Hello!

Before we begin, a big shout-out to Oliver Jaros from CMT Digital, who’s our guest author for this edition.

A few weeks ago, we wrote about how protocols like x402 are enabling machines to pay each other. Trust is a requirement for any payment network to scale. Visa allows refunds if fraud occurs. There is no “contact the manager” button on Metamask when a hack occurs on Ethereum. How do we build trust in a system dominated by agents paying one another? Between the previous piece and this one, there’s a common theme. We believe that stablecoin adoption will skyrocket in the agentic economy.

For this article, Oliver and I set out to explore challenges for stablecoin payments in the age of agents. We lay out a mental model for the wedges startups can use to crack scale in the agentic economy.

At DCo, we are seeing early consumer-oriented experiments in this theme. Drop us a DM on X - if you are building at the intersection of payments, crypto, and AI, and want to chat.

Let’s dive in!

In Pricing the Internet, we argued that machines will pay when metering is frictionless. Humans did not fully embrace micropayments due to the hassle and mental capacity required to pay attention to metering. But machines are different. All they see is 1s and 0s. Mental capacity or context switching doesn’t affect their ability to execute tasks. If going to sub-cent granularity makes their processes more efficient, they will do it, unlike humans.

We ended the previous article with a question: What happens when the agent screws up? It doesn’t matter whether the agent’s intention was right. At the end of the day, we are not supervising agents every step of the way.

We are left in a gap where new tech misses out on the good part of the old infrastructure: the ability to undo payments when things go wrong. This is what this article is about. We discuss what is needed for agents to be autonomous, who is building the infrastructure for it, and why new startups will emerge at the intersection of blockchain rails and autonomous agents.

Emerging Standards

Any form of commerce involves three parties – buyer, seller, and the middlemen who facilitate their interaction. Middlemen can be platforms or marketplaces like Amazon, or card networks like Visa that facilitate payments.

Buyer Side

Consumer applications tend to handle the money or transactions and get a cut in the process. But what happens when the consumer is AI acting on our behalf? There are a few emerging standards that are searching for the answer.

ChatGPT has 700 million active users trying to get something out of AI. While we don’t buy or sell things through an agent interface yet, but use it for discovery. Whether it’s buying running shoes or looking for hotels in El Calafate, I’ve been using AI to compare things. Having the option to buy things from the same interface makes it way more convenient. And that’s what OpenAI is doing with the Agentic Commerce Protocol (ACP) in partnership with Stripe.

This is the most straightforward way agents are handling money today. The user remains in control every step of the way. When someone places an order, ChatGPT sends the necessary details to the merchant’s backend using ACP. The merchant then accepts or declines the order, processes the payment via their existing provider, and handles fulfilment and customer support just as they do now.

Think of commerce through ACP as allowing your intern to spend fixed dollars, with you authorising product or service selection, the merchant, and the final payment.

While OpenAI and Stripe have ACP, Google offers Agents to Payments (AP2). Before we delve into that, let’s zoom out a bit. What Google wants to address is the interoperability problem. Currently, AI agents operate in silos. Gemini doesn’t talk to Claud. ChatGPT has no clue what’s going on in Perplexity. You get the point.

Ideally, we want these agents to communicate in a common language when tasks become complex, and we need them to work together. Google developed A2A (Agent2Agent), a protocol that allows different agents to communicate and coordinate.

But it’s not enough for agents to be able to talk to each other. They need to be able to use tools, access APIs, and services. Model Context Protocol (MCP) allows agents to use tools like Google Calendar, Notion, and Figma.

MCP defines a common language. Agents can use any tool without any custom code as long as they all speak MCP. Anthropic built it, but the specification is open, and companies are adopting it quickly. An MCP server is essentially a translation layer that sits in front of a company’s existing API. It exposes the company’s services in a standardised format that any MCP-compatible agent can understand.

Okay, let’s get back to AP2. A simpler way to think about what it enables is that MCP gave agents the means to access data, files, and tools. A2A gave them a voice. They could communicate with other agents. AP2 gives them a wallet. They can now spend money securely.

All these protocols keep the user in charge, with agents having limited spending power. This solves distribution and flow. But neither one has figured out what happens when the agent gets it wrong.

