12. Future Directions

Forecasting payments is a humbling exercise. In 1994 the trade press was certain that DigiCash would bury Visa; in 2008 PayPal was supposedly going to be disintermediated by SMS money; in 2017 ICOs were going to replace correspondent banking. What actually happened โ€” chip-and-PIN, EMV tokenisation, ISO 20022, real-time rails โ€” was slower, more bureaucratic, and dominated by incumbents who absorbed the new primitives. We try to keep that cautionary pattern in mind throughout.

This section looks from early 2026 out to 2030. It is deliberately structured around scenarios and open problems, not point estimates, because the error bars on anything quantitative in this space are enormous. Where we quote a number, we flag whether it is (a) an announced roadmap from a primary-source actor, (b) an analyst forecast with a disclosed methodology, or (c) an author's inference by analogy to prior payment shifts.

12.1 Three Scenarios for 2030

We find it useful to collapse the landscape into three stylised end-states. They are not mutually exclusive in every geography, but they represent distinct gravitational centres.

Scenario A โ€” "Networks absorb agents"

Card networks extend their tokenisation and risk stacks to agentic traffic, and the AP2 / ACP / UCP / Trusted Agent Protocol family becomes the default identity and authorisation envelope around existing card rails. In this world, agents are a new form factor (like contactless or 3-D Secure 2 before them), not a new rail. Visa's Trusted Agent Protocol (announced 14 October 2025 with Adyen, Checkout.com, Coinbase, Fiserv, Microsoft, Shopify, Stripe, Worldpay and Nekuda) and Mastercard's Agent Pay (announced 30 April 2025, with Agentic Tokens extending the Mastercard Tokenization Service) are explicit bids for this outcome.[^1][^2] The Universal Commerce Protocol (UCP) launched at NRF 2026 by Google and Shopify โ€” with Visa, Mastercard, American Express, Stripe, Adyen, Target, Walmart, Best Buy, Home Depot, Macy's, Flipkart and Zalando as foundational partners โ€” routes agent-initiated checkouts through Google Pay (and, soon, PayPal) while leaving the merchant-of-record relationship and card acceptance largely untouched.[^3]

Probability (author's estimate, for consumer retail): high, especially in regulated jurisdictions (EU, UK, US) through 2028.

Scenario B โ€” "x402 disintermediates"

Coinbase's x402 protocol, announced 6 May 2025, revives HTTP 402 with USDC micropayments settled via EIP-3009 / Permit2 on Base, Ethereum, Polygon, Arbitrum and Solana, with a non-custodial "facilitator" service (free on Base for the first 1,000 transactions per month via the Coinbase Developer Platform).[^4] The x402 Foundation, co-founded with Cloudflare, plus Cloudflare's pay-per-crawl and Web Bot Auth work, form the spine of a future where machine-to-machine HTTP calls settle in stablecoins without card rails at all.[^5] In this world, the card networks still dominate consumer commerce, but agent-to-agent and human-to-machine micro-transactions (inference calls, scraper fees, data-marketplace queries, DePIN metering) are stablecoin-native.

Probability: high for machine-to-machine and data markets, low for consumer retail, through at least 2028.

Scenario C โ€” Bifurcated outcome (the most likely, in our view)

Consumer retail follows Scenario A; machine-to-machine, developer, and long-tail content micropayments follow Scenario B; B2B procurement sits uneasily in the middle, with large-ticket agent-assisted purchase orders still settling on card commercial rails and virtual cards (Stripe Issuing for agents, Mastercard commercial tokens) while inference, data and DePIN flows settle in stablecoins.[^6] The analogous historical pattern is the coexistence of SWIFT, ACH/SEPA, card rails and correspondent banking: each found its price/latency/trust niche and none displaced the others.

We treat Scenario C as the baseline for the remainder of this section.

