Verifiable trust in multi-agent commerce

OWASP GenAI Security Project Drop! 𝗧𝗟;𝗗𝗥 The team released “Agent Name Service (ANS) for Secure AI Agent Discovery,” and it proposes a DNS-inspired registry that gives every AI agent a cryptographically verifiable “passport.” By combining PKI-signed identities with a structured naming convention, ANS enables agents built on Google’s A2A, Anthropic’s MCP, IBM’s ACP, and future protocols to discover, trust, and interact with one another through a single, protocol-agnostic directory. The paper details the architecture, registration/renewal lifecycle, threat model, and governance challenges, positioning ANS as foundational infrastructure for a scalable and secure multi-agent ecosystem. 𝗛𝗲𝗿𝗲 𝗶𝘀 𝘁𝗵𝗲 𝗽𝗮𝗶𝗻 𝗔𝗡𝗦 𝘀𝗼𝗹𝘃𝗲𝘀:  Fragmented AI agents, ad-hoc naming, and zero verification. Shadow agents, spoofed endpoints, and long integration cycles 𝗛𝗼𝘄? Through a universal, PKI-backed directory where every agent presents a verifiable identity, advertises its capabilities, and can be resolved in milliseconds. This reduces integration risk and boosting time-to-value for autonomous workflows. 𝗧𝗵𝗲 𝘁𝗲𝗮𝗺 𝗺𝗮𝗻𝗮𝗴𝗲𝗱 𝘁𝗼:  • Formalize a DNS-style naming schema tied to semantic versioning  • Allow embedded X.509 certificate issuance & renewal directly into the registry lifecycle  • Add protocol adapters (A2A, MCP, ACP) so heterogeneous agents register and resolve the same way PKI trust chain + semantic names + adapter layer = a secure, interoperable agent ecosystem. Ken Huang, CISSP, Vineeth Sai Narajala, Idan Habler, PhD, Akram Sheriff Alejandro Saucedo, Apostol Vassilev, Chris Hughes, Hyrum Anderson, Steve Wilson, Scott Clinton, Vasilios Mavroudis, Josh C., Egor Pushkin John Sotiropoulos, Ron F. Del Rosario

🛒 The future of AI commerce depends on trust. If autonomous agents are going to shop, trade, pay invoices, or manage subscriptions on our behalf, they need clear guardrails that prove intent, respect limits, and coordinate with one another. The Agentic Payments MCP delivers exactly that. It creates a way for AI agents to authorize and process payments with the same safeguards we’d expect from a human approval chain. Picture a shopping assistant with a weekly grocery budget that can never overspend. Or a robo-advisor that executes trades only within pre-set risk boundaries. Or an enterprise swarm where finance, compliance, and audit agents must all agree before a high-value purchase goes through. These aren’t future dreams, they’re ready-to-use scenarios powered by mandates that spell out spending caps, time windows, and merchant rules. Each mandate can be instantly revoked, and every approval can be double-checked through multi-agent consensus to prevent fraud. At the core are three complementary protocols that make this work. MCP (Model Context Protocol) connects AI assistants like Claude, ChatGPT, and Cline directly to payment authorization through natural language. Google AP2 (Agent Payments Protocol) secures every mandate with Ed25519 cryptographic signatures. Openai/Stripe ACP (Agentic Commerce Protocol) ties into existing checkout systems with Stripe-compatible APIs, bridging AI-driven flows with the broader commerce ecosystem. The system is designed to be lightweight, easy to deploy, and flexible enough to fit into almost any workflow. You don’t need to know code to use it. AI assistants like Claude, ChatGPT, or Cline can handle mandates directly through natural language, letting you set budgets, approve carts, or verify consensus with a simple request. For teams that want more control, command-line tools and APIs are available, but they’re optional. The Agentic Payments MCP makes autonomous payments auditable, safe, and transparent. It turns intent into enforceable action, giving us a foundation for real trust in the agentic economy. Try it: # Run stdio transport (local - for Claude Desktop, Cline) npx -y agentic-payments mcp # Run HTTP transport (remote - for web integrations) npx -y agentic-payments mcp --transport http --port 3000 https://lnkd.in/gCfewX8e

