Agentic Commerce 2026: When AI Agents Pay on Your Behalf

Posted on: 5/28/2026 1:13:06 AM

Table of contents

1. Why a tool-calling agent still can't spend
1. The core gap
2. The 3A problem: Authorization, Authenticity, Accountability
3. AP2 — Google's chain of signed mandates
1. Three mandates, three layers of proof
  1. Why does "signing" matter so much?
4. Human Present vs Human Not Present
5. Roles in an agentic transaction
6. ACP & Instant Checkout by OpenAI + Stripe
7. UCP — Unifying the whole shopping journey
1. Ecosystem weight
8. AP2 vs ACP vs UCP
1. Compete or complement?
9. Risks, disputes and the developer view
1. Integration caution
10. The road ahead

You message an AI agent: "Buy me white running shoes under $80, delivered this week." Seconds later it has compared prices across five stores, picked a match, and… hit pay. Smooth — but behind that command sits a heavyweight question the whole industry is scrambling to answer in 2026: when a bot swipes your card on its own, who is liable if it buys the wrong thing?

This is the gap Agentic Commerce fills. This article dissects the new protocol layer that lets AI agents pay safely, verifiably, and accountably: Google's AP2, OpenAI & Stripe's ACP, and the unifying UCP. If you've read about MCP as the protocol that connects agents to tools, treat this as the missing piece: the protocol that connects agents to money.

Contents

Why a tool-calling agent still can't spend
The 3A problem: Authorization, Authenticity, Accountability
AP2 — Google's chain of signed mandates
Human Present vs Human Not Present
Roles in an agentic transaction
ACP & Instant Checkout by OpenAI + Stripe
UCP — Unifying the whole shopping journey
AP2 vs ACP vs UCP
Risks, disputes and the developer view
The road ahead

1. Why a tool-calling agent still can't spend

In 2024–2025 the industry solved two big connectivity problems. MCP (Model Context Protocol) lets agents read data and call tools. A2A (Agent2Agent) lets agents talk to each other. Yet both stop right before the final door: the moment real money leaves your account.

Today's payment rails rest on an assumption baked in for 60 years: a human sits behind the transaction — typing the card number, reading the OTP, clicking "Confirm." When the initiating party is an AI agent running at 3 a.m., that assumption collapses. The bank has no way to tell a "properly delegated agent" from "an agent tricked by prompt injection into buying the wrong thing."

The core gap

MCP answers "where does the agent get information?". A2A answers "how does the agent coordinate with other agents?". Neither answers "how do we prove the user actually authorized this spend?". That is the trust & payment layer Agentic Commerce standardizes.

flowchart TB
    U["User"] --> AG["AI Agent"]
    subgraph STACK["Protocol stack for agents"]
        direction TB
        MCP["MCP
agent ↔ tools & data"]
        A2A["A2A
agent ↔ agent"]
        AP2["AP2 / ACP / UCP
agent ↔ payments & merchant"]
    end
    AG --> MCP
    AG --> A2A
    AG --> AP2
    AP2 --> PAY["Payment networks
Visa / Mastercard / Stripe"]
    style AP2 fill:#e94560,stroke:#fff,color:#fff
    style MCP fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A2A fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style PAY fill:#16213e,stroke:#fff,color:#fff

Figure 1 — Agentic Commerce is the missing layer in the agent protocol stack.

2. The 3A problem: Authorization, Authenticity, Accountability

Every Agentic Commerce protocol revolves around three questions I call the 3A problem:

A1Authorization — did the user really permit this spend?

A2Authenticity — is this the genuine, untampered, delegated agent?

A3Accountability — when a dispute arises, who is liable and where is the proof?

The subtle part: you cannot solve these by "trusting the agent." An agent is probabilistic software — it can be prompt-injected, it can misread intent. The industry's answer converges on a security classic: don't trust the actor, trust the cryptographic proof. Instead of asking "is this agent trustworthy," the system asks "does this agent hold a mandate signed by the right user?"

