AI agents are moving from assistants to actors: they can now negotiate, schedule and, crucially, purchase on behalf of humans and businesses. The recent burst of standards activity, led by Google's Agent Payments Protocol (AP2) announced on September 16, 2025, aims to give those agents a secure, auditable way to initiate and complete transactions. By extending existing Agent2Agent (A2A) and Model Context Protocol (MCP) work, AP2 promises an "intent → cart → payment" chain that makes agentic commerce auditable and actionable.
The rise of agentic commerce has attracted a coalition of payments, platform and crypto firms that want a predictable way to manage risk, liability and user experience. From Visa's Trusted Agent Protocol to Coinbase and Cloudflare's x402 initiative, the market is converging on patterns that answer three core questions: authorization, authenticity and accountability. This article explains why the agent payments protocol era matters, how AP2 works, who is building, and what merchants, issuers and developers should prepare for.
What AP2 is and why it matters
Google positioned the Agent Payments Protocol as an open, payment-agnostic standard that lets agents securely initiate and complete purchases. AP2 was announced on September 16, 2025 and extends Agent2Agent (A2A) and the Model Context Protocol (MCP) so agents can pass purchase intent into verifiable payment flows. Google calls AP2 a "common language for secure, compliant transactions between agents and merchants."
At its core AP2 uses cryptographically signed digital "Mandates", named Intent, Cart and Payment, carried as Verifiable Credentials. That creates an auditable chain proving authorization, authenticity and accountability for agent-initiated purchases. Proponents argue this non-repudiable trail is necessary if issuers and merchants are to accept transactions initiated by autonomous software with less friction.
Because AP2 is payment-agnostic it was designed to support cards, real-time bank transfers and crypto/stablecoin rails. The flexibility matters: different purchases and markets need different rails, and a single protocol that can carry context across those rails helps standardize risk decisions and liability assignment.
Mandates, verifiable credentials and non-repudiation
AP2's technical novelty is less about reinventing payments than about packaging intent, cart and authorization into cryptographically-signed artifacts. Google and partners use Verifiable Credentials so downstream systems, issuers, acquirers, merchants and auditors, can validate a chain of custody for each purchase. That chain answers who authorized the purchase, what was promised, and when payment was executed.
By design the Mandates are auditable: signatures and credential schemas create an immutable record that can be used for dispute resolution and fraud investigations. Google and other AP2 supporters emphasize that this auditable context will allow parties to assign liability more clearly and accept agent-initiated orders with less defensive friction.
Security and fraud prevention are baked into this model: certified agent signals, credential revocation lists, and contextual metadata give risk teams richer inputs than simple device or IP signals. Visa, Mastercard and multiple fraud-prevention firms participating in the AP2 coalition stress that stronger identity and richer context are primary mitigations against rogue bots and unauthorized charges.
Who’s building the standard ecosystem
AP2 was developed with a coalition of "more than 60 organizations" including Adyen, American Express, Coinbase, Etsy, Mastercard, PayPal, Revolut, Salesforce, ServiceNow and Worldpay. That breadth signals early commercial seriousness: payment networks, card issuers, fintechs and marketplaces are all participating in shaping agentic commerce rules.
Complementary efforts arrived quickly. Visa announced a "Trusted Agent Protocol" on October 14, 2025 to help merchants differentiate legitimate registered agents from malicious bots, noting a reported 4,700% year-over-year surge in AI-driven traffic to US retail sites. As Visa's Jack Forestell put it: "This isn't a bot. This is a registered and certified agent." The Visa work is explicitly designed to interoperate with AP2 and other industry efforts.
Meanwhile Coinbase and Cloudflare launched the x402 initiative and AgentKit to build an HTTP-based 402 payment-required pattern for agentic payments; Coinbase framed stablecoins as critical for agentic commerce: "A digital economy needs digital money, and stablecoins are the backbone," said Shan Aggarwal. Other startups and investor-backed projects, Circuit & Chisel's ATXP among them, are also vying to standardize agent-to-agent payments, showing the market is active but not yet consolidated.