Payments-Grade Agents This is the 5th post in a series on “payments-grade” agents. This post focuses on the trust framework that forms the basis for payments agents. What are trust framework pillars, and why are they important? --- Trust Is the Currency of Payments Agents In payments, trust is everything. Without it, adoption of agents will be slow, cautious, and fragmented. With it, agents can securely handle money, contracts, and compliance at scale. But trust doesn’t come from one feature. It comes from layers of capability, each reinforcing the other. Leave one layer out, and the system is compromised. Fortunately, we don’t need to reinvent the wheel. Decades of proven practices—identity management, security standards, certification programs—can be reused and applied directly to agents. Here are the six pillars of a Payments Agent Trust Framework: 1/ Agent Identity Every agent must have a verifiable identity, just like every employee in an organization. That identity is anchored in the organization’s book of record, serving as the foundation for authentication, authorization, and accountability. 2/ Authentication & Authorization Identity alone is insufficient. Once authenticated, agents must be governed by roles and permissions that define what they are allowed—and not allowed—to do. 3/ Basic Security Agents must come with enterprise-grade security built in, including mutual TLS (mTLS), OAuth2, and integration with existing identity systems. This ensures that communications are encrypted, identities are verified, and only trusted entities can exchange information. 4/ Transparent Purpose and Policies Agents cannot be black boxes. Each must declare its purpose, task fulfillment approach, and governing policies. Transparency builds confidence (and opacity erodes it). 5/ Zero-Trust Model Agents should begin with no access to data, systems, or tools. Nothing is assumed; everything must be granted explicitly by the agent’s owner. 6/ Federated Certification Trust also requires external validation, or “certification”. Just as physical products are certified for safety and compliance, agents should be certified to their purpose and policies. And we should learn and aopt approached used for decades by organizations like the Canadian Standards Association or Underwriters Lab (in US). cc: Paul Andrusyshyn, Maya Nahlé, M.Sc., Andrew Higgins, Abdulah El Tarazi, Reggie Kartha, Sridhar (Sri) Narayanan, Graham Steele, Alex Dunkerley, James Hutton, Joseph Kim, Catherine Martin #Payments #AutonomousAgents #AgenticAI #AgenticMesh #Age #ISO20022 #DigitalTransformation #Fintech #OperationalEfficiency #TrustFramework #FinancialServices #SWIFT #NACHA #PSD2 #EnterpriseAI #LLM

The news just dropped - and it was only a matter of time. After PayPal and Mastercard, Visa is also going big on agentic AI. It’s called Visa Intelligent Commerce (VIC). Here is my take. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗶𝘁? VIC is a trust layer that lets autonomous AI agents - travel bots, voice assistants, smart fridges - find, decide and pay for consumers. Visa converts an ordinary card into an AI-ready token that: • verifies the agent is authorised by the cardholder • enforces spend limits and rules • uses Visa’s real-time risk models to approve or block each transaction. Visa will extend the infrastructure, standards and capabilities present in physical and digital commerce today to AI commerce. Consumers will enable AI agents via AI platforms to use a Visa credential (4.8 billion today) at any accepting merchant location (150 million) for any payment use case. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝗸𝗲 𝘀𝗲𝗻𝘀𝗲? • AI is moving from chat to action. Autonomous agents are forecast to drive $1 trn in spend by 2030; the missing piece is a trusted “buy” button. • Friction kills sales. Up to 70 % of mobile carts are abandoned; an agent that checks out in milliseconds fixes that. • Visa leverages existing infrastructure built over decades (to combat fraud) and redeploys it for agent-driven commerce. 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝘁𝗼 𝘄𝗮𝘁𝗰𝗵 • Consumers: AI agents embedded in devices - from smartwatches to digital assistants - to shop on a consumer's behalf via programmable spending limits, merchant rules, and tokenised payments. • Merchants & platforms: higher conversion and truly personalised storefronts built for “segments of one” (treating each individual customer as a unique segment). • Banks & fintechs: new AI-ready cards with consent tools and dashboards, monetising agent insights. • Developers: rails-as-a-service; expect an explosion of agent-first apps across travel, retail and SMB back-office - no deep compliance or full-stack checkout flows needed. • Policy & privacy: tokenisation, spend limits, and audit trails offer a template regulators may adopt as autonomous commerce scales.    Visa isn’t trying to build the best AI - it’s ensuring any AI can pay safely. By opening its network as the last mile for autonomous agents, Visa positions itself as the invisible switchboard of the next commerce era. If AI becomes the new browser, Visa wants VIC to become its checkout button. Opinions: my own, Video source: Visa 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐞 𝐭𝐨 𝐦𝐲 𝐧𝐞𝐰𝐬𝐥𝐞𝐭𝐭𝐞𝐫: https://lnkd.in/dkqhnxdg

