When an AI shopping agent loads a credit card number into a checkout field, nobody on the other side of the transaction can tell whether a real cardholder approved the purchase or a rogue bot is running up charges. That problem sat mostly in the theoretical column until the past year, when retailers started plugging autonomous agents into live payment flows at a pace that outran their fraud controls. Now Visa is trying to impose order with an open-source framework it calls the Trusted Agent Protocol, and the stakes are high: industry surveys suggest that roughly four in ten large retailers have already integrated AI agents into their checkout systems, while fewer than three in ten believe their fraud defenses can handle what those agents introduce.
The adoption-readiness gap
The 44% adoption and 29% fraud-readiness figures have circulated in payments industry briefings since early 2025, drawing on merchant surveys conducted by e-commerce risk platforms. Salesforce’s 2025 State of Commerce report found a comparable pattern, with 39% of enterprise retailers piloting or deploying AI-powered shopping agents. The exact percentages vary by source and sample, but the directional finding is consistent: retailers are connecting agents to checkout faster than they are building safeguards around them.
That gap matters because AI agents do not behave like human shoppers. They can complete hundreds of transactions per minute, exploit promotional logic at machine speed, and, if compromised, drain stored payment credentials before a fraud team spots the pattern. Juniper Research has projected that global online payment fraud losses will reach $91 billion annually by 2028, and agentic commerce is expected to accelerate that trajectory unless new verification standards take hold.
What Visa’s protocol actually does
Visa published the Trusted Agent Protocol in October 2025, posting its technical specifications on the Visa Developer Center and mirroring the source code on GitHub. The decision to go open-source was deliberate: Visa wants banks, merchants, and competing developers to build on the standard rather than treat it as a proprietary Visa product.
At its core, the protocol answers a single question: how does a merchant know that the person behind an AI agent actually authorized a purchase? Instead of relying on browser cookies or opaque API keys, the framework defines standardized credentials, essentially cryptographic tokens, that an agent carries through the transaction. A participating bank can validate that token before approving the charge, and a merchant can reject any agent that fails verification before an order is fulfilled and shipped.
The protocol also links to Coinbase’s x402 payment service, which handles settlement for machine-to-machine transactions and was still in beta as of late 2025, meaning its production readiness remains unproven. A broader Agentic Commerce Protocol rounds out the reference architecture: x402 moves the money, the Trusted Agent Protocol verifies the identity, and the Agentic Commerce Protocol defines how agents interact with merchant systems. For a retailer, the promise is that integrating one standards-based interface could eventually replace the patchwork of bespoke deals required to accept agents from OpenAI, Google, Amazon, and smaller startups.
Who is already building
Several major players are pursuing their own approaches in parallel. OpenAI’s Operator agent, launched in early 2025, can browse the web and complete purchases on behalf of users. Perplexity introduced a shopping feature that lets its AI recommend and buy products in a single conversation. Amazon has been weaving its Rufus assistant deeper into its own checkout flow. Each of these agents handles payment authorization differently, and none of them currently follows a shared verification standard, which is precisely the fragmentation Visa’s protocol targets.
Mastercard has been developing its own agent-commerce guidelines and piloting biometric verification layers for autonomous transactions. Shopify has opened APIs that let third-party agents place orders on behalf of consumers within its merchant ecosystem. The risk of competing, incompatible standards is real: if every network and platform builds its own trust layer, merchants face a multiplication of integration costs rather than a simplification.
Fraud data that does not yet exist
As of mid-2026, no public dataset isolates fraud losses caused specifically by AI shopping agents. The payments industry tracks chargebacks, account takeovers, and friendly fraud in aggregate, but agent-initiated transactions are not yet broken out as a separate category in most reporting. That blind spot makes it difficult to measure whether the Trusted Agent Protocol will produce a meaningful reduction in losses or simply formalize practices that some processors already follow internally.
The question of who pays when something goes wrong is equally unresolved. The protocol describes how an agent can prove it was authorized, but the published specifications do not spell out who bears responsibility when that authorization is disputed. If a consumer claims an AI agent made an unwanted purchase, it is not yet clear whether a valid agent credential will shift the burden onto the consumer, the agent developer, the merchant, or the issuing bank. Those rules typically emerge through a combination of network operating regulations, government oversight, and case law. The Consumer Financial Protection Bureau has signaled interest in agentic transactions but has not issued formal guidance, and the EU AI Act’s provisions on high-risk AI systems could eventually touch payment agents operating in European markets.
Retailers evaluating the protocol also face uncertainty about what adoption actually requires. The current documentation does not clarify whether merchants need a single lightweight integration or a stack of new dependencies, including x402 support and Agentic Commerce Protocol compliance. Without published benchmarks, cost estimates depend on hands-on prototyping rather than vendor-supplied projections.
What merchants and consumers should watch through mid-2026
The strongest evidence available is the protocol itself: published, inspectable, and open to outside contributors. That is more than a concept paper. But it is also not yet a production standard with proven results. No independent audits, adoption dashboards, or longitudinal fraud studies tied to the Trusted Agent Protocol have surfaced in public sources.
For retailers weighing whether to engage, the most reliable next step is to prototype against the published specifications, evaluate complexity, and run limited security reviews. Those concrete experiments will reveal more than any industry forecast about whether the framework fits a given merchant’s risk profile and technical stack.
For consumers, the immediate takeaway is simpler: AI agents are already shopping on people’s behalf, and the rules governing those transactions are still being written. Visa’s protocol is the most visible attempt so far to impose structure on a fast-moving market. Whether it becomes the dominant standard or one of several competing approaches will depend less on the elegance of the code and more on how quickly the surrounding questions about fraud data, liability, and regulatory oversight get resolved. The gap between adoption and readiness is not closing on its own.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