Early pilots and commercial signals
Klarna announced support for Google's AP2 on October 13, 2025 and said AP2 plus Google Cloud pilots delivered early engagement gains. PYMNTS reported a 15% increase in app engagement and a 50% rise in orders during early pilots. Klarna's scale, processing nearly 3 million transactions per day across ~790,000 merchants, gave the pilots a credible testbed for AI-initiated flows.
Vendors and early partners claim standardized agent payments could unlock new channels: automated price-monitoring purchases, coordinated multi-vendor bookings, B2B procurement bots and time-sensitive personalized offers. The argument is that once merchants and issuers can trust agent signals and audit trails, conversion friction falls and novel commerce experiences become feasible.
Investors are also active: firms like Primary Venture Partners, ParaFi, Stripe, Coinbase Ventures, Solana Ventures, Samsung Next and Polygon Labs participated in a roughly $19M round for Circuit & Chisel to develop ATXP, another standard aiming to streamline agent-to-agent payments. The money and attention underscore that agentic commerce is seen as a real market opportunity.
Interoperability, rails and the role of crypto
Google published a public technical specification and reference implementations on GitHub for AP2 and described extensions, like A2A x402, to support crypto and stablecoin rails. The public spec approach invites community and standards- collaboration, which partners hope will accelerate adoption and reduce fragmentation.
Stablecoins are positioned as a natural fit for always-on, programmable money in agentic commerce. Coinbase and Cloudflare's x402 work and AgentKit explicitly target stablecoins and other programmable rails as a fast, automated settlement option. That doesn't mean cards will disappear, AP2 was built to carry context across cards, bank transfers and crypto alike.
Interoperability remains a practical challenge: multiple specs (Google/AP2, Visa Trusted Agent Protocol, Coinbase x402, Circuit & Chisel ATXP, and Stripe/OpenAI collaborations) are being developed in parallel. The market is rapidly standardizing but not yet consolidated, making cross-protocol compatibility and clear migration paths critical for broad commercial adoption.
Risk, identity and liability in agentic commerce
Agentic commerce forces rethinking of traditional checkout and fraud models. Industry commentary highlights three core questions protocols must answer: who authorized the purchase (authorization), is the agent what it claims to be (authenticity), and who bears responsibility when things go wrong (accountability). AP2-style protocols embed answers in Mandates and verifiable credentials to help stakeholders make risk decisions.
Visa and others emphasize certified/registered-agent signals as a primary mitigator. The Trusted Agent Protocol aims to help merchants differentiate legitimate agents from malicious bots, while AP2's cryptographic artifacts provide the contextual evidence that issuers and acquirers need to accept or decline transactions with appropriate confidence.
Non-repudiable audit trails, cryptographic signatures plus Verifiable Credentials, are central to shifting liability models. If a merchant, issuer or agent can verify the intent→cart→payment chain, they can more fairly assign responsibility and reduce blanket declines or expensive manual review processes that would otherwise hamper agentic commerce.
Developer and merchant adoption: practical steps
For developers building agents, AP2 means designing agents that create, sign and present Mandates as part of normal transaction flows. That requires integration with identity systems, credential issuance, and the payment rails the business uses. Google published reference implementations on GitHub to shorten this learning curve and accelerate experimentation.
Merchants should plan to accept richer context at checkout: supporting Verifiable Credentials, validating Mandates, and mapping agent identities to existing risk and fraud systems. Early pilots like those with Klarna show performance gains are possible, but merchants must update backend workflows and dispute processes to fully realize benefits.
Issuers and acquirers should tune risk models to incorporate agent metadata and certified signals. Collaboration between issuers, networks and merchants will define acceptable proof levels for delegated shopping versus human-present approval, and standard dispute rules will reduce ambiguity for consumers and businesses alike.
As the industry pushes toward standards, the immediate months after AP2's September 16, 2025 announcement saw concentrated activity: Visa's mid‑October Trusted Agent Protocol, Klarna's October support, and parallel crypto and startup efforts. That intensity suggests 2026 will be a proving ground for operating models, fraud controls and commercial use cases.
Success will require interoperability, a willingness to update legacy risk frameworks, and continued public-spec development so smaller players can interoperate. If the ecosystem converges on a small set of compatible protocols, agent payments protocol standards could unlock a new era of automated commerce that is both convenient and auditable.