12.2 Protocol Convergence โ€” Will AP2, ACP, UCP and x402 Consolidate?

As of April 2026 there are at least five overlapping standards stacks:

Stack Sponsor Core primitive Settlement
AP2 Google (Sep 2025) Intent/Cart/Payment Mandates as W3C VCs over A2A/MCP Rail-agnostic
ACP OpenAI + Stripe (Sep 2025) SharedPaymentToken; merchant-of-record preserved Card rails via Stripe
UCP Google + Shopify (Jan 2026) Commerce-layer extensions on A2A/MCP Google Pay (PayPal planned)
Trusted Agent Protocol Visa + Cloudflare (Oct 2025) HTTP Message Signatures (RFC 9421) + Web Bot Auth Visa rails
x402 Coinbase + Cloudflare (May 2025) HTTP 402 + EIP-3009 signed transfers USDC on-chain

There are strong technical reasons for partial convergence:

  1. Shared cryptographic substrate. AP2, Trusted Agent Protocol, and UCP already rely on the same W3C and IETF primitives: Verifiable Credentials Data Model 2.0,[^7] Decentralized Identifiers,[^8] and HTTP Message Signatures (RFC 9421).[^9] Cloudflare's Web Bot Auth IETF draft is explicitly positioned as the shared transport layer for agent identity across Visa, Amex, Mastercard and Shopify ecosystems.[^10]
  2. Shared identity work. ERC-8004 "Trustless Agents" on Ethereum, published via the Ethereum Foundation's AI blog, standardises on-chain agent identity and reputation registries; it is referenced in both x402 ecosystem work and in Catena Labs' open-source Agent Commerce Kit (ACK).[^11]
  3. Merchant pressure. Merchants do not want to integrate five different agent SDKs. The UCP partner list (overlapping heavily with ACP's and Trusted Agent Protocol's) already signals de-facto consolidation around A2A + MCP as a lower layer.[^3]

But there are structural reasons against full consolidation: each sponsor has a commercial interest in owning the control point (tokenisation fees for networks, facilitator fees for Coinbase, platform take-rate for OpenAI/Google). Author's inference, by analogy to the 3-D Secure โ†’ EMV 3DS path and to the FIDO Alliance's decade-long convergence of WebAuthn: we expect the lower layers (agent identity, HTTP signatures, mandate schemas) to converge inside W3C and IETF within 24โ€“36 months, while the upper layers (payment authorisation, dispute messages, reputation) remain commercially fragmented.

Likely standards-body roles

  • W3C will most likely extend the Verifiable Credentials and DID work groups to cover mandate-specific schemas. AP2's mandates are already W3C VC-compliant.[^12]
  • IETF will finalise Web Bot Auth (currently draft-meunier-web-bot-auth-architecture) and may host a new working group on agent HTTP semantics extending RFC 9421.[^10]
  • EMVCo โ€” author's inference โ€” is the natural home for a card-network-agnostic "agent token" spec analogous to EMV Payment Tokenisation. Mastercard's Agentic Tokens and Visa's Trusted Agent stack both already mirror EMVCo patterns; an EMVCo working group is a plausible 2026โ€“2027 development but has not been publicly announced as of April 2026.
  • BIS / CPMI has not published a dedicated agentic-payments report as of April 2026, though its existing work on AI governance at central banks and its ongoing CPMI monitoring of cross-border innovations are the natural vehicles. A CPMI report on AI-initiated payments is plausible in the 2026โ€“2027 window.[^13]

12.3 Agent-to-Agent (A2A) Commerce and the "Machine Economy"

The near-term concrete A2A use cases where production traffic already exists or is imminent:

  1. Compute and inference purchasing. An agent orchestrator buys GPU time or model-inference API calls per-request. x402 is already wired into early developer tooling for this: the Coinbase Developer Platform's x402 facilitator supports per-request USDC settlement, and the spec explicitly targets the HTTP 402 status code that has sat dormant in the HTTP/1.1 standard since 1999.[^4]
  2. Data marketplaces. Cloudflare's pay-per-crawl (announced alongside Web Bot Auth) lets publishers price scraper access in stablecoins, turning robots.txt from a social convention into a priced API.[^5]
  3. DePIN (decentralised physical infrastructure) payments. Storage (Filecoin, Arweave), bandwidth (Helium), sensor data (DIMO, Hivemapper) networks already meter usage; pairing them with x402 or ERC-8004-registered agents removes the need for prepaid credits and monthly invoicing.[^11]
  4. Agent-commissioned services. Skyfire (seed Oct 2024, $9.5M total led by Coinbase Ventures + a16z CSX)[^14] issues Know-Your-Agent (KYA) identities on Base; Catena Labs' ACK and Crossmint's virtual-card + MoneyGram rails support agent-initiated payouts for freelance-style tasks delegated between agents.[^15][^16]

