DEV Community: Tom Wang

AI Agents Expose Crypto Wallet Security Gap

Tom Wang — Fri, 17 Apr 2026 15:22:28 +0000

The rise of AI agents in crypto payments has unlocked powerful automation — but it has also exposed a dangerous security gap. In 2026 alone, protocol-level weaknesses in AI agent infrastructure have triggered over $45 million in losses, forcing the industry to rethink how autonomous systems interact with wallets, oracles, and trading endpoints. For fintech developers and crypto developers in the UK and beyond, understanding these vulnerabilities is no longer optional — it is essential.

What Went Wrong: The $45M Wake-Up Call

The headline incident came from Step Finance, a Solana-based DeFi portfolio manager, where attackers compromised executive devices and exploited overly permissive AI agent protocols. The agents, designed to automate treasury operations, executed transfers of over 261,000 SOL tokens — approximately $40 million — because they lacked proper isolation and permission boundaries.

A separate wave of social engineering attacks, including AI-generated impersonations targeting Coinbase users, added another $5 million in losses. In both cases, the root cause was the same: AI agents were granted broad access to critical infrastructure with insufficient safeguards.

The Core Vulnerabilities Payment Developers Must Know

Research published in April 2026 identified several attack vectors that are particularly relevant to payment infrastructure:

Memory Poisoning

Attackers inject malicious instructions into an agent's long-term storage — typically vector databases used for context retrieval. These "sleeper" payloads remain dormant until triggered by specific market conditions, at which point they can corrupt up to 87% of an agent's decision-making within hours. For payment developers building AI-powered transaction systems, this means every data source feeding your agent's context window is a potential attack surface.

Indirect Prompt Injection

Hidden commands embedded in third-party data sources — market feeds, web pages, even email content — can rewrite transaction parameters mid-execution. This is especially dangerous for cross-border payment systems that aggregate data from multiple external APIs.

The Confused Deputy Problem

Agents with legitimate credentials get tricked into approving fraudulent actions. A striking 45.6% of teams surveyed relied on shared API keys for their agents, making it nearly impossible to trace or halt rogue actions once a compromise occurs.

LLM Router Exploits

Security researchers documented 26 LLM routers — services that sit between users and AI models — secretly injecting malicious tool calls. One incident drained $500,000 from a client's crypto wallet through compromised routing infrastructure.

Building Secure AI Agent Infrastructure

As a fintech developer building payment infrastructure at Radom and working extensively with Rust, Go, and Kubernetes, I see these vulnerabilities as fundamentally architectural problems. The solutions require the same rigour we apply to any production payment system:

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Oracle Launches AI Agents for Corporate Banking

Tom Wang — Wed, 15 Apr 2026 12:51:50 +0000

Oracle just dropped embedded AI agents directly into its corporate banking platform — purpose-built for treasury, trade finance, credit, and lending. This is not another chatbot bolted onto a dashboard. These are autonomous agents that process loan contracts, cross-reference financial data, and flag anomalies for human review.

For fintech developers and payment developers building enterprise-grade systems, this marks a turning point. The AI agent is no longer a consumer-facing novelty. It is becoming core infrastructure in institutional finance.

What Oracle Actually Shipped

On 14 April 2026, Oracle Financial Services announced two production-ready agents as part of its Fusion Agentic Applications suite:

Loan Data Extraction Agent — Parses complex, customised corporate loan contracts to extract structured data from unstructured documents. Think multi-tranche syndicated facilities with bespoke covenants, not simple personal loans.
Loan Data Validation Agent — Cross-references extracted loan data against source documents, performs integrity checks, and surfaces anomalies for banker review. This replaces hours of manual reconciliation.

Both agents are designed with human-in-the-loop governance. Finance leaders retain checkpoints for material decisions — accounting entries, capital allocation, regulatory submissions. The agents handle the grunt work; humans handle the judgement calls.

