In an ideal world, AI agents would complete all the tasks we ask of them. With the rise of browser agents that can surf the web and click around on interactive menus and elements like humans do, the possibility of that future world is tantalizingly close.

While the current crop of AI agents can browse the internet for flights or help enterprises compare potential product providers, they still typically stop short of going through with a purchase or transaction — certainly not without getting a user's express, manual approval.

Now Google, along with 60 other major organizations is introducing a new, open source payment protocol any enterprise or developer can adopt — with the goal of making AI agentic payments more convenient, more secure and traceable, and ultimately, more seamless, letting an AI agent actually complete a purchase even if the human user isn't there right at the transaction time to bless it. This should also unlock new ways for people to buy things online, such as having a human user instruct an agent to find deals and buy when an item reaches a certain low price, for example.

Announced today, Agents Payments Protocol, or AP2, is aimed at establishing a common ground for companies within a digital purchase ecosystem, including merchants, banks, agents, model providers, as well as customer relationship management (CRM) and accounting platforms, to determine whether a user authorizes a transaction through an AI system, and who can be held accountable for errors. 

Some of the collaborators include American Express, Ant International, Airwallex, Cider, Coinbase, Etsy, Intuit, JCB, Lazada, Mastercard, PayPal, Revolut, Salesforce, ServiceNow, UnionPay International, Worldpay and Zalora

A standard would provide the necessary guarantee that requests to pay for something are legitimate and offer guidelines if something does go wrong.

Even with this concerted effort from the search-turned-AI giant, it will likely take some time before consumers and enterprises are comfortable with humans being barely involved in transactions.  

As of today, consumers cannot use AP2-based payments today in any publicly known, real-world product or service. The protocol is ready for developers to explore and build with, and partners are supporting its development, but actual consumer-facing implementations have yet to launch.

The key idea

The idea behind AP2 is that, to develop a standardized way for agents to transact on behalf of users, cooperation is needed among the parties typically involved in online purchasing.

As an open source project, AP2 could offer a common foundation “to securely authenticate, validate and convey an agent’s authority to transact.”

“Having a protocol, essentially a common standard, allows for multiple agents to interact with each other,” PayPal global head of AI Prakhar Mehrotra told VentureBeat in an interview. “Technically, we can do agentic payments now, but I can’t guarantee the system's robustness, and I can’t bring that to a regulator. A standard gives that needed layer.”

Its proponents said an open agentic payment protocol provides three important things: 

  • Authorization to prove that a human user gave an AI agent permission to make a purchase

  • Authenticity so that merchants or sellers know an agent is truly acting based on the user’s intent

  • Accountability so that anyone within the ecosystem knows how to deal with fraudulent or incorrect transactions

Digital transactions, such as buying clothes online, operate on the same basic principles, but there is an assumption that anyone clicking the "buy" button is a human who owns the bank account or card used for the transaction. 

Developed as an extension of Google’s earlier Agent2Agent (A2A) and Anthropic's increasingly popular Model Context Protocol (MCP) initiatives, AP2 establishes a common structure that supports diverse payment methods including credit and debit cards, stablecoins, and real-time bank transfers.

By offering a payment-agnostic, interoperable framework, AP2 enables users, merchants, and financial institutions to confidently participate in agentic transactions across platforms.

According to Google, the protocol is built to prevent fragmentation across ecosystems by aligning with industry standards while addressing the unique requirements of autonomous agents.

While consumer use cases are a major focus, AP2 is also expected to play a role in enterprise commerce workflows. For instance, autonomous agents could manage procurement tasks, scale software licensing based on real-time usage, or interact with marketplaces like Google Cloud’s for transactable services.

To support implementation, Google has published full technical specifications and reference implementations in a public GitHub repository. The company encourages developers and industry stakeholders to contribute to the open standard as it continues to evolve.

The state of agentic payments today

When an individual or an enterprise makes a purchase online, a couple of things happen. 

First, the user finds and selects the product they want to buy, then adds it to their cart. After this, they choose how to pay for the transaction. Depending on the website, people will either click on “pay with card,” “pay with PayPal,” “pay with Buy Now, Pay Later” or their chosen automatic payment provider (i.e., Google Pay). The user then clicks a button to finish the transaction. Once that process is complete, the information is sent to the seller and the users’ bank or PayPal account, and the money is exchanged. 

The key to all of that is a human user who manually clicks buttons. Mehrotra said the onus to prove authority, ownership, and approval is on the person, which acts as a guardrail.

However, with agentic transactions, the human may have initiated the process, but a non-deterministic model made the ultimate decision to complete the transaction. 

Many of the companies involved in AP2 already work on projects aimed at making agentic payments efficient and secure. These projects often “make do,” meaning payment providers rely on their existing technologies, which still place the onus on a human.  

Mastercard unveiled Agent Pay, which utilizes the company’s tokenization technology to mask personally identifiable information during digital purchases. Visa partnered with Perplexity, which brings Visa’s payment network to the chat platform and enables “agentic commerce.”