Reading the new Agentic AI Identity and Access Management report from the Cloud Security Alliance made me pause. It highlights something we often overlook. Thats the the fact that existing identity systems were never designed for autonomous agents. These agents do not just log in like humans or service accounts. They make decisions, interact across multiple systems, and act in ways that traditional IAM simply cannot handle. Key highlights from the report • Traditional protocols like OAuth, OIDC, and SAML fall short in multi-agent environments because they assume static identities and predictable workflows • AI agents require fine-grained, context-aware permissions that change in real time • Agent IDs based on Decentralized Identifiers and Verifiable Credentials allow provenance, accountability, and secure discovery • The proposed framework blends zero trust principles, decentralized identity, dynamic policy enforcement, authenticated delegation, and continuous monitoring • Concepts like ephemeral IDs, just-in-time credentials, and zero-knowledge proofs address the privacy and speed demands of autonomous systems Who should take note • Security leaders preparing for agent-driven enterprise systems • Engineers and architects designing secure frameworks for agent-to-agent communication • Product teams deploying agents into sensitive workflows • Governance leaders shaping accountability and compliance policies Why this matters Our identity models were built around human users and predictable software. Agentic AI changes that equation. Without new approaches, we risk security blind spots, accountability gaps, and over-privileged systems that cannot be traced or revoked in time. The path forward Enterprises need to start treating AI agents as first-class identities. That means verifiable credentials, continuous monitoring, and dynamic delegation as the baseline. This is not about adding more controls. It is about reshaping IAM so that trust, security, and accountability are preserved in the age of autonomous systems.

Google and 60+ partners (Mastercard, PayPal, Amex, Coinbase, Ant, etc.) launched AP2: an open standard for AI agents to make payments with verifiable consent, audit trails and multi-rail interoperability. If HTTP was the foundation of the web, AP2 may become the trust layer of agentic commerce. Why it matters • Frictionless CX: agents handle re-orders, subs, refunds invisibly. • Efficiency: digital mandates streamline disputes & reconciliation. • Scale: global payments revenue to reach $3.1T by 2028 (McKinsey). Early use cases 1. Subscriptions & automated re-orders. 2. Corporate travel & T&E with policy limits. 3. Autonomous replenishment in e-commerce. 4. Agent-to-Agent (A2A) payments across cards, real-time rails & stablecoins. Tech enablers • Verifiable mandates (VCs) for consent. • A2A + MCP for orchestration. • Multi-rail support: cards, RTP (PIX/UPI/FedNow), stablecoins. • Built-in KYC/AML, fraud, tokenization. Markets with strongest potential • Brazil (PIX): R$22.1T settled in 2024, >250M tx/day peak. • India (UPI): 20B+ tx/month in 2025. • US/EU: AP2 + RTP expansion + stablecoin clarity could unlock growth. Market backdrop • Global e-commerce to $6.4T in 2025. • Payments revenue to $3.1T by 2028. • Agents poised to become the “invisible end-user” of commerce. Takeaway AP2 could make agentic checkout auditable & scalable. Early adopters of mandates, audit trails, and limits will capture new revenue, margin and loyalty. Sources: Google Cloud, VentureBeat, Axios, PayPal Dev, Coinbase Dev, Fintech Magazine, McKinsey, NPCI, BCB. #Getnet #AgenticCommerce #AP2 #Payments #RTP #PIX #UPI #Stablecoins #AI