The "machine economy" framing is cleanest in Citi GPS's January 2025 "Agentic AI: Finance & the 'Do It For Me' Economy" report, which argues that autonomous agents will fundamentally shift financial workflows, though Citi is careful not to put a single dollar number on the machine-economy segment.[^17] Author's caveat: most machine-to-machine volume today is still demos and proof-of-concept traffic; the AInvest analysis of x402 facilitator telemetry in early 2026 suggested real transacting volume was materially below headline partnership counts โ€” a "flow gap" between announcements and production.[^18]

12.4 B2B Procurement Agents and Treasury Automation

The less-discussed but arguably earlier-monetising wedge. Three dynamics:

  • Procurement. Agent-driven purchase-order workflows (catalog search, RFP, three-bid comparison, vendor onboarding) are directly supported by Mastercard's Agent Pay (issuer pilots with Citi and U.S. Bank), IBM watsonx Orchestrate integrations, and Stripe's Agent Toolkit with Issuing for virtual cards.[^2][^19]
  • Treasury. Crossmint and Catena Labs pitch stablecoin-native corporate treasury โ€” agent-mediated FX, programmable payouts, automated reconciliation.[^15][^16]
  • Invoicing and dispute. PayPal's Agent Toolkit + MCP server (announced 29 April 2025 at Dev Days) exposes orders, invoices, disputes and shipment tracking via MCP, directly supported in the OpenAI Agent SDK, Vercel AI SDK and LangChain.[^20]

Adoption projections here are hard to pin down because "agentic B2B" blurs into pre-existing RPA and procurement-SaaS categories. McKinsey's 2025 agentic-commerce work addresses B2C; the equivalent B2B figures appear in Deloitte's 2025 "Agentic AI is transforming commerce and payments" analysis, which at the high end projects up to $17.5T of global commerce could be touched by agentic AI by 2030.[^21] That number includes indirect influence and should be treated with scepticism; it measures touched-by not agent-initiated.

12.5 The Micropayments Renaissance โ€” Why 2026 Is Not 1996

The 1990s cemetery is full: DigiCash (founded 1989, bankrupt 1998), Millicent (DEC, 1995โ€“2001), CyberCash (1994โ€“2001), Beenz and Flooz. The canonical post-mortem, Clay Shirky's 2000 essay "The Case Against Micropayments", argued the fatal problem was cognitive: users did not want to make dozens of tiny pricing decisions per day. That critique has not evaporated.

What is genuinely different now, grounded in primary sources:

  1. The buyer is not a human. An agent can evaluate a $0.002 inference charge without cognitive load; Shirky's "mental transaction cost" argument doesn't apply. This is the single biggest structural change.
  2. Settlement cost is near-zero. On Base or Solana, x402 facilitator transactions cost fractions of a cent; 1990s settlement required card-network minimums (interchange + assessment + gateway โ‰ˆ $0.30 floor).[^4]
  3. Identity is portable. W3C DIDs and ERC-8004 let an agent carry reputation across services without the custom account-creation that killed Millicent's UX.[^8][^11]
  4. The content side is willing. Cloudflare's pay-per-crawl, and the publisher-industry fallout from LLM scraping, mean the supply side wants micropayments more than it did in the Napster era.[^5]

What has not changed: chargebacks, regulatory KYC on wallets, tax reporting, and consumer trust around autonomous spend. Author's inference: the 2026โ€“2028 micropayments revival will be concentrated in A2A / developer channels, not consumer-facing "tip jar"-style flows, because only the former have truly eliminated the mental transaction cost.