Why This Matters for Payment Infrastructure

Corporate banking has been one of the last holdouts against automation. Consumer payments went digital years ago. Retail banking has chatbots and automated fraud detection. But corporate treasury and trade finance still run on spreadsheets, email chains, and manual document reviews.

The technical challenge is real. Corporate lending involves documents that vary wildly between institutions — bespoke legal language, jurisdiction-specific clauses, nested conditions. Traditional rules-based extraction fails because there are no standard templates.

AI agents change this equation. Large language models can parse unstructured legal text. Validation agents can cross-reference extracted fields against multiple source systems in real-time. The key insight is that these agents are not replacing bankers — they are eliminating the data entry and reconciliation work that consumes 60-70% of a corporate banker's time.

The Infrastructure Gap Fintech Developers Must Close

Oracle building these agents is significant, but it exposes a broader infrastructure problem. Current payment systems were not designed for autonomous software actors.

Consider the authentication challenge alone. When an AI agent initiates a transaction or modifies a loan record, the system needs to verify:

Agent identity — Is this a legitimate agent, not a malicious bot?
Delegated authority — Who authorised this agent, and what are its permission boundaries?
Action scope — Does this specific action fall within the agent's approved parameters?
Audit trail — Can every machine-initiated action be traced back to its authorising principal?

Read the full article on tomcn.uk →

I am Tom Wang, founder of Applr.ai. Based in London, UK.

Portfolio | LinkedIn | GitHub | Email

Stablecoins Hit 40M Retail Terminals

Tom Wang — Sat, 11 Apr 2026 03:36:59 +0000

Stablecoins are no longer confined to DeFi dashboards and crypto-native apps. In the span of a single quarter, two major partnerships have brought stablecoin payments to physical retail at global scale — and the infrastructure behind them is something every fintech developer and crypto developer in the UK should understand. Ingenico has launched native stablecoin checkout across its 40 million Android POS terminals via WalletConnect Pay, whilst Paysafe has integrated MoonPay's stablecoin rails into its $167 billion-a-year payment platform. For payment developers, the message is clear: stablecoin acceptance at the point of sale is now production infrastructure, not a pilot programme.

How Stablecoin Checkout Works at Physical POS

The Ingenico-WalletConnect integration is the first to bring native stablecoin payments to physical retail terminals without requiring new hardware. Here is how the flow works from a payment developer's perspective:

Customer initiates payment. At checkout, the customer selects stablecoin as their payment method. The Ingenico Android terminal displays a QR code or initiates a WalletConnect session.
Wallet connection. The customer scans the QR code with any of 700+ compatible wallets connected through the WalletConnect protocol — serving over half a billion crypto users globally.
Stablecoin transfer. The customer authorises the payment in their wallet. Supported stablecoins include USDC, EURC, and USDT across multiple blockchains.
Fiat conversion and settlement. WalletConnect Pay handles the conversion from stablecoin to fiat currency. The merchant receives settlement in their local currency through their existing acquirer — no crypto touches the merchant's balance sheet.

The critical architectural insight is that WalletConnect Pay operates as a "messaging layer that sits alongside settlement." It abstracts blockchain complexity entirely from the merchant. As WalletConnect Pay CEO Jess Houlgrave put it: "The payments company and the merchant shouldn't even need to know about any of this stuff. They should just be able to serve this as an offering."

For Ingenico, this means the Digital Currency Application runs on existing Android terminals — no hardware swap, no new integration for acquirers beyond enabling the app. The potential reach is staggering: 40 million POS units across 120 countries.

Paysafe and MoonPay: Stablecoin Rails Inside a $167B Platform

The second major development is Paysafe's integration of MoonPay's crypto payment infrastructure, announced on 8 April 2026. Paysafe processed $167 billion in transactions in 2025 — this is not a niche crypto processor, but a mainstream payment platform serving e-commerce, financial services, retail, and iGaming.