3. AP2 — Google's chain of signed mandates

AP2 (Agent Payments Protocol) was announced by Google together with Coinbase and 60+ organizations (Mastercard, Visa, PayPal, American Express…). Its central idea is the mandate — a tamper-evident, user-signed authorization. AP2 chains three kinds of mandate, each answering part of the 3A problem.

sequenceDiagram
    participant U as User
    participant A as Shopping Agent
    participant M as Merchant
    participant N as Payment network
    U->>A: "Find white shoes under $80"
    A->>U: Request Intent Mandate signature
    U-->>A: Intent Mandate (signed)
    Note over A: Agent searches & builds cart
    A->>U: Present cart + exact price
    U-->>A: Cart Mandate (signed)
    A->>M: Send Cart Mandate
    M->>N: Payment Mandate (credential)
    N-->>M: Authorize transaction
    M-->>U: Order confirmed

Figure 2 — AP2's three-mandate flow: Intent → Cart → Payment.

Three mandates, three layers of proof

Intent Mandate — the user delegates an intent: scope, budget, conditions ("white shoes, under $80, delivered this week"). It is the root of the trust chain.
Cart Mandate — the user approves a specific cart at a specific price. Proof of "this exact item, this exact price."
Payment Mandate — a derived credential the payment network sees, binding intent – cart – payment into a non-repudiable chain.

Technically, mandates are JSON-LD documents following the W3C Verifiable Credentials (VC) standard, signed with ECDSA over the P-256 curve (or stronger) and SHA-256 integrity hashing. Each mandate is a link in an independently verifiable audit trail.

{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiableCredential", "CartMandate"],
  "issuer": "did:example:user-anhtu",
  "issuanceDate": "2026-05-28T09:12:00Z",
  "credentialSubject": {
    "agent": "did:example:shopping-agent-01",
    "cart": {
      "item": "White Running Shoes - Model X",
      "price": { "amount": 79.00, "currency": "USD" },
      "merchant": "did:example:shop-abc"
    },
    "constraints": { "maxAmount": 80.00, "deadline": "2026-06-01" }
  },
  "proof": {
    "type": "EcdsaSecp256r1Signature2019",
    "created": "2026-05-28T09:12:00Z",
    "proofValue": "z3FXQ...signature..."
  }
}

Why does "signing" matter so much?

A digital signature turns words into non-repudiation — undeniable, legally meaningful evidence. If the agent buys wrong, you trace the mandate chain: what constraints did the user sign in the Intent? Did the Cart stay within them? Liability is assigned cleanly instead of vaguely blaming "AI error."

4. Human Present vs Human Not Present

AP2 cleanly separates two scenarios — and this is what makes it practical:

flowchart LR
    subgraph HP["Human Present"]
        direction TB
        H1["User states intent"] --> H2["Agent builds cart"]
        H2 --> H3["User signs Cart Mandate
AT purchase time"]
    end
    subgraph HN["Human Not Present"]
        direction TB
        N1["User signs detailed Intent Mandate
UPFRONT with price & timing rules"] --> N2["Agent waits for conditions"]
        N2 --> N3["Conditions met → agent self-issues Cart Mandate"]
    end
    style H3 fill:#e94560,stroke:#fff,color:#fff
    style N1 fill:#e94560,stroke:#fff,color:#fff

Figure 3 — Two delegation models: approve-in-place vs delegate-ahead-by-rule.

Human Present — you're there. Initial intent is captured in an Intent Mandate, then you sign the Cart Mandate as the agent presents the cart. Great for interactive shopping.
Human Not Present — you delegate upfront: "Buy concert tickets the moment they go on sale, max $130 each." You sign a detailed Intent Mandate with explicit rules; the agent self-issues a Cart Mandate once conditions hold. This is "truly autonomous" — and the highest-risk path, so Intent Mandate constraints must be tight.

5. Roles in an agentic transaction

Role	Responsibility
User	The individual delegating the task and signing root mandates.
Shopping / User Agent	The AI interface the user interacts with; searches, builds carts, carries mandates.
Credential Provider	Specialized entity safely managing payment credentials (card tokens, wallets).
Merchant Endpoint	Interface or agent representing the merchant; receives the Cart Mandate.
Merchant Payment Processor	Builds the final transaction authorization message to the network.
Networks & Issuers	Visa, Mastercard, issuing banks — handle approval and risk.

