There is a version of this story that gets told as disruption. AI agents will bypass Visa, route around card networks, and rebuild commerce from the ground up on stablecoin rails. The stock price of Mastercard will plunge. The era of interchange fees will end.

That version is not what is actually happening.

The version that is actually happening is quieter, more structural, and arguably more interesting. A new class of economic actors — software agents with delegated spending authority — is entering commerce at the margins, in precisely the places where existing payment infrastructure either cannot or will not go. And stablecoins are being built into the plumbing, not as a disruption to the existing system, but as a settlement layer for the parts of that system that never existed yet.

The real stablecoin opportunity is not in capturing existing payment flows. It is in making viable the transactions that no existing infrastructure can currently settle.

To understand why this distinction matters, it helps to understand what is actually being built, who is building it, and where the real friction lives.

What Agentic Commerce Actually Is

The term gets used loosely. A more precise framing: agentic commerce is an economic system in which software agents — programmes operating on behalf of a human with some degree of delegated authority — complete the full transaction lifecycle without step-by-step human intervention. That lifecycle includes discovering available services, evaluating them, authorising payment, and confirming fulfilment.

What makes this structurally different from existing e-commerce automation is not the automation itself. Subscription billing, one-click checkout, and saved payment methods are all forms of reduced-friction human commerce. The difference with agentic systems is the locus of decision. The agent is not executing a pre-programmed instruction for a known merchant at a known price. It is navigating novel contexts, comparing unknown providers, and settling with services that may have no prior relationship with the user's financial infrastructure.

That gap between "known merchant with a checkout page" and "novel software service that a developer shipped last week" is where most of the interesting infrastructure problems live.

The Protocol Stack Being Assembled

Over the past eighteen months, a coherent technical stack for agentic commerce has emerged from several simultaneous directions. The pieces are closely related even if they come from different organisations.

Discovery: the Universal Commerce Protocol

Google's Universal Commerce Protocol (UCP), which reached version 1.0 in January 2026, standardises how an agent discovers what a merchant or service provider can do. The mechanism is straightforward: a merchant publishes a machine-readable manifest at a well-known URL endpoint, advertising capabilities, payment handlers, and supported transaction types. The conceptual parallel is what robots.txt did for search crawlers — a lightweight convention that allows automated systems to interrogate what is permitted and available without custom negotiation for each integration.

Intent: the Agent Payments Protocol

Announced by Google Cloud in September 2025 and now backed by more than sixty organisations including Mastercard, Adyen, PayPal, Coinbase, and Worldpay, the Agent Payments Protocol (AP2) addresses the harder problem: how do you prove, cryptographically, that a specific human authorised a specific transaction?

This matters enormously for enterprises and regulators. The traditional checkout model contains an implicit authorisation signal — a human clicked a button on a trusted surface, at a specific moment, for a specific amount. When software is doing the clicking, that signal disappears unless explicitly reconstructed.

AP2's approach uses mandates: cryptographically signed digital contracts that record intent at each stage. An intent mandate captures the initial instruction. A cart mandate captures the approved items and price. The chain constitutes a non-repudiable audit trail, answering the questions that compliance teams need answered: who authorised this, under what conditions, and with what constraints? This is also where modular smart accounts — like those built by Safe (formerly Gnosis Safe) — become critical enterprise infrastructure. They allow organisations to set cryptographic human-in-the-loop thresholds: an agent may spend up to a defined limit autonomously, but anything above that ceiling requires multi-signature human approval. The policy wallet is not merely a spending account; it is a programmable governance layer.

Settlement: x402 and the HTTP 402 Resurrection

The HTTP status code 402 — "Payment Required" — has been reserved since the early 1990s for a future in which payments could be embedded directly into the web's communication layer. That future never arrived for traditional finance.