What if AI agents had a DNS? That’s the question this paper doesn’t just ask — it answers. 📘 Agent Name Service (ANS) is a visionary proposal for a global, secure discovery layer for AI agents — built to solve the biggest problem in agentic AI: trustworthy identification and interoperability at scale. And it does so with something rare: technical clarity backed by formal protocols and real threat modeling. 🔍 Key innovation: A “DNS for AI agents” ANS introduces a globally structured, human-readable naming system (ANSName), tied to verifiable cryptographic identity via PKI. Think: mcp://sentimentAnalyzer.textAnalysis.ExampleCorp.v1.0 — readable, resolvable, and secure . 💡 It’s protocol-agnostic and modular — supporting adapters for A2A (Google), MCP (Anthropic), and ACP (IBM) — allowing agents across ecosystems to discover, verify, and safely connect with each other . 🛡️ Key solutions proposed: -> PKI-backed identity & signed responses -> Structured naming and semantic capability filters -> Zero-Knowledge Proofs for capability attestation -> Challenge-response validation during agent interaction -> Privacy-preserving discovery via PIR & anonymized query relays -> Version negotiation & metadata governance for scalability This is more than just an architecture — it’s a template for a secure multi-agent ecosystem, grounded in security principles from DNS, PKI, and distributed systems. 🙌 Massive credit to the lead authors Ken Huang, CISSP, Idan Habler, PhD, Vineeth Sai Narajala, and Akram Sheriff, and to the OWASP GenAI Security Project, including expert reviewers from SAP, Kainos, National Institute of Standards and Technology (NIST), Oracle, Robust Intelligence (now part of Cisco), and The Alan Turing Institute . 💡 Why it matters? Because the future of agentic AI depends on shared foundations. This is one of the first that feels ready to build on. #AIGovernance #AISecurity #AgenticAI #MultiAgentSystems #OWASP === Did you like this post? Connect or Follow 🎯 Jakub Szarmach Want to see all my posts? Ring that 🔔.

𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹𝘀 𝗮𝗻𝗱 𝗪𝗵𝘆 𝗧𝗵𝗲𝘆'𝗿𝗲 𝗜𝗺𝗽𝗼𝗿𝘁𝗮𝗻𝘁 We’re entering a new era of digital commerce. AI agents are moving from tools to decision-makers. Shopping, comparing, and buying on behalf of you and me But with innovation come challenges: today’s payment systems were built assuming a human is always checking out, and that assumption no longer holds This is where agentic payment protocols come in 𝗪𝗵𝗮𝘁 𝗔𝗿𝗲 𝗔𝗴𝗲𝗻𝘁𝗶𝗰 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹𝘀? Agentic payments enable AI agents to complete transactions without requiring the consumer to authorize every step To work at scale, these protocols must address: ▪️Authorization → Did the consumer grant this agent permission? ▪️Authenticity → Does the transaction align with the consumer’s rules? ▪️Accountability → Who is liable if something goes wrong? That’s why new open standards like Google’s Agent Payments Protocol (AP2) are emerging AP2 uses cryptographically signed Mandates that give agents structured, verifiable authority to transact AP2 already has support from over 60 partners including Mastercard, Amex, PayPal, Coinbase, Shopify, and Etsy 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗠𝗲𝗿𝗰𝗵𝗮𝗻𝘁𝘀 & 𝗙𝗶𝗻𝘁𝗲𝗰𝗵𝘀 ▪️New integration demands → Merchants will need to adapt to protocols like AP2 to support these shifts ▪️Shift in interface control → Agents could sit between the customer and your checkout, changing how merchants think about UX ▪️Volume optimization → AI agents may route purchases to merchants based on cost, availability, or convenience ▪️Fraud & compliance → Distinguishing legitimate agents from bad actors will become critical ▪️Early adopter advantage → Merchants and fintechs that integrate early could gain a first-mover edge in agentic commerce 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗖𝗼𝗻𝘀𝘂𝗺𝗲𝗿𝘀 ▪️Hands-free commerce → From “order my groceries every Friday” to “buy a coffee when I land in Tokyo,” agents can automate everyday purchases ▪️Reduced friction → No repeated checkouts or credential entry ▪️Control & visibility concerns → Users will need tools to manage agent permissions, set limits, and monitor activity ▪️Trust & ethics → Who’s responsible when an agent buys the wrong thing? Protocols are designed to clarify liability, but regulation will need to catch up 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗔𝗵𝗲𝗮𝗱 ▪️Adoption lag → Merchants, banks, and gateways must update infrastructure ▪️Regulatory clarity → Liability, data rights, and consumer protections remain open questions. ▪️Security → Preventing mandate hijacking or malicious agent impersonation will be key 𝗙𝗶𝗻𝗮𝗹 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 Agent-driven payments aren’t science fiction—they’re being built now. The shift will change how consumers shop and how merchants get paid. Source: Google, Fintech Magazine 🔔 Follow Jason Heister for daily #Fintech and #Payments guides, technical breakdowns, and industry insights

