When AI starts spending money on its own: who will cover the losses for agency trading?

Original Title: Payments in the Agentic Economy

Original authors: Saurabh Deshpande, Oliver Jaros

Source of the original text:

Reprint: Mars Finance

In the article “Internet Pricing,” we discussed that when measuring payments is frictionless, machines will automatically make payments. Humans have not fully embraced micropayments because focusing on the measurement process requires effort and mental capacity. But machines are different; they see only 1s and 0s. Mental capacity or task switching does not affect their execution ability. If segmenting down to sub-cent levels makes the process more efficient, they will do so, which is different from humans.

In the previous article, we ended with a question: What should we do when an agent messes things up? Whether the agent's intention is correct is not important. The key point is that we cannot supervise the agent every step of the way.

This puts us in a dilemma: the new technology has failed to inherit a major advantage of the old infrastructure, such as the ability to reverse payments in case of errors. This article will explore this issue. We will discuss what is needed for agents to achieve autonomy, who is building the infrastructure for this, and why new startups are emerging at the intersection of blockchain payment channels and autonomous agents.

Emerging standards

Any commercial activity involves three parties: the buyer, the seller, and the intermediary that facilitates the transaction. The intermediary can be a platform or marketplace like Amazon, or a card organization network like Visa that processes payments.

Buyer

Consumer applications are typically responsible for handling funds or transactions and take a cut from them. But what happens when the consumer is an AI acting on our behalf? Currently, several emerging standards are seeking answers.

ChatGPT has 700 million active users, all trying to obtain information or services through AI. Although we have not yet directly bought and sold goods through the agent interface, it has been widely used to “discover” products. Whether it's buying running shoes or finding hotels in El Calafate, I am using AI to compare prices. If we could purchase directly on the same interface, it would undoubtedly be much more convenient. This is exactly the purpose of OpenAI's collaboration with Stripe to launch the Autonomous Agent Commercial Protocol (ACP).

This is currently the most direct way for agents to handle funds: users have full control throughout the process. After placing an order, ChatGPT sends the necessary information to the merchant's backend via ACP. The merchant then decides whether to accept or reject the order, processes the payment through the original payment service provider, and handles shipping and customer service as usual.

You can think of ACP business as: you authorize an intern to spend a fixed budget, and you ultimately decide which product/service to purchase and from which merchant to complete the payment.

OpenAI and Stripe have ACP, while Google has launched the Agent Payment Protocol (AP2). Before diving into AP2, let's take a step back. What Google aims to solve is the “interoperability” issue. Currently, AI agents are operating in silos: Gemini doesn't communicate with Claude, and ChatGPT isn't aware of what's happening in Perplexity.

Ideally, when tasks become complex and require collaboration, we hope that these agents can communicate in a common language. To this end, Google has developed A2A (Agent-to-Agent protocol) to enable different agents to communicate and coordinate.

But just being able to converse is not enough. The agent also needs to be able to use tools, access APIs and services. The Model Context Protocol (MCP) allows the agent to use tools like Google Calendar, Notion, Figma, etc.

MCP defines a universal language. As long as everyone “speaks” MCP, agents can use any tools without the need for additional custom code. The protocol was created by Anthropic, but the specification is open and is being rapidly adopted by various companies. The MCP server essentially acts as a translation layer, positioned in front of the company's existing APIs, exposing services in a standardized format to any MCP-compatible agent.

Returning to AP2, it can be simply understood this way: MCP gives agents the ability to access data, files, and tools; A2A gives them a voice to communicate with each other; and AP2 provides them with a wallet, allowing them to spend money safely.

All these protocols place the user at the control center, and the agents have only limited consumption permissions. This addresses distribution and process issues, but it still hasn’t solved: what to do when the agent makes a mistake?

Seller

The story is not only happening on the buyer's side. Sellers are also emerging with new standards, focusing on how machines pay for access to APIs, data, and content.