6. ACP & Instant Checkout by OpenAI + Stripe

Where AP2 takes the "open, payment-neutral standard" route, ACP (Agentic Commerce Protocol) — OpenAI partnering with Stripe — focuses on experience: Instant Checkout right inside ChatGPT. Users buy directly within the conversation, never leaving the chat.

flowchart LR
    U["User in ChatGPT"] --> C["Instant Checkout"]
    C --> S["Stripe
tokenize & process"]
    S --> M["Merchant"]
    M --> C
    C -. "~4% fee / transaction" .-> O["OpenAI"]
    style C fill:#e94560,stroke:#fff,color:#fff
    style S fill:#16213e,stroke:#fff,color:#fff

Figure 4 — ACP turns the conversation into a checkout counter; OpenAI takes a fee per agent-closed order.

The economic twist: in early 2026 OpenAI applied a ~4% transaction fee on each successful agent-led conversion — a new revenue model that positions the AI platform as a "sales channel," not just an "assistant." It raises a big merchant question: when the agent becomes the layer between you and your customer, who owns the customer relationship?

7. UCP — Unifying the whole shopping journey

In January 2026 at NRF, Google announced UCP (Universal Commerce Protocol) — an open web standard (with Shopify) enabling interoperability between agents and retail systems across the journey: discovery → checkout → post-purchase. UCP doesn't replace, it encompasses: its spec supports REST and JSON-RPC transports and integrates AP2 (payments), A2A (agent-to-agent) and MCP (tools/data).

Ecosystem weight

UCP is backed by Walmart, Target, Etsy, Wayfair plus Mastercard, Visa, Stripe, PayPal, American Express and 20+ major retailers / payment providers. When both merchants and payment networks stand behind one standard, it has a strong shot at becoming the default.

8. AP2 vs ACP vs UCP

Criterion	AP2	ACP	UCP
Led by	Google + Coinbase + 60 orgs	OpenAI + Stripe	Google + Shopify
Focus	Payment & signed-authorization layer	In-chat checkout experience	End-to-end shopping journey
Trust mechanism	Mandates (W3C VC, ECDSA-signed)	Tokenization via Stripe	Integrates AP2 + A2A + MCP
Model	Open, platform-neutral	Closed around ChatGPT	Open web standard
Best when	You need audit trail & non-repudiation	Selling directly in conversation	End-to-end retail integration

Compete or complement?

Don't frame it as "who wins." AP2 is the payment trust layer, ACP is the user touchpoint, UCP is the umbrella weaving the pieces together. In fact UCP already adopts AP2 into its spec — convergence, not exclusion.

9. Risks, disputes and the developer view

Prompt injection that spends money — a malicious page can embed hidden instructions tricking the agent to "add more" or swap merchants. That's why the Cart Mandate must stay within the Intent Mandate's constraints, and why lethal-trifecta-style defenses become vital once an agent touches money.
A new kind of dispute — traditional chargebacks assume a human clicked. With agents, the signed mandate chain becomes the adjudicating evidence: was the intent valid, did the cart exceed budget?
Over-authorization — an overly broad Intent Mandate ("buy anything you deem reasonable") is a disaster waiting to happen. Least-privilege applies verbatim: tighter constraints, safer agent.

Integration caution

If you build a merchant endpoint, never blindly trust the agent's payload. Always verify the mandate signature, check the trust chain (Intent → Cart), and re-validate price/time constraints server-side before calling the payment processor. A signature-valid mandate can still violate constraints if you don't check.

10. The road ahead

Late 2025

Google announces AP2 with Coinbase and 60+ financial organizations.

Early 2026

OpenAI launches Instant Checkout (ACP) in ChatGPT, applying a ~4% per-transaction fee.

January 2026 — NRF

Google + Shopify announce UCP, encompassing AP2/A2A/MCP, backed by 20+ retailers & payment networks.

Agentic Commerce isn't "adding a buy button to a chatbot." It's re-architecting e-commerce's trust layer for a world where the party initiating a transaction is no longer human. The core lesson is both very technical and very old: when you can't trust the actor, trust verifiable, accountable cryptographic proof.

For developers, now is the time to think "machine-first" about your backend: machine-readable catalogs, credential verification, strict idempotency. Agents are a new class of customer — and like any customer, they need a clear contract. The signed mandate is that contract.

