google just shipped a 24/7 agent with a credit card. the audit trail is still missing.

Gemini Spark launched this week as a persistent Google Cloud agent that can run tasks for hours or days — email, docs, calendar, autonomous purchases — all within parameters the user defines. it's the first tier-1 production agent with Agent Payments Protocol baked in from day one.

that's a real milestone. it's also when the hard question shifts from "can the agent pay?" to "can you explain what it paid for, and why, to a regulator?"

---

the problem google solved and the one it didn't

Spark enforces "check with you before major actions" — a budget guardrail that prevents runaway spend. useful. but budget guardrails and audit trails are different things.

a guardrail stops an agent from spending $10,000 on a single transaction. an audit trail answers the questions that come after: which agent instance authorized this payment? which version of the model was running? what was the user intent recorded at time of consent? what was the merchant scope?

Mastercard's Agentic Tokens framework (99% of issuers live as of May 2026) captures some of this: agent identity, merchant scope, consent policy — cryptographically bound to the token. that's the right architecture at the card layer.

what nobody has shipped yet is the reputation layer that sits above the card: a persistent score for an agent's transaction history across sessions, across merchants, across rails. FICO was built for humans in 1989. AI agents in 2026 need something like it, but for a principal that doesn't sleep.

---

what the agent FICO problem actually looks like in code

when you connect a third-party AI assistant to a Robinhood virtual card (they launched this the same week as Spark — May 27), Robinhood assigns a spending limit. that limit is static: it doesn't update based on the agent's track record.

imagine instead a score that gets updated after every settled transaction:

agent: claude-researcher-v2
rail: x402
session_transactions: 47
settlement_velocity: 0.99 (99% settle within 3s)
dispute_rate: 0.00
agent_fico: 741

a 741 gets a $500 limit. a 490 gets $50 and human-in-the-loop approval. the scoring model doesn't care whether the rail was Lightning, USDC, or a card — it operates on the mandate layer.

this is what MnemoPay's Agent FICO (300–850) does. it tracks settlement velocity, authorization history, and budget compliance across x402, AP2, and card rails. v1.0.0-beta.1, 672 tests: https://getbizsuite.com/mnemopay

---

why this matters for developers building on spark

if you're wiring Gemini Spark to a payment-capable MCP server today, you're taking the default guardrail Google gives you. that's fine for demos. it won't be fine for enterprise deployments where procurement requires an audit trail, or for any agent touching regulated industries post-August 2.

the EU AI Act's GPAI enforcement powers activate August 2. any agent making autonomous decisions — including payment decisions — needs documented risk management, logging, and human oversight at the agent-identity level, not just the transaction level.

the move is to build the audit trail into the agent's financial layer now, before the deadline forces a retrofit.

---

the infrastructure is catching up fast: AWS Bedrock AgentCore Payments, Coinbase Base MCP, Mastercard Agent Pay, Robinhood agentic credit cards — all live in the past 90 days. the reputation layer is the last piece.

if you're building on Spark or any of the other 24/7 agent stacks, that's the thing worth wiring in before August.