The most discussed topic at the moment is the x402 standard, an open protocol developed by Coinbase. It has revived the HTTP status code 402—“Payment Required”—which was defined back in 1997 but never used. The x402 standard combines this with stablecoin payments, enabling microtransactions to be settled economically and efficiently, thus giving this status code a new life.

x402 turns HTTP requests into paid requests. Whenever payment is required, the server will make a request. Since the proxy has a preset budget, it will pay the server and retrieve data in the same process. This makes “pay-per-request” or “pay-per-call” feasible in machine-to-machine transactions.

With x402, agents can make precise payments for what they need at the moment. For example, pay 2 cents to read a paid article or pay a fraction of a cent for an API call. Transactions can be settled on-chain within seconds, without the need to establish a long-term relationship.

Cloudflare drew on this concept to build a more specific “pay-per-crawl” system. Its underlying technology also uses HTTP 402, but the key lies in Cloudflare's market dominance, as 20% of global internet traffic passes through its network, which gives it enormous influence.

“Pay-per-crawl” utilizes Cloudflare's edge network to require payment before providing content to AI crawlers. This transforms access to content into a mandatory metering system. Publishers are facing a drastic drop in traffic as people no longer visit websites through search engines but instead read AI-generated summaries directly. With this system, publishers can charge AI labs each time a crawler accesses their content.

Card organizations are also attempting to expand existing payment channels to handle agent transactions. Visa has launched the MCP server and merchant agent toolkit. Mastercard has a project called “Agent Payments.” Both are in the early pilot stage, but their importance lies in the fact that Visa and Mastercard already have global distribution networks, card issuer relationships, and extensive merchant acceptance networks. The basic idea is to register agents, set up spending controls, and allow agents to initiate transactions on the existing human credit card payment network.

Urgently need to fill the trust gap

All the above standards assume that payments will proceed smoothly and that the results will meet expectations. ACP and AP2 involve human participation in the checkout process, providing a certain level of security. The x402 variant deals with machine-to-machine data access, which typically poses lower risks. Issuing organizations extend their familiar protection mechanisms, but at the cost of slower settlements and higher fees.

Achieving large-scale micropayments, speed is the primary goal. Card payment network settlements take several days, and merchants have to pay a percentage of the transaction amount as fees. Cryptocurrency channel settlements only take a few seconds, with costs of less than one cent. However, this efficiency comes with irreversibility; once a cryptocurrency payment is completed, it cannot be undone.

Traditional commerce has built an entire infrastructure around “potential errors.” When issues arise with credit card shopping, you have a process to follow: contact the bank, initiate a dispute, the card organization investigates and temporarily holds the funds, and ultimately decides on a refund or supports the merchant. In 2025, a total of 261 million transactions were disputed, with a total value of 34 billion dollars.

However, the agents operating on the stablecoin channel have no such protections.

When multiple agents start to collaborate, the issues become more complex. When hundreds or thousands of multi-agent workflows are intertwined, clarifying responsibilities can become a nightmare.

Card organizations will not bear this risk, at least not under the current profit model. Visa and Mastercard's agency programs still charge standard interchange fees, and settlements still take several days. They can switch to instant stablecoin settlements, but that would mean abandoning the dispute resolution system that serves as the basis for their fees.

The dispute resolution mechanism of traditional finance is not innate. The first credit card (Diners Club Card) was introduced around 1950, but consumers had to wait 24 years to gain transaction dispute rights. The modern infrastructure we take for granted today was gradually established as issues arose.

Self-service agency business doesn't have so much time to waste. API requests have accounted for 60% of the dynamic HTTP traffic processed by Cloudflare. Bot and automated traffic has accounted for nearly half of the network traffic. ChatGPT's 700 million users can now check out directly on Etsy via ACP, and Shopify integration is also coming soon. Trading volume already exists, and users have a potential need for proxies to handle tasks; the use of proxies for business activities is not far off.

Therefore, we face a choice: should we allow traditional financial infrastructure to continue its slow settlement, or consciously build trust infrastructure to match the rapid settlements of blockchain? The former will limit the potential for agency, while the latter presents opportunities and is an inevitable extension of autonomous agency business development.

So, what exactly should be done?

As expected, this involves two parts: before and after the transaction.

Before trading: Is agent trading allowed?

It depends on three points: identifying counterparties, fraud detection, and using credit scoring to determine pricing and access permissions.