References

#Agentic Commerce #AP2 #AI Agent #Agentic AI

# Agentic Commerce 2026: When AI Agents Pay on Your Behalf

You message an AI agent: *"Buy me white running shoes under $80, delivered this week."* Seconds later it has compared prices across five stores, picked a match, and… hit pay. Smooth — but behind that command sits a heavyweight question the whole industry is scrambling to answer in 2026: **when a bot swipes your card on its own, who is liable if it buys the wrong thing?**

This is the gap **Agentic Commerce** fills. This article dissects the new protocol layer that lets AI agents pay *safely, verifiably, and accountably*: Google's AP2, OpenAI & Stripe's ACP, and the unifying UCP. If you've read about [MCP as the protocol that connects agents to tools](https://anhtu.dev/mcp-giao-thuc-ket-noi-van-nang-cho-he-thong-ai-multi-agent-2026-12), treat this as the missing piece: the protocol that connects agents to **money**.

**Contents**

1. [Why a tool-calling agent still can't spend](#gap)
2. [The 3A problem: Authorization, Authenticity, Accountability](#3a)
3. [AP2 — Google's chain of signed mandates](#ap2)
4. [Human Present vs Human Not Present](#flows)
5. [Roles in an agentic transaction](#roles)
6. [ACP & Instant Checkout by OpenAI + Stripe](#acp)
7. [UCP — Unifying the whole shopping journey](#ucp)
8. [AP2 vs ACP vs UCP](#compare)
9. [Risks, disputes and the developer view](#risk)
10. [The road ahead](#future)

## 1. Why a tool-calling agent still can't spend

In 2024–2025 the industry solved two big connectivity problems. **MCP (Model Context Protocol)** lets agents read data and call tools. **A2A (Agent2Agent)** lets agents talk to each other. Yet both stop right before the final door: *the moment real money leaves your account.*

Today's payment rails rest on an assumption baked in for 60 years: **a human sits behind the transaction** — typing the card number, reading the OTP, clicking "Confirm." When the initiating party is an AI agent running at 3 a.m., that assumption collapses. The bank has no way to tell a "properly delegated agent" from "an agent tricked by prompt injection into buying the wrong thing."

#### The core gap

MCP answers *"where does the agent get information?"*. A2A answers *"how does the agent coordinate with other agents?"*. Neither answers *"how do we prove the user actually authorized this spend?"*. That is the **trust & payment** layer Agentic Commerce standardizes.

```
flowchart TB
    U["User"] --> AG["AI Agent"]
    subgraph STACK["Protocol stack for agents"]
        direction TB
        MCP["MCP  
agent ↔ tools & data"]
        A2A["A2A  
agent ↔ agent"]
        AP2["AP2 / ACP / UCP  
agent ↔ payments & merchant"]
    end
    AG --> MCP
    AG --> A2A
    AG --> AP2
    AP2 --> PAY["Payment networks  
Visa / Mastercard / Stripe"]
    style AP2 fill:#e94560,stroke:#fff,color:#fff
    style MCP fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A2A fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style PAY fill:#16213e,stroke:#fff,color:#fff

```
Figure 1 — Agentic Commerce is the missing layer in the agent protocol stack.

## 2. The 3A problem: Authorization, Authenticity, Accountability

Every Agentic Commerce protocol revolves around three questions I call the **3A problem**:

A1Authorization — did the user really permit this spend?

A2Authenticity — is this the genuine, untampered, delegated agent?

A3Accountability — when a dispute arises, who is liable and where is the proof?

The subtle part: you cannot solve these by "trusting the agent." An agent is probabilistic software — it can be prompt-injected, it can misread intent. The industry's answer converges on a security classic: **don't trust the actor, trust the cryptographic proof.** Instead of asking "is this agent trustworthy," the system asks "does this agent hold a mandate signed by the right user?"

## 3. AP2 — Google's chain of signed mandates

**AP2 (Agent Payments Protocol)** was announced by Google together with Coinbase and 60+ organizations (Mastercard, Visa, PayPal, American Express…). Its central idea is the **mandate** — a tamper-evident, user-signed authorization. AP2 chains three kinds of mandate, each answering part of the 3A problem.

```
sequenceDiagram
    participant U as User
    participant A as Shopping Agent
    participant M as Merchant
    participant N as Payment network
    U->>A: "Find white shoes under $80"
    A->>U: Request Intent Mandate signature
    U-->>A: Intent Mandate (signed)
    Note over A: Agent searches & builds cart
    A->>U: Present cart + exact price
    U-->>A: Cart Mandate (signed)
    A->>M: Send Cart Mandate
    M->>N: Payment Mandate (credential)
    N-->>M: Authorize transaction
    M-->>U: Order confirmed

```
Figure 2 — AP2's three-mandate flow: Intent → Cart → Payment.