Seller side

Buyer’s side is only half the story. Different standards are emerging on the seller side. These focus on how machines pay for access to APIs, data, and content.

The most talked about right now is the x402 standard, an open protocol that Coinbase developed. It revives HTTP status code 402, which was defined way back in 1997 as “Payment Required”. But, it was never actually used. x402 brings it to life by pairing it with stablecoin payments that can actually settle micropayments economically.

x402 turns an HTTP request into a paid request. Whenever payment is required, the server asks for it. Since the agent has a pre-allocated budget, it pays the server in the same flow and receives the data. This makes pay-per-request or pay-per-call practical for machine commerce.

With x402, an agent can pay for exactly what it needs in that moment. For example, a single article behind a paywall for two cents. One API call for a fraction of a penny. The transaction settles in seconds on-chain with no ongoing relationship required.

Cloudflare took this concept and built something more specific with their Pay-per-Crawl system. It uses HTTP 402 under the hood, but it matters because of Cloudflare’s dominant position in the market. 20% of all web traffic goes through Cloudflare, which gives them enormous leverage.

Pay-per-Crawl uses Cloudflare’s edge to require payment from AI crawlers before serving the content. This turns access into enforced metering. Publishers have been watching their traffic crater as people stop clicking through from search engines and just read AI-generated summaries instead. With Pay-per-Crawl, they can charge the AI labs directly every time a crawler visits.

Card networks are also trying to extend their existing rails to handle agent transactions. Visa announced an MCP Server plus an Acceptance Agent Toolkit. Mastercard has a program called Agent Pay. Both are extremely early, still in pilot stages, but they matter because Visa and Mastercard already have global distribution, issuer relationships, and merchant acceptance everywhere. The basic idea is to register agents, add spending controls, and enable agent-initiated transactions on the same card rails that handle human purchases today.

Urgent Need to Fill the Trust Gap

All of these standards assume that the payment will go through smoothly and that the outcome will meet expectations. ACP and AP2 keep humans in the loop during checkout, providing some safety. x402 variants handle machine-to-machine data access, where the stakes are typically lower. Card networks extend their familiar protections, but they come with slower settlement times and higher fees.

Speed is the primary goal when enabling micropayments at scale. Card rails take days to settle and cost merchants a few percentage points per transaction. Crypto rails settle in seconds and cost fractions of a cent. But this efficiency comes with irreversibility. Once a crypto payment is completed, there’s no going back.

Commerce has an entire infrastructure built around the possibility of mistakes. When you buy something with a credit card and it goes wrong, there’s a process. You call your bank. The bank disputes the charge. The card network investigates, holds the funds in the meantime, and either refunds you or sides with the merchant. 261 million transactions were disputed with a total value of $34 billion in 2025.

Agents operating on stablecoin rails have none of this.

This becomes more complicated when agents start coordinating with other agents. When hundreds or thousands of multi-agent workflows are involved, untangling liability can become a nightmare.

Card networks won’t take on that risk, at least not at their current economics. Visa and Mastercard’s agent programs still carry the standard interchange fees and multi-day settlement times. They could pivot to instant stablecoin settlement, but doing so would mean giving up the dispute infrastructure that justifies their fees.

The traditional financial system didn’t come with built-in dispute resolution mechanisms. Diner’s Club, the first credit card, was issued circa 1950. But it took another 24 years before consumers could dispute transactions. The modern infrastructure we take for granted today emerged gradually as problems surfaced and institutions responded.

Agentic commerce doesn’t have that luxury of time. API requests already account for 60% of the dynamic HTTP traffic that Cloudflare processes. Bots and automation make up nearly half of all web traffic. ChatGPT’s 700 million users can now check out directly through ACP with Etsy, and Shopify integration is coming. The volume is already here. There is latent behaviour to use agents for tasks. It won’t be too long before agents are used for commerce.

So we can let the legacy financial infrastructure continue with longer settlement times or deliberately build trust infrastructure that complements quick blockchain settlements. The former will keep agents from realising their potential. The latter is an opportunity and a logical extension of how agentic commerce will progress.

So what does that actually look like?

Not surprisingly, there are two parts to this. Before and after the transaction.