12.6 Research Roadmap โ€” Open Problems for Academia

From the academic literature surveyed in Section 02, the following problems stand out as unsolved as of early 2026:

  1. Provenance of intent. How do we prove, after the fact, that an agent's action reflected the user's authentic intent and not a prompt-injection-altered goal? AP2's Intent Mandates (W3C VCs signed pre-action) are a start, but integrity across long agent chains is open.[^22] Simon Willison's June 2025 "Design Patterns for Securing LLM Agents" catalogues mitigations (CaMeL, action-limited agents, plan-then-execute) but explicitly calls prompt injection an unsolved problem.[^23]
  2. Formal verification of mandates. Mandates are expressed in natural language and structured fields; we do not yet have tooling to formally verify that an agent plan satisfies a mandate's constraints (spend limit, merchant category, time window). This is a potentially tractable PL / verification problem.
  3. Mechanism design for agent markets. When buyers and sellers are both agents, classical auction design assumptions (bounded rationality, finite compute) break. The Shanghai Jiao Tong University survey on AI-agent protocols flags this as open.[^24]
  4. Privacy-preserving reputation. ERC-8004 places reputation on-chain for transparency but sacrifices privacy. Zero-knowledge attestations (e.g., Semaphore, zkEmail patterns) are candidates but lack standardisation for KYA.[^11]
  5. Prompt-injection defence in payment contexts. Recent academic work including arXiv:2511.15759 (Nov 2025) and the MDPI Information 2026 review catalogue attack classes but do not demonstrate a complete defence.[^25][^26]
  6. Trustless agent identity. Balancing issuer-based KYA (Skyfire, Nekuda model) with permissionless self-sovereign identity (ERC-8004 model) is unsolved at the governance layer.
  7. Dispute and repair. If an agent erroneously buys the wrong item, current chargeback mechanisms (Reg E in the US, PSD2 in the EU) do not clearly attach. Justt.ai's 2025 analysis of chargeback risk in agentic commerce flags this as an active industry concern.[^27]

12.7 Policy Roadmap 2026โ€“2028

US โ€” CFPB. The CFPB's September 2025 Regulatory Agenda includes digital-payments and open-banking priorities (Personal Financial Data Rights Rule under Dodd-Frank ยง1033); it has not issued dedicated agentic-AI payment rules as of April 2026, but industry and legal commentators (including Davis Wright Tremaine's January 2026 white paper) expect proposed rulemaking on agent self-identification, explainability of adverse actions, and liability allocation within the 2026โ€“2027 window.[^28][^29] Reg E unauthorised-transfer coverage will need to be clarified for agent-initiated errors.

UK โ€” FCA / PSR. No dedicated rulemaking announced as of April 2026; guidance is likely through the FCA's AI Discussion Paper channel and PSR's work on APP fraud reimbursement. The Payments Association's 2025 analysis sets out the expected questions.[^30]

EU. The EU AI Act (in force August 2024, high-risk provisions applying from August 2026) already covers agentic systems making "decisions with legal effect"; PSD3 and the Payment Services Regulation (PSR) drafts being negotiated through 2026 are the more proximate levers. See Section 10 for detail.

BIS / CPMI / FSB. No dedicated agentic-payments report yet.[^13] Author's inference: a CPMI working paper on AI-initiated cross-border payments is likely in the 2026โ€“2027 window, following the pattern of CPMI's prior treatment of stablecoins and fast-payment systems.

Linklaters' TechInsights 2025 analysis summarises the cross-jurisdictional legal risks: authorised-push-payment liability, data-protection lawful basis under GDPR for agent processing, and agency law questions about whether an AI agent is a "messenger" or an "agent" in the contract-law sense.[^31]

12.8 Adoption Projections โ€” With Caveats

All of the numbers below are third-party forecasts. We present them alongside their methodology caveats.