### Three mandates, three layers of proof

- **Intent Mandate** — the user delegates an *intent*: scope, budget, conditions ("white shoes, under $80, delivered this week"). It is the root of the trust chain.
- **Cart Mandate** — the user approves *a specific cart at a specific price*. Proof of "this exact item, this exact price."
- **Payment Mandate** — a derived credential the *payment network sees*, binding intent – cart – payment into a non-repudiable chain.

Technically, mandates are **JSON-LD documents following the W3C Verifiable Credentials (VC)** standard, signed with **ECDSA over the P-256 curve** (or stronger) and **SHA-256** integrity hashing. Each mandate is a link in an independently verifiable audit trail.

```
{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiableCredential", "CartMandate"],
  "issuer": "did:example:user-anhtu",
  "issuanceDate": "2026-05-28T09:12:00Z",
  "credentialSubject": {
    "agent": "did:example:shopping-agent-01",
    "cart": {
      "item": "White Running Shoes - Model X",
      "price": { "amount": 79.00, "currency": "USD" },
      "merchant": "did:example:shop-abc"
    },
    "constraints": { "maxAmount": 80.00, "deadline": "2026-06-01" }
  },
  "proof": {
    "type": "EcdsaSecp256r1Signature2019",
    "created": "2026-05-28T09:12:00Z",
    "proofValue": "z3FXQ...signature..."
  }
}
```

#### Why does "signing" matter so much?

A digital signature turns words into **non-repudiation** — undeniable, legally meaningful evidence. If the agent buys wrong, you trace the mandate chain: what constraints did the user sign in the Intent? Did the Cart stay within them? Liability is assigned cleanly instead of vaguely blaming "AI error."

## 4. Human Present vs Human Not Present

AP2 cleanly separates two scenarios — and this is what makes it practical:

```
flowchart LR
    subgraph HP["Human Present"]
        direction TB
        H1["User states intent"] --> H2["Agent builds cart"]
        H2 --> H3["User signs Cart Mandate  
AT purchase time"]
    end
    subgraph HN["Human Not Present"]
        direction TB
        N1["User signs detailed Intent Mandate  
UPFRONT with price & timing rules"] --> N2["Agent waits for conditions"]
        N2 --> N3["Conditions met → agent self-issues Cart Mandate"]
    end
    style H3 fill:#e94560,stroke:#fff,color:#fff
    style N1 fill:#e94560,stroke:#fff,color:#fff

```
Figure 3 — Two delegation models: approve-in-place vs delegate-ahead-by-rule.

- **Human Present** — you're there. Initial intent is captured in an Intent Mandate, then you sign the Cart Mandate as the agent presents the cart. Great for interactive shopping.
- **Human Not Present** — you delegate upfront: *"Buy concert tickets the moment they go on sale, max $130 each."* You sign a detailed Intent Mandate with explicit rules; the agent self-issues a Cart Mandate once conditions hold. This is "truly autonomous" — and the highest-risk path, so Intent Mandate constraints must be tight.

## 5. Roles in an agentic transaction

| Role | Responsibility |
| --- | --- |
| **User** | The individual delegating the task and signing root mandates. |
| **Shopping / User Agent** | The AI interface the user interacts with; searches, builds carts, carries mandates. |
| **Credential Provider** | Specialized entity safely managing payment credentials (card tokens, wallets). |
| **Merchant Endpoint** | Interface or agent representing the merchant; receives the Cart Mandate. |
| **Merchant Payment Processor** | Builds the final transaction authorization message to the network. |
| **Networks & Issuers** | Visa, Mastercard, issuing banks — handle approval and risk. |

## 6. ACP & Instant Checkout by OpenAI + Stripe

Where AP2 takes the "open, payment-neutral standard" route, **ACP (Agentic Commerce Protocol)** — OpenAI partnering with Stripe — focuses on experience: **Instant Checkout** right inside ChatGPT. Users buy directly within the conversation, never leaving the chat.

```
flowchart LR
    U["User in ChatGPT"] --> C["Instant Checkout"]
    C --> S["Stripe  
tokenize & process"]
    S --> M["Merchant"]
    M --> C
    C -. "~4% fee / transaction" .-> O["OpenAI"]
    style C fill:#e94560,stroke:#fff,color:#fff
    style S fill:#16213e,stroke:#fff,color:#fff

```
Figure 4 — ACP turns the conversation into a checkout counter; OpenAI takes a fee per agent-closed order.