While not necessarily dealing with payments, Intuit offers several finance agents to mid-market customers so they can understand how well their products are selling. 

Skyfire, a San Francisco-based startup that launched in beta in 2024, also provides developers with infrastructure to equip autonomous agents with real funds and enable them to transact directly.

Skyfire operates more like a payments-as-a-service platform, offering tooling to developers who want to load agents with money, enforce spending caps, and authenticate agents through an identity layer. Unlike AP2, which focuses on cryptographic proof of user intent through digital mandates, Skyfire enables users to directly fund spending accounts for AI agents using stablecoins or traditional payment methods with pre-set spending limits.

Skyfire provides an out-of-the-box solution for agent payments, Google’s AP2 aims to create a shared foundation that a broader ecosystem—including players like Skyfire—could ultimately build on.

How AP2 works

Mastercard chief digital officer Pablo Fourez said in an email to VentureBeat that protocols like AP2 “represent a broader industry effort to enable agent-based commerce.”

“Our focus is on defining the trust layer: enabling secure and responsible agentic transactions today through tokenized credentials across our global payments network, while also preparing for a future where the internet itself is rewired to support agentic commerce more natively. It’s this dual focus - meeting the needs of now while building for what’s next - that allows innovation to move from concept to production with confidence,” he said. 

AP2 helps build that trust through what the consortium calls Mandates, or “tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of a user’s instructions.” The Mandates would be signed with verifiable credentials (VCs), which the entire ecosystem recognizes are ground truth for transactions, providing cryptographic proof that an agent’s actions align with user instructions.

The blog from Google said Mandates addresses the different ways people use agents to shop. 

  • Real-time purchases with a human present, where someone asks an agent to find them something — for example, running shoes. The request is captured by an Intent Mandate that represents the auditable context for the purchase. After the agent adds the shoes to the cart, the person approves the action with a Cart Mandate.

  • Delegated tasks without a human are when people tell an agent to buy, say, a concert ticket, but offer a condition, such as only buying if the ticket goes on sale. The same Mandates exist, with the Intent Mandate specifying the specific rules the user added that will trigger a purchase. This “pre-authorization” acts as the Cart Mandate.

This system creates an audit trail that links a user’s original request to the final payment, addressing concerns around authorization, authenticity, and liability.

Paypal’s Mehrotra said AP2 could bring about different ways of paying for purchases. For example, people can instruct agents to coordinate between airlines and hotels, finding the best combination of timing, price, and location to pay for an entire trip with minimal human intervention. 

Integrating Crypto and Web3 Payments

To support the growing relevance of crypto payments, Google has introduced an extension to AP2 called A2A x402, developed in partnership with organizations like Coinbase, MetaMask, and the Ethereum Foundation. This extension makes it possible for AI agents to transact using stablecoins and other crypto assets, bringing the same structure and verifiability to blockchain-based commerce.

Partners in the Web3 space welcomed the move. Coinbase described x402 as a production-ready solution that gives developers a real playground for crypto-enabled agent interactions, while MetaMask emphasized the benefit of composability and user control in decentralized environments.

The adoption problem

There’s no doubt that payment networks, merchants, banks and others in the ecosystem will want to embrace standards like AP2.

People and enterprises are understandably wary of not having much control over paying for things. 

It took years for people to become comfortable enough to initiate large purchases online. On a personal note, I prefer manually adding my payment information for any expensive online transactions, such as buying furniture.

The US is slowly marching towards becoming cashless. Some countries are only starting to offer a Venmo-like person-to-person payment app.

Standards like AP2 could go a long way to providing that layer of trust and accountability. But it is the agents themselves that need to offer that assurance to enterprises and individuals.

What businesses can do with AP2 today

The framework is now open for exploration and development, meaning businesses looking to integrate AP2 or prepare for agent-led commerce can take concrete steps today.

First, developers and technical teams can review the public GitHub repository, where Google has published the full AP2 specification, example implementations, and supporting documentation. This resource provides a starting point for building agent payment flows that adhere to the protocol’s design for secure, verifiable transactions.

Second, companies building AI agents—or integrating agents into existing platforms—can begin designing interactions around Mandates and Verifiable Credentials, which are core to AP2's model of trusted authorization. Whether the goal is enabling real-time user-approved purchases or automating delegated tasks like travel booking or subscription renewals, these constructs offer a flexible foundation for establishing user intent and transaction traceability.

Third, merchants and payment providers interested in future-proofing their systems for agentic commerce can evaluate how their existing checkout, authentication, and compliance infrastructure aligns with AP2’s structure. Because the protocol is payment-agnostic and supports a range of methods (from traditional cards to stablecoins), early compatibility planning may help reduce future integration overhead.

Finally, Google is encouraging community participation. Businesses are invited to contribute feedback, propose extensions, and help shape how the protocol evolves—particularly around emerging areas like decentralized identity, risk management, and interoperability with crypto payment systems.

In short, while AP2 is not yet commercially deployed, its release marks a clear opportunity for forward-looking businesses to begin building or aligning with a shared foundation for AI-driven commerce.