Source Forecast Horizon Methodology caveat
McKinsey (QuantumBlack, 2025) 3โ€“3โ€“5T global agentic-commerce volume; up to $1T US B2C retail orchestrated by agents[^32] 2030 "Orchestrated" includes agent-assisted (not only agent-initiated); broad definition
Kearney 25% of e-commerce ($10โ€“12T) by 2030[^33] 2030 Top-down; assumes consumer trust and rails scale in parallel
Deloitte Up to $17.5T "touched by" agentic AI[^21] 2030 "Touched-by" metric includes indirect influence; not agent-initiated volume
BCG Global Payments Report 2025 >50% of online purchases agent-influenced; 81% of US consumers use agentic shopping tools[^34] "Soon" (undated) Survey-based intent, not realised behaviour
Grand View Research / Sanbi.ai $5.7B market in 2025, CAGR >30% 2025โ€“2033 Third-party aggregator estimates; methodology opaque
AInvest "flow gap" analysis Realised agentic-payment volume materially below announced partnership counts[^18] Early 2026 snapshot Reality-check on headlines

Analyst methodology caveat (cross-cutting): almost every top-line agentic-commerce TAM conflates three very different populations โ€” (a) purchases initiated by an autonomous agent, (b) purchases assisted by an AI agent with human confirmation, and (c) purchases merely influenced by AI search or recommendation. Only (a) is properly "agentic payment"; (b) and (c) are larger categories that inflate the TAM. When comparing forecasts, always read the denominator.

Author's synthesis: we find Kearney's ~25% of e-commerce by 2030 a plausible upper bound for agent-assisted consumer flows in developed markets, and treat McKinsey's $3โ€“5T as the central case. For fully agent-initiated (no human-in-the-loop) consumer retail, our own inference is considerably lower โ€” in the low single-digit percent of e-commerce by 2030 โ€” because of regulatory friction, liability uncertainty, and consumer trust drag documented in Section 09 and Section 10.

12.9 Black-Swan Risks

Scenarios that could materially slow or reverse the trajectory:

  1. AI capability winter. A plateau in LLM capability growth, or a collapse in frontier-lab economics, removes the "agent" substrate. The Citi GPS report itself notes the 17ร— increase in "agentic AI" mentions in 2024 โ€” a classic hype-cycle indicator.[^17] A deflating hype cycle is a real risk, though the underlying protocol infrastructure (VCs, DIDs, HTTP signatures) is independently useful.
  2. Major fraud incident. An agent-scale fraud episode (e.g., a prompt-injection-driven coordinated drain of consumer accounts, or a merchant-side mandate-spoofing attack) in the 2026โ€“2027 window could trigger rollback of issuer agent-acceptance programmes. The Consumer Bankers Association white paper notes issuer anxiety about unbounded liability exposure.[^35]
  3. Regulatory shutdown of pieces. A CFPB rule attaching unbounded liability to agent operators, or an EU AI Act Article 6 classification forcing payments agents into "high-risk" pre-market conformity assessment, could sharply reduce non-incumbent participation. EU guidance is still crystallising (see Section 10).
  4. Stablecoin de-pegging. A material USDC or USDT de-peg would specifically wound Scenario B. Circle's 2023 SVB episode is instructive: three days of de-peg pressure forced industry to build contingency liquidity; a deeper event would be worse.
  5. Dispute-floor collapse. If chargeback economics for agent-initiated transactions prove unworkable at scale (merchants eating the losses), merchants may simply refuse agent traffic โ€” echoing the early 2000s CNP transition period. Justt.ai's analysis flags this as the single most underweighted risk.[^27]
  6. Geopolitical fragmentation. If the US, EU and China settle on incompatible agent-identity stacks (analogous to today's payment-network fragmentation), cross-border agentic commerce becomes a permissioned-list problem, not an open-protocol one.

12.10 What "Success" Looks Like in 2030

Rather than a point estimate, four qualitative scenarios of what "success" could concretely mean by 2030:

For consumers. A typical US or EU household has one or two delegated shopping agents (likely embedded in a messaging, search, or OS surface: Gemini, ChatGPT, Apple Intelligence, Meta AI). Most recurring household purchases โ€” groceries, subscriptions, travel rebooking โ€” are agent-executed under standing mandates with spend caps; discretionary purchases still pause for human approval at cart-mandate time. The invisible change: the user no longer has a "checkout" mental category for routine items, in the way contactless payments erased the "insert card + PIN" category post-2015.