Coinbase's x402 protocol, launched in May 2025, is the most concrete attempt to finally use it. The mechanism is elegant: an agent sends a standard HTTP request to a protected API. The server responds with 402 Payment Required, specifying a price in USDC, a recipient address, and a network. The agent's policy wallet validates the request against a pre-approved spending mandate, constructs a signed payment authorisation, and retries the request with a payment signature header. A facilitator executes the on-chain transfer, and the server delivers the data with a settlement receipt.

No merchant account. No checkout page. No onboarding form. Payment is structurally embedded in the API call itself.

Why Cards Still Win in Consumer Commerce

Before examining where stablecoins win, it is worth being precise about where they do not — because the most prevalent narrative in crypto gets this backwards.

Card networks will almost certainly continue to dominate most agent-driven consumer commerce. Noah Levine, who shaped Visa's stablecoin strategy before joining a16z crypto as an investment partner, made this case directly in February 2026, and it deserves to be taken seriously rather than dismissed as incumbency bias.

Cards do not just move money. They bundle unsecured credit, pre-authorise uncertain transactions, and guarantee chargeback rights. An agent booking a hotel room has an implicit consumer protection requirement: if the room looks nothing like the photographs, the human who issued the mandate needs recourse. Stablecoins facilitate settlement. They do not replicate the credit and dispute infrastructure that cards bundle into every transaction.

The card networks are also not standing still. Visa's Intelligent Commerce initiative and Mastercard's Agent Pay both extend network-token primitives to agent contexts — binding payment credentials to specific agent identities with user-defined spending constraints, while preserving the existing fraud and dispute framework. This is the same tokenisation architecture underlying Apple Pay, extended to a new kind of device that happens to be software rather than a phone.

Stablecoins winning in agentic commerce does not require cards to lose. It requires a different and largely unaddressed problem to get solved.

The Underwriting Gap: Where the Real Opportunity Is

Here is the structural reality that most analysis misses.

When a payment processor approves a merchant, it assumes liability exposure for that merchant's behaviour. If the merchant commits fraud or generates excessive chargebacks, the processor faces financial consequences. Managing this exposure is the core risk function of traditional acquiring, and it shapes every aspect of merchant onboarding: the documentation, the time windows, the rolling reserves, the fee structures.

This framework was designed for an established business with physical presence, operating history, verifiable ownership, and a stable product offering. It works well for hotels, airlines, and software companies with recurring revenue. It works poorly — or not at all — for a rapidly growing class of commercial entity: software tools that sell functionality by the API call, with no website, no incorporated entity, no operating history, and no predictable chargeback profile.

The mathematics are equally hostile. Even if a processor could underwrite an AI agent executing a $0.05 API call, the standard card interchange structure — a $0.30 flat fee plus 2.9% — eliminates the entire principal. The transaction is not just unprofitable; it is structurally impossible to settle through card rails at sub-cent price points.

Consider the scale of the new software supply being created. GitHub reported 36 million new developers joining its platform in 2025. Y Combinator noted that roughly a quarter of its Winter 2025 batch had codebases where 95% of the code was AI-generated. Platforms designed to pull non-developers into software creation are accelerating this further. Many of these services have no business registration, no customer service function, no history of chargebacks, and no predictable uptime commitment. Traditional processors are rational to decline them.

Noah Levine described a developer whose tool was called 40,000 times in a week at $0.001 per call by another developer's agent. The transaction volume was real. The payment infrastructure to receive it did not exist. The developer's first question was: how do I get paid? The answer, within existing systems, was: not easily.

This is precisely the gap that x402 and stablecoin-native protocols are designed to fill. Tools like Firecrawl, which sells web scraping at one cent per query; Browserbase, which sells browser automation sessions; and Freepik, which sells AI image generation per request — each represents genuine commercial activity that card infrastructure cannot reach. Not as a superior alternative to Visa for hotel bookings, but as the only viable mechanism for a long tail of service providers too ephemeral, too small, and too new to clear the underwriting bar.

The Institutional Settlement Layer

Separately from the agent payments conversation, stablecoins have been accumulating institutional settlement volume through a less visible route.

