DEV Community

Aamer Mihaysi
Aamer Mihaysi

Posted on

The Trust Layer Nobody Built: Why AI Agents Need Verification Before They Can Spend

#ai #agents #llm #payments

The Trust Layer Nobody Built: Why AI Agents Need Verification Before They Can Spend

Two developments this week exposed the same gap in agentic infrastructure. Mastercard and Google open-sourced Verifiable Intent, a cryptographic framework that proves an AI agent is doing exactly what its human authorized. Ramp shipped Agent Cards, giving AI agents their own corporate credit lines with built-in spend limits and merchant restrictions.

Different companies. Different approaches. Same realization: the missing piece for autonomous AI commerce is not capability - it is trust.

Here is what the infrastructure layer for agentic payments is actually becoming, and why the companies building verification are positioning themselves at the center of the machine economy.

The Problem No One Talked About

Only about 16% of U.S. consumers trust AI to make payments on their behalf. That is not a marketing problem. It is an architectural one.

When an AI agent spends money, three questions surface immediately:

  1. Authorization: Did the human actually permit this?
  2. Boundaries: Is the agent staying within approved limits?
  3. Auditability: Can we prove what happened after the fact?

Traditional payment infrastructure answers none of these. A credit card transaction shows a merchant and an amount. It does not encode why the purchase happened, who initiated it, or whether it violated any constraints.

For human spending, that ambiguity is tolerable. For agent spending, it is a non-starter.

What Verifiable Intent Actually Does

Mastercard and Google's framework creates cryptographic proof that an AI agent is operating within bounds a human explicitly set. Think of it as a digitally signed power of attorney with machine-enforceable constraints.

The architecture has three layers:

  • Credential Provider - A bank or wallet binds the user identity
  • Mandate Issuance - The user defines what the agent can do (amount caps, merchant allowlists, time windows)
  • Proof Generation - When the agent transacts, it signs proof of compliance

The agent operates autonomously, but every action leaves a tamper-evident audit trail. Merchants see what they need. Issuers can distinguish legitimate activity from compromise. Disputes become simple: either the cryptographic trail confirms compliance, or it does not.

This is not theoretical. Adyen, Fiserv, Checkout.com, Worldpay, and IBM have already endorsed it. The Python SDK is live under Apache 2.0.

What Ramp Agent Cards Solve

Ramp took a different angle. Instead of building a protocol for the ecosystem, they built a product for their existing customer base. Agent Cards are virtual corporate cards issued directly to AI agents under a business's Ramp account.

The agent never sees a card number. It calls an API (or uses Anthropic's Model Context Protocol) to request payment. Ramp's backend enforces hard constraints:

  • Spend limits
  • Merchant whitelists
  • Category blocks
  • Full transaction logging with reasoning context

The brilliance is integration. Ramp has spent years building AI tools for expense policy enforcement, invoice fraud detection, and automated bookkeeping. Agent Cards close the loop: agents that already read, decide, and reconcile can now pay, all within one platform with one audit trail.

Visa's Intelligent Commerce sandbox has more live agent transactions, but no equivalent open intent specification. Mastercard is seeding infrastructure while Ramp is capturing immediate enterprise value.

Why Infrastructure Beats Products Here

The strategic divergence matters. Mastercard's open-source framework can be adopted by any payments company. Ramp's Agent Cards only work within Ramp's ecosystem.

History suggests infrastructure wins:

  • EMV chip became ubiquitous because Visa and Mastercard agreed on a standard and pushed it across their networks
  • Tokenization became the default because Apple Pay and the networks aligned on a common approach
  • Verifiable Intent follows the same playbook: open the spec, let adoption spread, sit at the center of verification

Ramp's data advantage is real. They have billions in monthly spend, GL coding patterns, and vendor relationships across 50,000 businesses. That lets them make smarter authorization decisions than pure card issuers.

But the liability question remains unanswered: when an agent overspends or buys the wrong thing, who is responsible? Ramp? The agent builder? The business?

The framework does not resolve this. It just makes it auditable.

The Real Adoption Path: B2B Procurement

Consumer shopping agents will exist. But the fastest adoption will come from B2B procurement.

A procurement agent that:

  • Stays within pre-approved vendor lists
  • Never exceeds budget thresholds
  • Logs every purchase decision with reasoning
  • Automatically matches invoices to purchase orders

That is a CFO's dream. The ROI is immediate and measurable. The trust gap is smaller because the human is already authorizing spend policies for human employees.

Agent Cards and Verifiable Intent both start there. Enterprise card programs quietly converting to scoped agent mandates within 18 to 24 months is not a prediction. It is already underway.

What to Watch

Three developments will determine whether this infrastructure layer actually holds:

1. OCC Rulemaking on Stablecoin Rewards
The GENIUS Act gave stablecoins a federal framework. But the OCC's proposed rules could eliminate deposit-like rewards on stablecoin balances. If PayPal's 3.7% on PYUSD and Coinbase's 3.5% on USDC savings disappear, the consumer acquisition lever for stablecoin-based agent spending weakens significantly.

2. Visa's Response
Visa has Intelligent Commerce live with 100+ partners. They are running live agent transactions. But no open intent spec has emerged. If Mastercard's Verifiable Intent becomes the de facto standard, Visa either adopts it or builds a competing framework. Fragmentation here would slow enterprise adoption.

3. Liability Precedents
When the first major agent-driven fraud or mistake reaches litigation, the courts will define who owns the risk. The frameworks provide evidence. They do not assign blame.

The Takeaway

Every payments era has a trust primitive that unlocks it:

  • Mag stripes answered "is this card real?"
  • Tokenization answered "can we keep credentials safe online?"
  • Verifiable Intent answers "did this AI agent actually have permission to spend that money?"

The race now is not to build the best AI shopping agent. It is to become the default trust layer those agents rely on.

Mastercard just open-sourced the track and handed out the cars. Ramp built a fast car but locked it to their track. The infrastructure play has more leverage.

Expect both strategies to coexist for a while. But the long-term value capture sits with whoever owns the verification standard, not whoever issues the most agent cards.

The infrastructure for machines spending money is being built right now. The question is whether you are building the track or just driving on someone else's.

Top comments (0)