The economic twist: in early 2026 OpenAI applied a **~4% transaction fee** on each successful agent-led conversion — a new revenue model that positions the AI platform as a "sales channel," not just an "assistant." It raises a big merchant question: *when the agent becomes the layer between you and your customer, who owns the customer relationship?*

## 7. UCP — Unifying the whole shopping journey

In January 2026 at NRF, Google announced **UCP (Universal Commerce Protocol)** — an open web standard (with Shopify) enabling interoperability between agents and retail systems *across the journey*: discovery → checkout → post-purchase. UCP doesn't replace, it **encompasses**: its spec supports REST and JSON-RPC transports and integrates AP2 (payments), A2A (agent-to-agent) and MCP (tools/data).

#### Ecosystem weight

## 8. AP2 vs ACP vs UCP

| Criterion | AP2 | ACP | UCP |
| --- | --- | --- | --- |
| Led by | Google + Coinbase + 60 orgs | OpenAI + Stripe | Google + Shopify |
| Focus | Payment & signed-authorization layer | In-chat checkout experience | End-to-end shopping journey |
| Trust mechanism | Mandates (W3C VC, ECDSA-signed) | Tokenization via Stripe | Integrates AP2 + A2A + MCP |
| Model | Open, platform-neutral | Closed around ChatGPT | Open web standard |
| Best when | You need audit trail & non-repudiation | Selling directly in conversation | End-to-end retail integration |

#### Compete or complement?

Don't frame it as "who wins." AP2 is the *payment trust layer*, ACP is the *user touchpoint*, UCP is the *umbrella* weaving the pieces together. In fact UCP already adopts AP2 into its spec — convergence, not exclusion.

## 9. Risks, disputes and the developer view

- **Prompt injection that spends money** — a malicious page can embed hidden instructions tricking the agent to "add more" or swap merchants. That's why the Cart Mandate must stay within the Intent Mandate's constraints, and why [lethal-trifecta-style defenses](https://anhtu.dev/bao-mat-ai-agent-2026-lethal-trifecta-va-phong-thu-nhieu-lop-2250) become vital once an agent touches money.
- **A new kind of dispute** — traditional chargebacks assume a human clicked. With agents, the signed mandate chain becomes the adjudicating evidence: was the intent valid, did the cart exceed budget?
- **Over-authorization** — an overly broad Intent Mandate ("buy anything you deem reasonable") is a disaster waiting to happen. Least-privilege applies verbatim: tighter constraints, safer agent.

#### Integration caution

## 10. The road ahead

Late 2025

Google announces AP2 with Coinbase and 60+ financial organizations.

Early 2026

OpenAI launches Instant Checkout (ACP) in ChatGPT, applying a ~4% per-transaction fee.

January 2026 — NRF

Google + Shopify announce UCP, encompassing AP2/A2A/MCP, backed by 20+ retailers & payment networks.

Agentic Commerce isn't "adding a buy button to a chatbot." It's re-architecting e-commerce's trust layer for a world where **the party initiating a transaction is no longer human**. The core lesson is both very technical and very old: when you can't trust the actor, trust verifiable, accountable cryptographic proof.

---

**References**

- [Google Cloud — Announcing Agent Payments Protocol (AP2)](https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol)
- [AP2 Protocol — Official Specification](https://ap2-protocol.org/specification/)
- [Wikipedia — Agentic commerce (UCP, governance frameworks)](https://en.wikipedia.org/wiki/Agentic_commerce)
- [Charle — Agentic Commerce: The Complete 2026 Guide](https://www.charle.co.uk/articles/agentic-commerce/)
- [Vellum — Google's AP2: A new protocol for AI agent payments](https://www.vellum.ai/blog/googles-ap2-a-new-protocol-for-ai-agent-payments)

Agent Skills 2026: Teaching AI Agents New Tricks with SKILL.md

Disclaimer: The opinions expressed in this blog are solely my own and do not reflect the views or opinions of my employer or any affiliated organizations. The content provided is for informational and educational purposes only and should not be taken as professional advice. While I strive to provide accurate and up-to-date information, I make no warranties or guarantees about the completeness, reliability, or accuracy of the content. Readers are encouraged to verify the information and seek independent advice as needed. I disclaim any liability for decisions or actions taken based on the content of this blog.