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

AI Agents Now Have Credit Cards

Tom Wang — Thu, 09 Apr 2026 02:44:55 +0000

Today Nevermined announced the integration that many fintech developers and crypto developers have been waiting for: a unified commerce layer that gives AI agents both delegated Visa credit cards and stablecoin wallets through a single platform. By combining Visa Intelligent Commerce with Coinbase's x402 protocol, Nevermined has created the first production infrastructure where autonomous software can pay for goods and services — using either traditional card rails or crypto — without human intervention per transaction. For any payment developer or AI agent developer in the UK, this is the clearest signal yet that agentic commerce infrastructure is ready to build on.

How AI Agents Get Their Own Credit Cards

The core innovation is what Visa calls "agentic tokens" — a fourth token type purpose-built for AI agents, sitting alongside the familiar card-present, card-not-present, and device token categories.

Here is how the delegation flow works:

User enrolment: A cardholder registers their Visa card with Visa Intelligent Commerce and authorises a specific AI agent to spend on their behalf.
Token binding: Visa issues a cryptographically bound agentic token that ties to that specific agent. Unlike virtual cards, the token never exposes the card PAN to the agent runtime.
Guardrails: The user sets granular controls — per-transaction limits, daily/monthly budgets, merchant category restrictions, time-based validity windows, and pre-approved vendor lists.
Three-point validation: Every transaction is verified against three criteria: the credential request matches the user's instructions, the merchant authorisation aligns with the request, and the transaction data matches the original consumer intent.

The critical difference from virtual cards is visibility. Agentic tokens identify the agent to banks, merchants, and payment networks, creating a new "human-not-present" transaction category. This replaces the awkward workaround of disguising agent transactions as card-not-present human purchases — a practice that was already causing fraud detection headaches across the industry.

The x402 Protocol: Machine-Native Payments Over HTTP

On the crypto side, Nevermined integrates Coinbase's x402 protocol — the HTTP-native payment standard that revives the long-dormant HTTP 402 "Payment Required" status code.

The flow is elegantly simple for any payment developer who has worked with REST APIs:

An AI agent sends a standard HTTP request to a merchant's API endpoint.
The server responds with 402 Payment Required and a payment instruction in the response header — specifying the price, accepted currencies (USDC, RLUSD, etc.), and a wallet address.
The agent autonomously executes payment via its agentic wallet — holding stablecoins and making payments without direct human handling of private keys.
The merchant verifies payment and serves the requested resource.

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Ant Group Launches Anvita for AI Agent Crypto

Tom Wang — Mon, 06 Apr 2026 16:25:57 +0000

Ant Digital Technologies, the blockchain arm of Alipay's parent company, has unveiled Anvita — a two-part platform that lets AI agents autonomously hold crypto assets, execute trades, and settle payments in real time using stablecoins. For any fintech developer or crypto developer building payment infrastructure in the UK, this marks the moment a major Asian fintech giant went all in on the agent-to-agent economy running on crypto rails.

Announced at the Real Up summit in Cannes on 5 April, Anvita sits at the exact intersection of agentic AI and crypto payment infrastructure — two domains converging faster than most payment developers anticipated.

What Anvita Means for Payment Developers

Anvita ships in two distinct modules, each targeting a different layer of the fintech stack:

Anvita TaaS (Tokenisation-as-a-Service)

This is an institutional-grade layer for real-world asset (RWA) tokenisation. It handles custody, treasury management, and the on-chain representation of traditional financial instruments. For payment developers working on cross-border settlement or asset-backed payment flows, TaaS provides the tokenisation primitives that sit beneath the agent layer.