For developers. A public API without a 402 Payment Required response path is as anachronistic as one without HTTPS. Paid API tiers are metered per-call in stablecoins via x402-descended facilitators, and the dominant open-source agent frameworks ship with wallet + mandate primitives out of the box.[^4]

For merchants. The Shopify-UCP-Google or Stripe-ACP-OpenAI stacks have stabilised so that implementing "agent-friendly commerce" is a compliance-checklist exercise (like EMV migration was in 2012โ€“2015), not a greenfield build. Merchants remain merchants-of-record; the card networks retain authorisation and dispute primacy.[^3][^36]

For central banks and regulators. Know-Your-Agent is codified in at least one major jurisdiction (author's inference: most likely the EU via a PSD3-linked instrument, or the UK via FCA guidance with statutory effect). Agent-initiated transactions are logged with sufficient provenance (mandate references, agent DID, model identifier) that post-hoc supervision is feasible. BIS / CPMI has issued at least one dedicated report on AI-initiated payments. None of this has yet happened as of April 2026; all are plausible 2026โ€“2028 developments by analogy to the historical regulatory cadence on contactless, open banking, and stablecoins.

12.11 Closing Note

Payments infrastructure rarely has a clean break. ACH is 50+ years old, SWIFT is 50+, the Visa network is 55+, and each survived successive "disruptions." The right default expectation is that by 2030 the agentic-payments stack will be additional, not replacing: the W3C / IETF mandate layer and HTTP-402 micro-settlement will be new primitives, and they will run on top of, not instead of, card rails, real-time payments, and stablecoins. The interesting question is which of those rails absorbs which kind of agent traffic โ€” which is precisely the taxonomy we opened with in Section 01.

The thing to watch in 2026โ€“2027 is not the headline TAM numbers. It is:

  • whether EMVCo chartered an agent-tokenisation working group (it has not as of April 2026);
  • whether the IETF Web Bot Auth draft progresses to RFC;
  • whether an issuer unilaterally pulls out of an agent programme after a fraud incident;
  • whether a major x402 facilitator is ordered by a regulator to implement KYC on counterparty agents;
  • whether UCP ships Non-Google buyer surfaces (the big tell on whether it is truly "universal").

Any one of those moves will shift the probability distribution across our three scenarios more than any analyst forecast will.

