>loading a phishing site.
To prevent this, you need complex sanitizers (DOMPurify, etc.). But even then, you are playing a game of “whack-a-mole” with XSS vulnerabilities. This is exactly why we argue Static UI is dead—but safe dynamic UI requires a new approach.
A2UI solves this by design. The agent cannot execute code. It sends a passive JSON object:
{
"type": "button",
"label": "Confirm Payment",
"action": "submit_payment"
}The Host Application receives this and decides how to render it. If the host app doesn’t have a “button” component, nothing happens. The attack surface is strictly limited to the components you explicitly whitelist.
The “Native” Argument
Beyond security, there’s the issue of User Experience.
If an agent generates HTML, it generates web UI. But what if your user is on a native iOS app? Or a Flutter desktop app?
- HTML looks out of place (iframe feeling).
- It doesn’t respect the user’s Dark Mode settings automatically.
- It feels “alien” to the host application.
With A2UI, the agent describes the intent (“I need a date picker”), and the client renders its own native date picker.
- On Web: Renders a React Material UI DatePicker.
- On iOS: Renders a SwiftUI DatePicker.
- On Terminal: Renders a CLI prompt.
Comparison: A2UI vs. The Rest
(Related: See our detailed A2UI vs MCP analysis)
| Feature | A2UI | HTML Generation | Anthropic MCP |
|---|---|---|---|
| Format | JSON (Structured) | String (Code) | Various (Resource) |
| Security | High (No Eval) | Low (XSS Risk) | Medium |
| Styling | Host-Native | Inconsistent | Host-Dependent |
| Platform | Any (Web/Mobile) | Web Only | Any |
Conclusion
A2UI chooses JSON because it treats UI as Data, not Code. This decoupling allows agents to be safer, smarter, and truly everywhere.