Anvita Flow

Flow is the coordination layer where things get interesting for AI agent developers. It provides:

Agent registration and discovery — autonomous agents can find and negotiate with each other
Real-time settlement — agents settle payments in USDC without human approval
An Agent Store — pre-built modules for data collection, financial analysis, and gaming, plus developer-published custom agents
Framework compatibility — works with Claude Code, OpenClaw, and other agentic AI frameworks

The critical detail: Anvita Flow integrates the x402 protocol — the HTTP-native stablecoin micropayment standard developed by Coinbase and Cloudflare that recently joined the Linux Foundation. This means agents can complete sub-cent transactions instantly using USDC, embedded directly in HTTP request headers. No billing systems, no subscriptions, no human in the loop.

Why This Matters: The Agentic Payment Stack Is Filling In

Over the past week, we have tracked an extraordinary acceleration in the agentic payment space:

Stripe Tempo launched AI agent payment rails with card-based checkout
Visa released an AI Agent Developer SDK for trusted agent commerce
Google introduced AP2, an open protocol for agent-to-merchant negotiation
x402 moved to the Linux Foundation for vendor-neutral HTTP-native payments
Convera and Ripple partnered on stablecoin sandwich settlement for cross-border flows

Anvita is the first platform from a major Asian fintech to enter this space — and it chose crypto rails over card rails. That architectural decision is significant. While Visa and Stripe anchor their agent payment flows to existing card networks, Ant Group is betting that autonomous agents need native digital asset settlement. The reasoning is sound: agents operating at machine speed across borders cannot wait for T+1 card settlement or navigate the correspondent banking maze.

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Convera and Ripple Launch Stablecoin Rails

Tom Wang — Sun, 05 Apr 2026 15:02:10 +0000

The cross-border payments industry just took a decisive step towards stablecoin-native infrastructure. On 31 March, Convera — the $190 billion-a-year payments giant spun out of Western Union Business Solutions — announced a strategic partnership with Ripple to deliver stablecoin-enabled settlement across 200 countries and 140 currencies. For any fintech developer or crypto developer working on payment infrastructure in the UK and beyond, this is a signal that traditional rails and blockchain settlement are converging faster than most predicted.

How the Stablecoin Sandwich Works for Payment Developers

The architecture behind this partnership follows what the industry calls the "stablecoin sandwich" model — a pattern every payment developer should understand.

The flow is straightforward:

On-ramp (fiat in): A business initiates a cross-border payment in their local currency — GBP, EUR, USD — through Convera's existing platform.
Settlement layer (stablecoin middle): Instead of routing through correspondent banks, the payment is converted into a regulated stablecoin — in this case, Ripple's RLUSD, a USD-backed token issued on the XRP Ledger and Ethereum. Settlement completes in seconds rather than days.
Off-ramp (fiat out): At the destination, the stablecoin is converted back to the recipient's local currency and deposited into their account. The recipient may never know stablecoins were involved.

The beauty of this model is that it collapses the traditional multi-hop correspondent banking chain into a single digital settlement layer. No nostro/vostro accounts draining liquidity. No weekend blackouts. No value drift during transit.

From an engineering perspective, this is essentially an abstraction layer — fiat interfaces on both ends, with deterministic blockchain settlement in the middle. If you have built payment orchestration systems, you will recognise the pattern: swap the unreliable middle for something faster and more predictable.

Why This Partnership Matters at Scale

Convera is not a startup experimenting with crypto. The company processes roughly $190 billion in annual transaction volume, serves 30,000+ customers across 200 countries, and employs over 2,100 people. When a company of this scale integrates stablecoin settlement, it validates the technology for the entire B2B payments sector.

The numbers backing this shift are compelling:

$34 trillion in global stablecoin transaction volume in 2025 — surpassing Visa and Mastercard combined
3% of all US dollar payments expected to flow through stablecoins in 2026, rising to 10% by 2031
88% of firms receiving stablecoins immediately convert them back to fiat — confirming that stablecoins are being used as rails, not as assets to hold
RLUSD has surpassed $1 billion in circulation within its first year, with HSBC now testing cross-border settlement workflows

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

x402 Joins the Linux Foundation: HTTP-Native Payments Go Mainstream

Tom Wang — Sat, 04 Apr 2026 12:09:23 +0000

The HTTP 402 Status Code Finally Has a Protocol

For over thirty years, HTTP 402 "Payment Required" sat unused in the specification — a placeholder waiting for the internet to figure out native payments. On 2 April 2026, that wait ended. Coinbase formally transferred the x402 protocol to the Linux Foundation, establishing an open, vendor-neutral standard for embedding payments directly into HTTP requests. For fintech developers and crypto payment engineers, this is the most consequential infrastructure shift since PSD2 opened bank APIs across Europe.