Multi-Agent AI: The Architecture Behind Trustworthy LLMs LLMs wow in demos—but reliable AI needs architecture. Multi-agent design breaks work into verifiable steps, routes tasks to the right specialists, and adds checks. Below are the core patterns every builder should know—and when to use them—with real product use cases. Single vs Multi-Agent design=> ➢ Single Agent (LLM + tools + memory) One LLM (with tools and memory) handles the task end-to-end by itself . ➢ Multi-Agent System (supervisor + specialists) Multiple specialized agents coordinate via an orchestrator/supervisor (often with shared memory and tools) to complete the task. The core patterns => 🔹Sequential Pipeline (step → step → step) A fixed pipeline where each step’s output becomes the next step’s input. Use when: processes are predictable: intake → retrieve → summarize → approve (claims/KYC/onboarding). 🔹Router (intent → best tool/model/agent) An intent classifier sends each request to the best agent/tool/model based on skills, cost, or latency. Use when: triage matters—support (billing vs tech), route to web vs DB vs vector store, or pick fast vs accurate model. 🔹Generator / Planner + Specialists A planner decomposes the goal and specialist agents produce, verify, and compose the final result. Use when: you must divide & conquer—planner breaks work; coder, debugger, and writer agents deliver; validator checks tests/citations. 🔹Network / Supervisor Review A meta-agent assigns subtasks to specialists, reviews their work, and reconciles conflicts. Use when: you need oversight—meta-agent assigns tasks and reconciles conflicts for policy/legal/compliance or code review. 🔹Parallel Fan-out Fan-out the task to multiple agents/tools simultaneously and merge, rank, or cross-check the results. Use when: time is tight—run web, DB, and vector search at once or ensemble models; then merge and de-dup. 🔹Autonomous Agent (plan→act→observe→learn) A goal-seeking loop that plans → acts → observes → updates memory until success or a stop condition. Use when: long-running goals—data-pipeline watchdogs, procurement follow-ups, CRM enrichment/outreach. Why this matters (now)=> 🔹Reliability: smaller steps + cross-checks = fewer hallucinations. 🔹Speed & cost: smart routing and parallelism reduce tokens and latency. 🔹Governance & safety: separation of duties, policy gates, auditable traces. 🔹Maintainability: swap tools/models (search, vector DB, MCP) without rewiring. 🔹Observability: pattern-level KPIs (route accuracy, loop depth, win rate) guide iteration. Who should care=> 🔹CTOs / Heads of AI shaping roadmaps & budgets 🔹Product & Eng leaders taking prototypes to production 🔹Data/ML engineers building RAG, tools, orchestration 🔹Ops/Compliance leaders automating high-volume or regulated workflows Follow Rajeshwar D. to get more insights on AI/ML. #AgenticAI #MultiAgent #LLM #RAG #MLOps #Automation #ProductManagement #GenAI

It's possible that yesterday Google solved one of the biggest pain points for commerce in agentic AI: trustworthy payments. In case you missed it, yesterday Google announced the Agent Payments Protocol (AP2): https://lnkd.in/gpk7x8em It's an open protocol that will dictate how AI agents handle payments on our behalf and could very likely pave the way for autonomous payments that are *trustworthy.* This hasn't worked before because current payment systems assume a human is clicking "buy." But all this promise of auto-booking for travel, ecommerce, groceries, etc. requires AI agents to make purchases on our behalf. The problem is: how do we ensure security, authenticity, and accountability in that world? Google's solution is AP2 which creates cryptographically-signed "mandates." WTF is a mandate? It's a tamper-proof digital contracts that serve as verifiable proof of user intent. Think of it as giving your AI agent a secure, auditable permission slip for every transaction. Now you can: -> Tell your agent to buy concert tickets the moment they go on sale -> Monitor prices for that jacket you want and auto-purchase when it hits your target price → Coordinate complex bookings (flights + hotels) within your budget parameters 60+ industry leaders are already on board including Mastercard, PayPal, Coinbase and Salesforce. The industry adoption is so widespread this could quickly tip over into the industry standard (just like MCP has done with Claude) and the protocol supports everything from traditional cards to stablecoins and crypto, making it truly payment-agnostic. Forget about AGI; I like this better. Curious to hear from folks as they start to play around with this!