Before the transaction

Whether an agent should even be allowed to transact depends on three factors: identifying the counterparty, employing fraud detection, and using reputation scores to make informed choices about pricing and access.

Plaid connects to one in two US bank accounts and processes a million account connections every day. When you want to prove to Venmo who you are, it uses Plaid to verify your identity.

Currently, any agent that interacts with an API or attempts to scrape the web or make a payment has no equivalent. All the server sees is some vague ID, like a wallet address or an API key. It has no idea who is making the call. There’s no consistent identity that could build up a good reputation across different services, so every new interaction starts from scratch with zero trust.

American adults have lost approximately $47 billion to identity fraud in 2024.

A Know Your Agent (KYA) layer would work similarly to how Plaid became identity infrastructure for fintech. It would issue persistent, revocable credentials that link an agent to a human or organisation.

Card networks have spent decades building systems that can spot suspicious patterns across millions of transactions. They know what normal human spending looks like and can flag anomalies in real time. If an agent gets compromised and starts making unauthorised purchases across multiple merchants, there’s no shared fraud graph to catch it.

Visa says it blocked $40 billion in attempted fraud after investing $11 billion in securing its systems over 2019-24. Stripe processes over $1.4 trillion in payments annually and trains its Radar fraud detection system on that entire volume. During Black Friday and Cyber Monday 2024, Radar blocked 20.9 million fraudulent transactions worth $917 million.

The fraud detection layer doesn’t exist for agents. Whenever an agent is making an x402 payment, no shared fraud graph flags suspicious behaviour, such as higher-than-normal spend or higher spend frequency.

Without a persistent identity and reputation, every agent interaction starts from zero. Reputation is deeply embedded in human commerce. You get ads based on the reels you scroll. Your Uber star rating is a factor when drivers accept your request. The credit score you generate by borrowing money and paying off loans follows you to every financial institution. It shouldn’t be any different for agents.

After the transaction

Chargebacks are how card rails handle disputes by reversing funds from the merchant after a customer disputes a credit/debit card transaction with their bank. They get abused, too. Chargebacks cost merchants an estimated $117.47 billion in 2023. For every $1 lost to chargebacks, businesses typically incur at least $3.75–$4.61 in total costs, when you factor in fees, lost merchandise, and administrative overhead.

Merchants win only 8.1% of the disputes they contest. 84% of customers find filing chargebacks simpler than requesting refunds from merchants directly.

Stablecoin transactions initiated by agents will settle in seconds and there is no recourse right now. Cloudflare has proposed deferred settlement extensions to x402, which would allow for hold periods before funds move irreversibly.

Developers are already building these infrastructure primitives. At ETHGlobal Buenos Aires, a team built Private-Escrow x402. The escrow scheme has buyers deposit funds into a smart contract upfront and sign an intent off-chain at the time of payment. A facilitator batches hundreds of these signed intents into a single settlement transaction, cutting gas costs by a factor of 28.

But that’s just an infrastructure primitive. Someone needs to productise it.

Who builds all of this?

I can’t help but think of a time when carriers dominated the telecom industry. They had billing relationships with every phone owner, and yet they missed generating value from smartphones. They captured distribution and mobile advertising. Together, they generate hundreds of billions in revenue that telecom carriers could have captured.

Card networks face a version of this problem now. Visa and Mastercard have spent decades building exactly the trust infrastructure that agentic commerce lacks. But their entire model depends on interchange fees that only exist because they control the payment rail. They spend billions maintaining and improving this infrastructure, which can only be funded by a few per cent transaction fees. Building consumer protection for stablecoin transactions would mean subsidising a competing rail with none of the revenue attached.

If the card networks are not going to do it, the next incumbents are AI labs like OpenAI, Google, and Anthropic. All these labs want their agents to be used everywhere, with every merchant and across every protocol. Running a centralised identity registry would mean they become liable when those agents misbehave, and they do not want to become the court of record for your booking mistake.

They would much rather someone else build identity and recourse as infrastructure they can plug into, the same way they plug into payments or search today.

Cloudflare occupies a strange position. They already see a massive share of web traffic. They already run bot detection. Their AI Audit tool lets publishers track which crawlers access their content and how often. Extending from “identify the bot” to “verify the agent’s credentials and reputation” is not a huge technical leap.

