The agent infrastructure conversation has been obsessed with the wrong question.
Everyone is building wallets - AgentCard, x402, MPP. Stripe, Visa, and Mastercard are racing to give AI agents spending power. But there's a more fundamental problem that nobody wants to touch: identity.
If you can't prove who authorized an agent, you can't hold anyone accountable when it goes wrong.
The Sybil Problem Isn't Theoretical
Here's what actually happens when agents get payment rails:
A prompt injection attack tricks your shopping agent into buying $500 in gift cards. The transaction looks legitimate - authorized API call, valid virtual card, proper merchant. Every fraud signal designed for humans fails:
- Device fingerprint? The agent doesn't have one.
- Login pattern? There's no login.
- Typing cadence? Machines don't type.
Traditional fraud detection was built on behavioral heuristics that assume a human at the other end. The moment you hand a credit card to code, every assumption breaks.
Accenture found that 85% of financial institutions admit their systems can't handle high-volume agent-driven payments. That's not a gap - that's a cliff.
Why Identity Comes Before Payment
The rush to give agents wallets is backwards.
Payment protocols solve "how." How does an agent pay for an API call? How does it complete a transaction without human intervention? x402, MPP, and AgentCard answer this.
Identity protocols solve "who." Who authorized this agent? Is it acting alone or as part of a swarm? Can one human spin up 10,000 agents to game a system?
You can build payment infrastructure without identity infrastructure. But you can't build trust without it.
World's AgentKit (from Sam Altman's identity network) is attempting to fill this gap - one cryptographic credential per verified human, delegatable to agents. Whether iris-scanning is the right primitive is debatable, but the problem definition is correct: every agent-initiated action needs to trace back to an accountable human.
The Accountability Chain
Imagine three scenarios:
Scenario A: Your agent books a restaurant reservation. The restaurant overbooks. Who's liable?
Scenario B: Your agent spends your company's budget on cloud credits. The CFO didn't approve it. Who pays?
Scenario C: A swarm of 50,000 agents, each with a legitimate wallet, floods a ticketing platform. Is this a coordinated attack or 50,000 independent decisions?
Without an identity layer, these questions have no answers. With identity infrastructure:
- Scenario A resolves to "your credential, your responsibility"
- Scenario B has an audit trail showing exactly who authorized what
- Scenario C reveals whether the 50,000 agents trace back to 50,000 humans or one operator
What's Actually Being Built
Two ecosystems are forming:
OpenAI + Stripe (ACP): Payment-first. Agents can transact, but identity is bolted on later.
Google + Coinbase + World (x402 + AgentKit): Identity and payment together. Each agent carries proof of human authorization.
The companies building fraud infrastructure for machine actors - not against them - will own the trust layer. But fraud detection alone isn't enough. You need cryptographic proof that a human said "yes."
The Takeaway
We're building agent infrastructure in the wrong order.
Before an agent can spend money, it needs to prove it's acting on behalf of a specific human. Before platforms can block bot swarms, they need to verify that each agent represents a unique person.
The wallet builders are solving the easy problem. The identity layer is where the real moat will form - and where the most interesting companies will emerge.
If you're building agent infrastructure, ask yourself: are you solving for how or who? The first gets you payments. The second gets you trust.
Trust is worth more.
Top comments (0)