In the United States, Plaid connects nearly half of all bank accounts, processing millions of account verifications daily. When you verify your identity on Venmo, it is done using Plaid.

Currently, any agents that interact with the API, scrape web pages, or initiate payments lack mutual authentication. The server only sees a vague ID (such as a wallet address or API key) and does not know who the caller is. Without a universal identity across services, it is impossible to build a reputation, and each interaction starts from “zero trust.”

In 2024, American adults are expected to lose approximately $47 billion due to identity fraud.

We need a Know Your Agent (KYA) layer, similar to how Plaid provides identity infrastructure for fintech. It should issue durable and revocable credentials that bind the agent to the human or organization behind it.

Card organizations have spent decades building systems capable of identifying suspicious patterns from millions of transactions. They understand normal human consumption behavior and can flag anomalies in real-time. If an agent is compromised and unauthorized spending occurs across multiple merchants, there is currently no shared fraud map that can detect it.

Visa stated that after investing $11 billion to enhance security from 2019 to 2024, its systems prevented $40 billion in fraud attempts. Stripe processes over $1.4 trillion in payments annually and trains its Radar anti-fraud system accordingly. During Black Friday and Cyber Monday in 2024, Radar blocked $917 million worth of 20.9 million fraudulent transactions.

Currently, there is a lack of such fraud detection layers in agent trading. When an agent makes an x402 payment, there is no shared system to flag abnormal behavior, such as a surge in spending or unusual frequency.

Without a persistent identity and reputation, each agent interaction starts from scratch. Reputation is deeply embedded in human commerce: the ads you see are based on browsing history, Uber ratings affect driver acceptance of rides, and credit scores follow you to every financial institution. The same should apply to agents.

What to do if there is a problem after the transaction?

Chargebacks are a way for card networks to handle disputes: when a customer disputes a transaction through their bank, funds are withdrawn from the merchant. However, this is often abused. In 2023, chargebacks cost merchants approximately $117.47 billion. For every $1 lost in chargebacks, merchants typically incur an additional cost of $3.75 to $4.61 (including fees, product losses, and administrative expenses).

Merchants only win 8.1% of disputes when actively defending. 84% of customers believe that initiating a chargeback directly with the bank is easier than seeking a refund from the merchant.

The stablecoin transactions initiated by the agent are settled in seconds and cannot be revoked at present. Cloudflare has proposed a delayed settlement extension for x402, allowing a “waiting period” to be set before the funds are finally transferred.

Developers are building prototypes of this infrastructure. At the ETHGlobal Buenos Aires hackathon, a team created Private-Escrow x402. Their escrow solution is: the buyer prepays funds to a smart contract and signs a “payment intent” off-chain at the time of payment. A coordinator batches hundreds of such signatures into a single settlement transaction, reducing the Gas fee by 28 times.

But this is just the basic component, and it still needs to be productized.

Who will build all of this?

This reminds me of the era when telecom operators dominated the industry. They had billing relationships with every mobile user but missed out on the value generated by smartphones. App distribution and mobile advertising created hundreds of billions of dollars in revenue that could have been captured by the operators.

Card organizations are now facing a similar situation. The trust infrastructure built by Visa and MasterCard over decades is precisely what the autonomous agent economy lacks. However, their business model entirely relies on interchange fees, which exist on the premise that they control the payment channels. They invest heavily to maintain this infrastructure, with funding coming from a few percentage points of transaction volumes. Providing consumer protection for stablecoin transactions would effectively mean subsidizing competitors' payment channels with their own revenue.

If the card-issuing organization does not take action, the next candidates are AI labs like OpenAI, Google, and Anthropic. They all want their agents to be widely used. However, operating a centralized identity registration agency means that when agent behavior is inappropriate, they must bear the responsibility. They do not want to become the court of arbitration for your “wrong hotel booking.”

They prefer to have a third party build the identity and tracing infrastructure for them to connect directly, just like how they connect to payment systems or search engines today.

Cloudflare is in a unique position. They have handled massive amounts of web traffic and have implemented crawler detection, with their “AI auditing” tool allowing publishers to track crawler access. The technical leap from “bot identification” to “validating agent identity and reputation” is not significant.