Sources

[^1]: Visa Investor Relations, "Visa Introduces Trusted Agent Protocol: An Ecosystem-Led Framework for AI Commerce," 14 October 2025. https://investor.visa.com/news/news-details/2025/Visa-Introduces-Trusted-Agent-Protocol-An-Ecosystem-Led-Framework-for-AI-Commerce/default.aspx ; GitHub repository: https://github.com/visa/trusted-agent-protocol [^2]: Payment Expert, "Mastercard and Microsoft partner on AI Agent Pay," 30 April 2025. https://paymentexpert.com/2025/04/30/mastercard-microsoft-ai-agent-pay/ ; PayPal Newsroom, "Mastercard and PayPal Join Forces To Accelerate Secure Global Agentic Commerce," 27 October 2025. https://newsroom.paypal-corp.com/2025-10-27-Mastercard-and-PayPal-Join-Forces-To-Accelerate-Secure-Global-Agentic-Commerce [^3]: Google Developers Blog, "Under the Hood: Universal Commerce Protocol (UCP)." https://developers.googleblog.com/under-the-hood-universal-commerce-protocol-ucp/ ; Shopify Engineering, "Building the Universal Commerce Protocol (2026)." https://shopify.engineering/ucp ; TechCrunch, "Google announces a new protocol to facilitate commerce using AI agents," 11 January 2026. https://techcrunch.com/2026/01/11/google-announces-a-new-protocol-to-facilitate-commerce-using-ai-agents/ [^4]: x402 documentation, https://docs.x402.org/ ; facilitator concept, https://docs.x402.org/core-concepts/facilitator ; GitHub: https://github.com/coinbase/x402 [^5]: Cloudflare, "Cloudflare Collaborates with Leading Payments Companies to Secure and Enable Agentic Commerce," 21 October 2025. https://www.cloudflare.com/press/press-releases/2025/cloudflare-collaborates-with-leading-payments-companies-to-secure-and-enable-agentic-commerce/ ; Cloudflare blog, "x402 Foundation," https://blog.cloudflare.com/x402/ [^6]: Stripe Newsroom, "Stripe and OpenAI" (ACP announcement). https://stripe.com/newsroom/news/stripe-and-openai ; Stripe Agentic Commerce docs: https://docs.stripe.com/agentic-commerce/protocol [^7]: W3C, Verifiable Credentials Data Model v2.0, W3C Recommendation. https://www.w3.org/TR/vc-data-model-2.0/ [^8]: W3C, Decentralized Identifiers (DIDs) v1.0, W3C Recommendation. https://www.w3.org/TR/did-core/ [^9]: IETF RFC 9421, HTTP Message Signatures, February 2024. https://datatracker.ietf.org/doc/rfc9421/ [^10]: IETF Internet-Draft, "Web Bot Auth Architecture" (Cloudflare). https://datatracker.ietf.org/doc/draft-meunier-web-bot-auth-architecture/ [^11]: Ethereum EIP-8004, "Trustless Agents." https://eips.ethereum.org/EIPS/eip-8004 ; Ethereum Foundation AI blog, "Intro to ERC-8004." https://ai.ethereum.foundation/blog/intro-erc-8004 [^12]: Google Cloud Blog, "Announcing Agents-to-Payments (AP2) Protocol," 16 September 2025. https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol ; AP2 specification: https://github.com/google-agentic-commerce/AP2/blob/main/docs/specification.md [^13]: BIS CPMI publications index. https://www.bis.org/cpmi_publs/index.htm ; BIS, "The use of artificial intelligence for policy purposes." https://www.bis.org/publ/othp100.htm (general AI-governance work; no dedicated agentic-payments paper as of April 2026). [^14]: TechCrunch, "Skyfire lets AI agents spend your money," 21 August 2024. https://techcrunch.com/2024/08/21/skyfire-lets-ai-agents-spend-your-money/ [^15]: BusinessWire, "Circle Co-Founder Sean Neville Takes Catena Labs Out of Stealth," 20 May 2025. https://www.businesswire.com/news/home/20250520361792/en/Circle-Co-Founder-Sean-Neville-Takes-Catena-Labs-Out-of-Stealth-with-Plans-to-Build-the-First-AI-Native-Financial-Institution [^16]: Crossmint, "Agentic Payments." https://www.crossmint.com/solutions/agentic-payments ; Crypto Briefing, "Circle Ventures investment in Crossmint." https://cryptobriefing.com/circle-ventures-investment-crossmint-stablecoin/ [^17]: Citi GPS, "Agentic AI: Finance & the 'Do It For Me' Economy," January 2025. PDF: https://citiwarrants.com/home/upload/citi_research/rsch_pdf_30305836.pdf ; coverage: https://www.finextra.com/newsarticle/45343/agentic-ai-citi-gps-explores-future-of-finance-in-the-do-it-for-me-economy [^18]: AInvest, "AI Agent Payments: The Flow Gap Between