Agents Need Passports Before They Need Wallets
Everyone's building payment rails for AI agents. Stripe's Machine Payments Protocol. Visa's agent credit cards. Ramp's corporate cards for autonomous spending.
But there's a more fundamental problem nobody's talking about.
Before an agent can pay for something, it needs to prove it is authorized to pay for it.
The Payment Stack Is Missing Its Foundation
The current agent payments conversation works backwards.
→ Stripe's MPP lets agents respond to HTTP 402 challenges.
→ Visa's agent cards give autonomous spending power.
→ Ramp's corporate cards let AI book flights and software.
All of these assume the receiving party knows who is authorizing this transaction and what limits apply.
But agents don't have stable identities. They spin up, execute tasks, and disappear. The same agent instance that ordered your flight today might not exist tomorrow. How does the merchant know it's still your agent?
What Sam Altman Understands That Payment Companies Don't
While payment companies race to build agent wallets, Sam Altman's World is building agent passports.
World's AgentKit creates verifiable identity for AI agents—not just cryptographic keys, but attested credentials linked to a human owner.
Think about what this enables:
A merchant can verify the agent spending $500 is authorized by you, not someone who compromised your API key
A service can enforce per-agent rate limits because each agent has a stable, verifiable identity
A platform can implement fraud detection at the agent level, not just the account level
This is the missing layer. Without it, every agent transaction is a security incident waiting to happen.
The Two-Layer Problem
Mastercard and Google recently open-sourced Verifiable Intent—a framework for cryptographic proof that an AI agent is acting within human-authorized bounds.
This is necessary but not sufficient.
Verifiable Intent answers: "Did the human authorize this specific transaction?"
Agent Identity answers: "Is this the agent the human claims it is?"
You need both. The payment protocols need something to verify against.
The Architecture Nobody's Building Yet
Here's what the full stack should look like:
┌─────────────────────────────────────┐
│ Payment Protocols │
│ (Stripe MPP, Visa Agent Cards) │
├─────────────────────────────────────┤
│ Verifiable Intent Layer │
│ (Mastercard/Google framework) │
├─────────────────────────────────────┤
│ Agent Identity Layer │
│ (World AgentKit, Decentralized ID) │
├─────────────────────────────────────┤
│ Human Owner Attestation │
│ (World ID, other proof-of-person)│
└─────────────────────────────────────┘
Right now we're building the top two layers on sand.
Why This Matters for Builders
If you're building agent infrastructure, the temptation is to jump straight to payments. "How do I let my agent buy AWS credits?"
But you should start with identity:
How does my agent prove it's mine?
How does a third party verify that proof?
How do I revoke that identity if the agent goes rogue?
How do I delegate different authority levels to different agents?
The payment protocols are exciting because they're visible. Agent identity feels abstract. But the companies that nail identity first will own the agent economy's trust layer.
The Takeaway
Payment rails for agents are coming fast. Stripe, Visa, Ramp, and others are racing to let agents spend money autonomously.
But spending requires trust. Trust requires identity. Identity requires infrastructure we haven't built yet.
The next time you see an agent payments announcement, ask yourself: How does the receiving party know this agent is who it claims to be?
That's the problem worth solving. The wallets are coming. The passports aren't here yet.
The agent economy will run on trust before it runs on money. Build accordingly.
Top comments (0)