Visa's USDC settlement operations — allowing issuer and acquirer partners to settle obligations in USDC on Solana — were running at a $3.5 billion annualised rate as of November 2025, rising to approximately $4.5 billion by mid-January 2026. This volume is invisible to consumers. The front-end interaction remains a standard card transaction. The back-end treasury movement shifts from correspondent banking windows and pre-funded nostro accounts to near-continuous on-chain settlement.

Circle's Payments Network (CPN) provides a compliance-first orchestration layer for this. The network connects banks, payment service providers, and virtual asset service providers under a common rulebook that embeds Travel Rule requirements, real-time foreign exchange through USDC and EURC pairings, and service level agreements for transaction speed and dispute resolution. Banking advisors from Santander, Deutsche Bank, Société Générale, and Standard Chartered are contributing to the network design.

The operational value proposition is mundane in the best sense: 24/7 settlement availability, reduced pre-funding requirements, and a single API that avoids the need for bilateral correspondent agreements in each new payment corridor. For a treasury department managing multi-currency liquidity across time zones, this is a meaningful operational improvement rather than a philosophical bet on crypto.

The Regulatory Shift That Makes This Institutional-Grade

The GENIUS Act, enacted in July 2025, established the first comprehensive federal regulatory framework for payment stablecoin issuers in the United States. It prohibits issuance of payment stablecoins except by permitted issuers that meet reserve, redemption, audit, and risk management requirements. The OCC's notice of proposed rulemaking in February 2026 — Bulletin 2026-3 — began implementing this framework for national banks and federal savings associations.

The practical significance for institutional adoption is substantial. Reserve backing requirements address the fundamental counterparty concern that treasury departments and compliance teams have historically raised about stablecoin exposure. If a counterparty's USDC is backed by regulated reserves and subject to federal examination, the risk assessment looks materially different than exposure to an unregulated crypto instrument.

The regulatory hardening also applies pressure in the other direction: stablecoin issuers operating at scale must maintain compliance infrastructure comparable to regulated financial intermediaries. This concentrates issuance around entities with the compliance capacity to meet the standard. USDC, issued by Circle and distributed through institutional partnerships, is well-positioned for this environment precisely because Circle has been building toward regulatory clarity rather than away from it.

The Trust Problems That Have Not Been Solved

Two structural gaps in the current protocol landscape deserve honest acknowledgment.

The dispute gap

On-chain transfers are final by default. There is no Visa dispute network for a USDC payment. When a service accepts payment and fails to deliver, the buyer's recourse depends entirely on what the protocol stack provides — which, in current implementations, ranges from reputation penalties to smart-contract escrow to nothing. Three approaches are being pursued in parallel: reputation-based liability, where failed delivery reduces standing in agent routing registries; smart-contract mediated refund protocols; and escrow-first designs that release funds only on verifiable proof of task completion. None of these yet replicates the breadth of the card network chargeback system.

The identity gap — and the sanctions liability trap

For agentic commerce to scale into institutional territory, agents need identity that is auditable, attributable, and legally mappable to a responsible human or entity. Cryptographic agent identity establishes that a specific software instance made a specific transaction. It does not, by itself, establish legal accountability.

The stakes here are higher than most commentary acknowledges. If an autonomous agent, optimising purely for the cheapest available GPU compute, routes a payment to a decentralised provider that is subsequently found to be linked to an OFAC-sanctioned entity, the liability chain is currently undefined. Does the penalty fall on the human who signed the AP2 mandate, the developer who built the agent, or the custodian holding the wallet? This is not a theoretical edge case. It is a risk scenario that any compliance officer at an institution considering agentic treasury automation must model before proceeding.

The gap between cryptographic attribution and legal responsibility is currently bridged in practice by Merchant-of-Record structures and AP2-style mandate chains. It does not scale to millions of sub-cent API settlements between agent instances operating globally across sanctions jurisdictions.

The Honest State of the Market

There is real adoption, real institutional commitment, and material hype inflation — all simultaneously.