Reported Growth and Real Transaction Volume." https://www.ainvest.com/news/ai-agent-payments-flow-gap-reported-growth-real-transaction-volume-2603/ [^19]: Stripe Agent Toolkit (Anthropic, OpenAI, LangChain, Vercel SDK); Stripe Issuing for agents. https://docs.stripe.com/agentic-commerce/protocol [^20]: PayPal Newsroom, "PayPal Brings Together Developers, AI Leaders to Power Agentic Commerce at Dev Days," 29 April 2025. https://newsroom.paypal-corp.com/2025-04-29-PayPal-Brings-Together-Developers,-AI-Leaders-to-Power-Agentic-Commerce-at-Dev-Days ; PayPal Agent Toolkit docs: https://paypal.gitbook.com/agent-toolkit-and-mcp-server/agent-toolkit/quickstart [^21]: Deloitte, "Agentic AI is transforming commerce and payments." https://www.deloitte.com/us/en/Industries/financial-services/articles/how-agentic-ai-is-transforming-e-commerce-and-commerce-payments.html [^22]: Cloud Security Alliance, "Secure Use of the Agent Payments Protocol (AP2)," 6 October 2025. https://cloudsecurityalliance.org/blog/2025/10/06/secure-use-of-the-agent-payments-protocol-ap2-a-framework-for-trustworthy-ai-driven-transactions [^23]: Simon Willison, "Design Patterns for Securing LLM Agents against Prompt Injections," 13 June 2025. https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/ [^24]: "A Survey of AI Agent Protocols," Shanghai Jiao Tong University, April 2025. arXiv:2504.16736. https://arxiv.org/abs/2504.16736 [^25]: "Securing AI Agents Against Prompt Injection Attacks," arXiv:2511.15759 (November 2025). https://arxiv.org/abs/2511.15759 [^26]: "Prompt Injection Attacks in Large Language Models and AI Agent Systems: A Comprehensive Review," Information 17(1):54 (MDPI, 2026). https://www.mdpi.com/2078-2489/17/1/54 [^27]: Justt.ai, "Agentic Commerce: Preparing for Chargeback and Fraud Risks." https://justt.ai/blog/agentic-commerce-chargeback-risk-preparation/ [^28]: Consumer Finance Monitor, "CFPB releases ambitious Regulatory Agenda," 17 September 2025. https://www.consumerfinancemonitor.com/2025/09/17/cfpb-releases-ambitious-regulatory-agenda/ [^29]: Davis Wright Tremaine, "Agentic AI Payments: Navigating Consumer Protection, Innovation, and Regulation," January 2026. https://www.dwt.com/insights/2026/01/agentic-ai-payments-white-paper [^30]: The Payments Association, "AI powered payment agents: the next payments revolution." https://thepaymentsassociation.org/article/ai-powered-payment-agents-the-next-payments-revolution/ [^31]: Linklaters TechInsights, "Agentic payments: what are they, what are the legal risks, and what's next." https://techinsights.linklaters.com/post/102l0hm/agentic-payments-what-are-they-what-are-the-legal-risks-and-whats-next [^32]: McKinsey QuantumBlack, "The agentic commerce opportunity / Europe's agentic commerce moment." https://www.mckinsey.com/capabilities/quantumblack/our-insights/europes-agentic-commerce-moment-decision-influence-is-here-execution-is-coming ; Digital Commerce 360 coverage, "McKinsey: Up to $5 trillion in agentic commerce sales by 2030," 20 October 2025. https://www.digitalcommerce360.com/2025/10/20/mckinsey-forecast-5-trillion-agentic-commerce-sales-2030/ [^33]: Kearney, "Agentic payments: a new frontier in digital commerce." https://www.kearney.com/industry/financial-services/article/agentic-payments-a-new-frontier-in-digital-commerce [^34]: BCG, "Global Payments Report 2025: The Future Is (Anything but) Stable," September 2025. https://web-assets.bcg.com/25/91/2269153c468ca43684442f055cb0/2025-global-payments-report-sep-2025.pdf ; press release: https://www.bcg.com/press/22september2025-reshape-global-payments-landscape [^35]: Consumer Bankers Association, "CBA releases white paper examining agentic AI, consumer payments, and the future of regulation," 2025. https://consumerbankers.com/press-release/cba-releases-white-paper-examining-agentic-ai-consumer-payments-and-the-future-of-regulation/ [^36]: OpenAI Platform Docs, Agentic Commerce. https://platform.openai.com/docs/agentic-commerce ; Agentic Commerce Protocol repository: https://github.com/agentic-commerce-protocol/agentic-commerce-protocol ; site: https://agenticcommerce.dev/