The founding coalition reads like a who's who of internet infrastructure: Stripe, Cloudflare, AWS, Google, Microsoft, Visa, and Mastercard all sit on the x402 Foundation board. When traditional payment networks and cloud hyperscalers align behind an open-source crypto payment standard, the signal is unmistakable — stablecoin settlement is moving from experiment to expectation.

How x402 Works Under the Hood

The elegance of x402 lies in its simplicity. The protocol piggybacks on standard HTTP, requiring no sidechannels, no OAuth dance, and no API keys. The flow works in four steps:

Client requests a resource. A standard HTTP GET or POST to any x402-enabled endpoint.
Server responds with 402. The response includes a PAYMENT-REQUIRED header containing a base64-encoded payment instruction: amount, recipient address, accepted chains, and token type (typically USDC).
Client signs and pays. The client constructs a PaymentPayload, signs the transaction with its wallet, and resends the request with a PAYMENT-SIGNATURE header.
Facilitator verifies, server delivers. A facilitator node verifies the payment on-chain (or locally), and the server returns the requested resource along with a settlement receipt.

No accounts. No subscriptions. No merchant onboarding. A Rust service, a Go microservice, or an AI agent can pay for an API call the same way a browser requests a webpage — with a single HTTP round-trip.

Middleware Integration in Practice

For payment developers working with Node.js or Next.js, x402 integration is strikingly minimal. Coinbase's SDK provides Express middleware that wraps existing route handlers:

import { paymentMiddleware } from '@coinbase/x402';

app.use('/api/premium-data', paymentMiddleware({
  amount: '0.001',
  token: 'USDC',
  network: 'base',
  recipient: '0x...'
}));

That is the entire server-side implementation. The middleware intercepts requests without the payment header, responds with 402 and payment instructions, then verifies and settles when the client retries with a signed payload. Equivalent libraries exist for Go, Python, and Rust — the protocol is language-agnostic by design.

Why Stablecoin Settlement Changes the Cost Equation

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Google AP2 Completes the Agentic Payment Stack

Tom Wang — Fri, 03 Apr 2026 21:10:46 +0000

Three Protocols, One Stack: The Agentic Payment Layer Is Taking Shape

Six months ago, the idea of an AI agent autonomously completing a purchase felt like a demo-stage curiosity. Today, three production-grade protocols — OpenAI and Stripe's Agentic Commerce Protocol (ACP), Google's freshly launched Agent Payments Protocol (AP2), and Coinbase's x402 — form what increasingly looks like a layered agentic commerce stack. For fintech developers and payment engineers building the next generation of checkout infrastructure, understanding how these pieces fit together is no longer optional.

Google's AP2 announcement, published on 3 April 2026, brings over sixty launch partners including Mastercard, Adyen, PayPal, Coinbase, American Express, Revolut, and UnionPay International. The protocol is open-source under Apache 2.0 and already has a public GitHub repository. This is not a whitepaper — it is a specification with working implementations.

How AP2's Mandate System Works

The centrepiece of AP2 is its mandate architecture, built on Verifiable Credentials (VCs) — cryptographically signed digital contracts that define exactly what an AI agent is permitted to do.