But Cloudflare has always positioned itself as neutral infrastructure. The moment they start issuing trust scores or adjudicating disputes, they become something more like a regulator. That’s a different business with different liabilities.

Startups exploiting the three wedges

You won’t beat OpenAI with model quality or Cloudflare with more traffic. You will have to find something in the stack that their business model doesn’t allow them to touch (at least for now) and still has value. I think those wedges are – identity, recourse, and attribution.

Agent identity is the most straightforward. The registry model is proven. Although Plaid is a cliché example, it fits well. They did it for bank accounts. A startup could do it for agents. Issue credentials, let them accumulate reputation, and give merchants a score to check before accepting payment. The defensibility comes from network effects. Once enough merchants check credentials against your registry, agents will have no choice but to maintain good standing.

Recourse is harder because it requires taking on risk. Think of it like insurance. You collect a small fee on every transaction and absorb losses when something goes wrong. Volume is the name of the game. Card interchange runs 1.5% to 3% and covers dispute resolution. Stablecoin rails cost a fraction of that, so a recourse layer could offer comparable protection at 50 basis points and still have margin.

Attribution is the most speculative of all, but it will eventually be built. When agents start influencing purchases, brands will pay to shape what gets recommended. The auction mechanics are designable. But this one has a cold start problem, the other two don’t. You need brands, agents, and merchants all participating before the market functions.

These wedges matter differently depending on where the agent economy sits. Identity is critical when agents act without human approval for every transaction. Recourse matters whenever agents start moving real money. Attribution only kicks in when agent-to-agent commerce reaches enough volume to support an advertising market. This brings us to what the trajectory actually looks like.

Startups will build parts of the agentic economy infra

The journey of agents can be mapped in three phases.

1. They first act as interfaces.

2. Then they execute under human supervision.

3. They transact with each other autonomously.

We are in the first phase. ChatGPT’s Etsy checkout integration is a good example. We browse products through conversation in a chat interface (though not everyone is doing that yet), the agent surfaces options, but we humans pull the final trigger. Trust is borrowed entirely from existing infrastructure.

This phase belongs to incumbents because it’s a distribution game. The value accrues to whoever owns the interface where purchase decisions happen.

The second phase is marked by agents getting more autonomy. Instead of only suggesting the itinerary, agents book flights, car rentals, and hotels. We provide intents or constraints, the agents execute, and we verify the final results.

This is where the trust layer becomes essential. Users will not delegate authority to agents without recourse. Merchants will not accept agent-initiated payments without some way to verify the agent’s identity and authorisation.

This is also where startups have a real opportunity. Incumbents perhaps don’t have the clear incentives to direct their resources towards building trust infrastructure for stablecoin rails because tremendous growth lies ahead of them within the existing phase, where they dominate.

OpenAI generated $13 billion in revenue this year. For context, Tether is on track to make more than that in profit, with $10 billion in profits until October 2025. The identity, recourse, and attribution layers will emerge from new companies solving specific problems at the boundary between what agents can do and what users will permit.

The third phase is autonomous agent commerce. Your agent doesn’t ask permission for routine decisions. It negotiates with other agents, bids for compute and bandwidth, participates in ad auctions, and settles thousands of small transactions continuously. Stablecoins fit the bill for the default settlement layer because nothing else handles the volume, speed, and granularity that machine-to-machine commerce requires.

In this phase, the differentiator is no longer who has the best model or the fastest chain. What matters is who built the most trusted infrastructure. The passports that agents carry. The courts that adjudicate disputes. The credit systems allow agents to transact beyond their immediate balance. These institutions for software will determine which agents can participate in the economy and on what terms.

We’ve built the plumbing for agents to spend money before building any way to verify they should be allowed to. HTTP 402 sat dormant for thirty years, waiting for micropayments to make sense. Now it works. But the trust infrastructure that enables human commerce, including identity verification, fraud detection, and dispute resolution, lacks an agent equivalent. We solved the easy problem first. It will take some time before agents are ready to do business with each other.

Looking forward to hiking during the holidays,
Saurabh Deshpande