On May 7, AWS launched AgentCore Payments in preview. Coinbase x402 plus Stripe. Agents can now purchase APIs, MCP servers, paywalled content, and data feeds mid-task, executing through payment rails without interrupting their reasoning loop. The system handles protocol negotiation, retries, and settlement automatically.
That's the payment problem solved. Production-grade. Backed by Coinbase, Stripe, and the card network infrastructure underneath both.
Which makes the other problem harder to ignore.
Monica Eaton, CEO of Chargebacks911, said it directly this week: "The payments industry has always treated the click as the signal of intent. Agentic commerce removes the click. So now we need a new way to prove intent when a human was not directly involved."
That new way doesn't exist yet.
A standard transaction dispute works like this: the customer went to checkout, clicked confirm, the processor logged a timestamp. If the customer later claims they didn't authorize it, you compare the click to the claim. The click wins most of the time.
Agent-executed transactions don't have a click. The customer granted permission to an agent, potentially days or weeks before the purchase occurred, set a spending limit, and walked away. The agent bought something. No human was present at the moment of execution.
Later, the customer sees the charge. Says: "I didn't want that." What's the evidence? The agent's internal logs, if anyone thought to preserve them. The session's spending limit config, if it's accessible. Maybe nothing.
Donald Kossmann, CTO of Chargebacks911, put the gap plainly: "Without that record, disputes in agentic commerce become almost impossible to arbitrate fairly."
AWS's design is worth reading carefully here. Per-session spending limits, explicit wallet authorization before any transaction, full traceability through the AgentCore console. They know trust is a problem and built real safeguards.
But those safeguards live inside one platform. When a dispute crosses platform boundaries, the safeguards don't cross with it. The merchant sees a completed payment. The customer sees a line item. Neither party has a neutral record of what the agent was authorized to purchase, within what constraints, and whether the executed transaction stayed inside them.
Three card networks are actively building agent-ready payment flows. McKinsey projects $3-5 trillion in annual agentic commerce by 2030. 43% of retailers are already piloting autonomous AI. Payment rails are scaling fast.
The dispute layer doesn't exist.
This is structural, not edge-case.
Every layer of traditional payment trust assumes a human at the point of transaction. Cardholder-initiated. Card-present. Regulatory frameworks, chargeback rules, and fraud detection heuristics all optimize for a person pressing a button.
Agents don't press buttons. They execute pre-granted permissions.
The evidence that resolves a dispute isn't "did the transaction occur." That part is easy to establish. The evidence that matters is: what was this specific agent authorized to purchase, at what time, within what constraints? That requires a timestamped, verifiable record of behavioral scope, produced at transaction time, accessible to both parties.
Nobody is producing that today.
Payment infrastructure is production-ready. Trust infrastructure is an open problem. These are separate layers, and payment readiness doesn't automatically create trust readiness. Companies building agent commerce infrastructure right now are making a choice about which layer they're actually building, whether they've thought about it or not.
If you're working on the behavioral audit side of this, there's work being done at agentlair.dev.
Top comments (0)