AP2 defines three mandate types:

Cart Mandate: Created when a user approves a final purchase. It produces a cryptographically signed, immutable record of the exact items, price, and shipping details. The merchant signs first, guaranteeing fulfilment at the specified price.
Intent Mandate: Pre-authorised instructions for delegated tasks where no human is present at checkout. These specify price limits, timing constraints, and other conditions — essentially a spending policy for autonomous agents.
Payment Mandate: Signals to payment networks that the transaction was AI-initiated, enabling downstream risk scoring and fraud detection models to treat agent transactions differently from human ones.

This dual-signature structure — merchant commits to terms, then the user (or their agent) countersigns — creates a non-repudiable cryptographic audit trail. Every transaction links agent, user, merchant, and payment network with clear evidence for dispute resolution.

For payment developers who have worked with tokenisation flows or 3D Secure challenge protocols, the mental model is familiar: AP2 adds an authorisation layer, but instead of authenticating a cardholder, it authenticates an agent's mandate to act.

Where AP2 Fits in the Agentic Commerce Stack

The three major protocols are not competitors — they operate at different layers:

ACP (Agentic Commerce Protocol) handles the merchant integration layer. Developed by OpenAI and Stripe, it is already production-live inside ChatGPT's Instant Checkout. ACP lets agents share credentials and initiate checkouts without exposing raw payment data. The merchant remains the merchant of record, and transactions flow through existing payment providers like Stripe. Think of ACP as the what — what the agent wants to buy, from whom, and through which checkout flow.

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Visa Launches AI Agent Developer SDK for Payments

Tom Wang — Thu, 02 Apr 2026 00:01:00 +0000

Visa Opens the Door for AI Agent Payment Developers

Visa has officially launched its Intelligent Commerce (VIC) developer toolkit and the Digital Commerce Authentication Program (VDCAP) this month, giving payment developers and fintech engineers the infrastructure they need to build secure, autonomous AI agent transactions on the world's largest card network.

This is not a whitepaper or a pilot announcement. Over 30 partners are actively building in the VIC sandbox, more than 20 agent platforms are integrating directly, and hundreds of secure agent-initiated transactions have already been completed. For AI agent developers and payment engineers in the UK and globally, Visa's move signals that agentic commerce has crossed from experimentation into production infrastructure.

What Is Visa Intelligent Commerce?

Visa Intelligent Commerce is a suite of APIs, SDKs, and protocols that equip AI agents with trusted payment rails. The system combines four core capabilities:

Tokenisation — agents receive context-specific payment credentials scoped to the customer's intent, not raw card numbers
Authentication — Visa's Trusted Agent Protocol verifies agent identity and authorisation before any transaction
Spending controls — merchants and consumers can set limits on what an agent can purchase, from which sellers, and up to what amount
Privacy-aware personalisation — agents can access purchase preferences without exposing sensitive cardholder data

The architecture is designed so that AI agents can browse, buy, and manage orders on a consumer's behalf — securely, at scale, and within the compliance framework that card networks already enforce.

VDCAP: Authentication That Pays for Itself

The Digital Commerce Authentication Program launches in the US and Canada this month with a straightforward incentive: merchants who provide enriched data elements — Device ID, IP address, email, and billing address — qualify for a 0.05% fee reduction on transactions. Combine that with Network Tokens and the reduction rises to 0.10%.

For payment developers building checkout flows, this is a direct signal: better data quality equals lower interchange costs. The programme encourages the kind of structured, machine-readable transaction data that AI agents naturally produce — making agentic commerce not just technically feasible but economically advantageous.

Why This Matters for Backend Engineers

If you are building payment infrastructure with Rust, Go, or TypeScript, VDCAP means your transaction payloads need to be richer. The authentication data elements Visa now incentivises are:

Device fingerprint — hash of the agent's runtime environment
IP geolocation — where the request originates
Verified email — tied to the consumer's Visa credential
Billing address match — AVS data included in the authorisation

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Stripe Tempo Goes Live: AI Agent Payment Rails

Tom Wang — Wed, 01 Apr 2026 01:12:47 +0000

Stripe Just Launched Its Own Blockchain — And It Changes Everything for Payment Developers

On 18 March 2026, Stripe-backed Tempo went live on mainnet, bringing a payments-optimised blockchain into production alongside a new open standard: the Machine Payments Protocol (MPP). For fintech developers and crypto payment engineers, this is a watershed moment. The company that processes over $1 trillion in annual payment volume is now building its own settlement layer — purpose-built for stablecoins and AI agent transactions.