But Cloudflare has always prided itself on being a neutral infrastructure. Once it begins issuing trust scores or arbitrating disputes, it becomes more like a regulatory body—this is a different business, which also implies different responsibilities.

Three Entry Points for Startups

You cannot surpass OpenAI in terms of model quality, nor can you outdo Cloudflare in traffic. You need to find parts of the tech stack that their business models (at least for now) do not allow you to touch, yet still hold value. I believe there are three entry points: identity, recourse, and attribution.

Agent identity is the most direct. The registration model has been validated. Although Plaid is a classic case, it is quite relevant: they perform identity verification for bank accounts. Startups can do the same for agents: issuing credentials, building reputation, and allowing merchants to verify their credit score before collection. Its moat comes from network effects: once enough merchants verify through your registration form, agents have to maintain a good reputation record.

The recourse mechanism is more difficult because it requires risk-taking. It can be seen as insurance: a small fee is charged for each transaction, bearing the loss when issues arise. Scale is key. Card interchange fees are 1.5%-3%, which include the costs of dispute handling. The cost of stablecoin channels is far lower, so a recourse layer can easily provide comparable protection at a rate of 0.5% and still have a profit margin.

Attribution mechanisms are the most forward-looking, but they are bound to emerge eventually. When agents begin to influence purchasing decisions, brands will pay to affect recommended content. Auction mechanisms can be designed. However, it has a “cold start” problem, requiring brands, agents, and merchants to participate in the market for it to operate, while the first two entry points do not have this issue.

The importance of these three entry points varies with the stage of development of the agency economy:

Identity becomes crucial when agent approval is not required for each transaction.

· Recovery is crucial when the agent begins to handle real funds.

Attribution will only start when the trading volume between agents is sufficient to support the advertising market.

This leads to the actual development trajectory:

Startups will build part of the proxy economic infrastructure.

The development of the agency can be divided into three stages:

· As an interactive interface

· Execute under human supervision

· Autonomous trading with each other

We are currently in the first phase. ChatGPT's Etsy checkout integration is a good example: we browse products in the chat interface (though not entirely like this), agents recommend options, but the final decision is made by humans. Trust is entirely borrowed from existing facilities.

This stage belongs to the existing giants, as it is a distribution game for competing for user entry points. Value accumulation is in the hands of players who have the purchasing decision interface.

The hallmark of the second stage is that agents gain more autonomy. Agents no longer just suggest itineraries; they directly book flights, rent cars, and reserve hotels. We provide the goals or constraints, the agents execute, and we accept the results.

At this point, the trust layer becomes indispensable. Without a recourse mechanism, users will not authorize agents; without authentication, merchants will not accept agent payments.

This is precisely the opportunity for startups. Existing giants may lack sufficient motivation to build trust facilities for stablecoin channels, as they already have significant growth potential at this stage (still dominated by themselves). OpenAI's revenue reached $13 billion this year. In contrast, Tether's profit for just the first ten months of 2025 has already reached $10 billion, with an even higher annual profit expected.

The identity, tracing, and attribution layers will be constructed by the new company, which is dedicated to addressing the specific issues of agency capabilities and user authorization boundaries.

The third stage is autonomous agency commerce. Your agent does not need to seek approval for daily decisions; it can negotiate with other agents, bid for computing resources, participate in advertising auctions, and continuously settle thousands of small transactions. Stablecoins will become the default settlement layer due to their ability to handle the volume, speed, and granularity required for machine-to-machine transactions.

The focus of competition at this stage is no longer on the best models or the fastest public chains, but on who has built the most trusted infrastructure: the “passport” for agents, the “court” for adjudicating disputes, and the “credit system” that allows for over-limit transactions. These organizations providing software services will determine which agents can participate in the economy under what conditions.

Conclusion

We have laid the pipeline for agents to “spend money”, but we have not yet built the mechanism to verify “whether it should be spent”. HTTP 402 has been dormant for thirty years, but it has awakened now that micropayments have become viable. The technical issues have been resolved. However, the trust infrastructure that supports human commerce, such as identity verification, fraud detection, and dispute resolution, still lacks corresponding agent versions. We have solved the easy part. It will take time to allow agents to do business with confidence.