On the adoption side: Visa and Circle are moving billions in institutional settlement through stablecoin rails. Mastercard has completed live agent payment pilots with DBS and UOB in Singapore. OpenAI's Instant Checkout brings agentic commerce primitives to a mass-market interface. AP2 has sixty-plus institutional backers and a versioned public specification on GitHub. The GENIUS Act has passed and the OCC is implementing it through formal rulemaking.

On the inflation side: x402's self-reported transaction volumes were approximately fifteenfold higher than independently verified figures. Allium Labs put genuine AI agent transaction volume at roughly $3 million over a recent 30-day window. After filtering for wash trading — wallets cycling funds between themselves to inflate metrics — Noah Levine at a16z estimated real volume closer to $1.6 million. Artemis estimated that as of December 2025, approximately 48% of transactions and 81% of volume reflected artificial activity. Daily genuine transaction volume as of early March 2026 was approximately $28,000.

The infrastructure is running well ahead of organic commercial demand. That is not a pathology — it is the correct order of operations. Internet payment infrastructure was built in the 1990s ahead of the e-commerce volumes that arrived in the 2000s. The question is whether it is being built correctly, not whether it is being built early.

What This Means for Financial Infrastructure Participants

For banks, the immediate implication is operational. Settlement windows currently constrained by correspondent banking hours can shift toward near-continuous availability. Pre-funding requirements can be reduced. Treasury reconciliation can be automated against on-chain settlement receipts. These are boring improvements with non-trivial financial impact. The strategic implication is longer-dated but more consequential: banks that do not develop stablecoin settlement capabilities in the next three years will find themselves dependent on intermediaries that have.

For payment processors and acquirers, the underwriting gap represents both displacement risk and a genuinely addressable market. The sub-cent API merchant category will largely bypass traditional onboarding entirely. But building risk-scoring infrastructure for agent-native merchants — replacing static underwriting models with continuous, simulation-based monitoring of the kind that firms like Gauntlet have applied to DeFi protocol risk — could establish a valuable position in the emerging ecosystem before it is claimed by crypto-native operators. The processors that survive the next cycle will be the ones that built the missing underwriting infrastructure for merchants that do not yet exist in their systems.

For AI infrastructure builders, AP2 compliance is not an obstacle to work around. It is the mechanism by which agents earn access to institutional-grade payment rails. Verifiable mandate chains, cryptographic agent identity, enforceable spending constraints — building toward these from the start is more durable than building on permissionless protocols and hoping the compliance question is deferred indefinitely.

For regulators, the velocity problem is real and the window for proactive engagement is narrowing. Autonomous systems will scale transaction volumes faster than the legal frameworks governing agent liability and sanctions exposure can be updated. Engaging with the protocol standards being defined now — AP2, UCP, x402 — is more effective than building reactive frameworks after the market has set its own conventions.

The Two Rails of Agentic Commerce

The structure that is actually emerging is a two-track system that is unlikely to converge in the near term, and probably should not.

For established consumer commerce — retail, travel, subscriptions, marketplace transactions — card tokens with agent-compatible scoping will handle the dominant share. The fraud infrastructure, credit bundling, and dispute rights that cards provide are not features consumers want to surrender because an AI is doing the shopping.

For the machine economy — API monetisation, developer tools, pay-per-inference AI services, cross-border micro-settlements, and the long tail of novel software services — stablecoin-native rails will handle the flows that card infrastructure cannot reach. x402 is being built for this market not as a replacement for cards but as infrastructure for the terrain where cards have never operated.

The longer-run question is whether the identity and underwriting infrastructure being built for the stablecoin track can, over time, graduate merchants into card-accessible status as their risk profiles become legible. That graduation path — from x402-native settlement to tokenised card rails as operating history accumulates — is the logical evolution of a maturing ecosystem.

Building the trust layer for the next generation of merchants — verifiable identity, verifiable intent, verifiable fulfilment — is the actual infrastructure problem being solved. The settlement method is downstream of that.

Sources