And Stripe is not alone. Circle launched USDC Nanopayments on testnet the same month, enabling gas-free micro-transfers down to $0.000001. The race to become the default payment rail for autonomous AI agents is officially underway.

What Is Tempo and Why Does It Matter?

Tempo is a payments-focused blockchain co-developed by Stripe and Paradigm. Unlike general-purpose chains optimised for DeFi or NFTs, Tempo is engineered specifically for high-throughput stablecoin settlement. The numbers speak for themselves:

100,000 transactions per second — orders of magnitude beyond Ethereum's base layer
Sub-second finality — critical for real-time payment confirmation
Native stablecoin support — built from the ground up for dollar-pegged assets

The design partners read like a who's who of global finance and technology: Visa, Mastercard, Deutsche Bank, Standard Chartered, Revolut, Nubank, Shopify, OpenAI, Anthropic, Ramp, and DoorDash. When both card networks and AI labs are building on the same infrastructure, the signal is clear — this is where payment settlement is heading.

The Machine Payments Protocol: OAuth for Money

The real innovation is not the blockchain itself but what runs on top of it. MPP introduces a concept called "sessions" — essentially OAuth for money. Here is how it works:

An AI agent authenticates and sets a spending cap
The agent streams micropayments continuously as it consumes services (data, compute, API calls)
Payments settle in stablecoins without human approval at each step
Service providers receive real-time confirmation of payment

This is fundamentally different from traditional payment flows. There is no checkout page, no card authorisation, no 3D Secure challenge. The agent pays as it goes, much like how a developer's API calls are metered and billed — except settlement happens in real time on-chain.

Visa contributed to the MPP specification, developing standards for letting agents pay with traditional credit or debit cards alongside stablecoin rails. This hybrid approach — crypto-native settlement with card network fallback — is precisely the kind of infrastructure that payment developers need to understand.

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

Mastercard's $1.8B BVNK Deal Reshapes Payment Infrastructure

Tom Wang — Mon, 30 Mar 2026 23:56:40 +0000

Mastercard's agreement to acquire BVNK for up to $1.8 billion marks the largest stablecoin infrastructure deal in history — and a turning point for every fintech developer and payment developer working on cross-border systems. The London-founded startup, processing $30 billion in annualised stablecoin volume across 130+ countries, will plug directly into Mastercard's global network spanning 200+ countries and 150 currencies. For crypto developers and payment engineers in the UK, this is the clearest signal yet that stablecoin rails are becoming core financial infrastructure.

Why This Deal Matters for Payment Developers

The acquisition isn't about Mastercard buying a crypto company. It's about owning the orchestration layer between on-chain settlement and traditional card networks. BVNK's modular API suite — covering send, receive, store, convert, spend, and earn functions — gives Mastercard a full-stack stablecoin infrastructure that can sit alongside its existing fiat rails.

As Raj Dhamodharan, Mastercard's EVP of Blockchain and Digital Assets, put it: "Mastercard has been in the translation business for half a century." The company sees stablecoin orchestration as the next translation problem to solve.

For payment developers building at companies like Radom and similar fintech startups, this creates an entirely new API surface area. Engineers will increasingly need to build hybrid payment flows where a single transaction touches both blockchain rails and traditional card networks — a pattern that demands deep understanding of both systems.

The Technical Architecture Behind BVNK

BVNK operates two deployment models that illustrate the spectrum of stablecoin infrastructure design:

Layer1 (Self-Managed): An enterprise-grade self-custody platform where businesses run their own stablecoin stack with direct wallet and key management. Built to transform "complex, backend-heavy stablecoin plumbing into modular, scalable tools," according to CTO Donald Jackson.

Managed Service: BVNK handles infrastructure, custody, and compliance on behalf of clients — licensing and regulatory requirements included.

The platform connects to both blockchain networks and traditional payment rails including SWIFT, ACH, Fedwire, SEPA, CHAPS, and Faster Payments. It supports real-time FX conversion, stablecoin-to-stablecoin swaps, and smart routing for liquidity management across chains.

This dual-model architecture is particularly relevant for Rust developers and Go developers building high-throughput payment systems. The settlement finality mismatch alone — near-instant blockchain confirmation versus 1–5 day correspondent banking settlement — requires sophisticated state management, reconciliation engines, and event-driven architectures that languages like Rust and Go handle exceptionally well.

Bridging On-Chain and Off-Chain: The Engineering Challenges

The technical challenges of connecting stablecoin infrastructure to traditional payment networks are substantial, and they're exactly the problems that fintech developers in the UK will be solving over the next several years:

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email

AI Agents Are Now Making Real Payments — What Developers Need to Build

Tom Wang — Mon, 30 Mar 2026 12:09:02 +0000

The First AI Agent Payment in Europe Just Happened

On 2 March 2026, Banco Santander and Mastercard completed Europe's first live end-to-end payment executed entirely by an AI agent. Not a demo. Not a sandbox. A real transaction, processed through Santander's regulated payment infrastructure, with real money moving between real accounts.

For fintech developers and AI agent engineers building payment systems, this milestone changes the conversation. Agentic commerce — where AI agents autonomously initiate, authorise, and complete payments on behalf of users — has moved from concept to production reality.

And the scale is staggering: AI agents already influenced $262 billion in holiday sales in 2025. Visa predicts millions of consumers will use AI agents to complete purchases by the 2026 holiday season. Both Mastercard and Visa have live agentic payment pilots running across Europe, Latin America, and Asia Pacific.

How Mastercard Agent Pay Works

The technical architecture behind agentic payments is what makes this interesting for payment developers. Mastercard's Agent Pay, launched in April 2025, provides the infrastructure for AI agents to transact on payment networks. Here's the flow:

1. Agent Registration and Authentication

Before an AI agent can make a payment, it must be registered and authenticated on the Mastercard network. This is analogous to merchant onboarding — the agent gets a verified identity, a set of permitted operations, and transaction limits defined by the cardholder.

2. Consumer Consent and Limits

The cardholder sets predefined limits: maximum transaction amount, permitted merchant categories, spending caps per day or month. The agent can only operate within these boundaries. Think of it as a programmable spending policy — the kind of system that payment developers and crypto developers building smart contract wallets have been designing for years.

3. Transaction Execution

The AI agent — in Santander's case, built with Microsoft Azure OpenAI Service and Copilot Studio, orchestrated by PayOS — identifies a purchase need, selects the merchant, and initiates payment through Mastercard's network. The transaction flows through existing card rails, meaning the entire settlement infrastructure already works.

4. Verifiable Intent

This is the genuinely innovative piece. Mastercard and Google jointly introduced Verifiable Intent — an open-source framework that creates a cryptographic audit trail proving what the consumer authorised and whether the agent followed instructions exactly.

The specification builds on established standards from FIDO Alliance, EMVCo, IETF, and W3C. It employs Selective Disclosure, sharing only the minimum necessary information with each transaction party. The framework interoperates with Google's Agent Payments Protocol (AP2) and the Universal Commerce Protocol (UCP).

Read the full article on tomcn.uk →

About the Author

I'm Tom Wang, a Founding Engineer at Radom building crypto payment infrastructure, Open Banking integrations, and cross-border payout systems with Rust and Go. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Portfolio | LinkedIn | GitHub | Email