Agents now spend money on our behalf at a meaningful scale. The five companies racing to host that economy have built impressive infrastructure for telling you who showed up and what appeared to happen. None of them have built infrastructure that proves what actually happened, or makes anyone pay when it didn’t. That gap is the next primitive, and it cannot be filled by any of the people currently competing to fill it.
The threshold we crossed without noticing.
In 2025, agents stopped recommending purchases and started making them. Visa logged 25 billion AI bot requests across a two-month window. Coinbase’s x402 protocol now processes transactions from 69,000 active agents. Stripe projects that agents will account for most online transactions in the near future. The infrastructure response has been faster than almost anyone predicted: wallets, rails, protocols, fraud systems, identity standards.
Underneath that velocity, a foundational problem has gone largely unanswered. When an AI agent transacts on a human’s behalf, how does the consumer, the merchant, the regulator, or the counterparty verify that the agent actually did what it was authorized to do? Authentication tells you who showed up. Observability tells you what appeared to happen. Neither tells you what actually happened. Neither tells you who is accountable when it goes wrong. Neither imposes any cost on an agent that passes every check and still misbehaves.
Imagine an agent authorized to book the cheapest available flight books a slightly more expensive one instead — because the airline’s affiliate program pays a kickback to the infrastructure provider routing the request. Authentication passed. The logs look clean. The agent did exactly what the code permitted. Nobody gets penalized. You never find out.
Five companies are building the rails for this new economy. Each has shipped something real. Each has stopped one layer short of the layer that matters.
The same shape of gap, five different times.
Visa launched Trusted Agent Protocol (TAP) with Cloudflare in October 2025, and 30+ partners are now building in the Visa Intelligent Commerce sandbox. TAP solves a real problem: distinguishing legitimate AI agents from the malicious bot traffic that has grown 300% in a year. What it cannot do is impose any economic consequence on an authenticated agent that then misbehaves. Identification is not accountability. Visa also has a conflict it rarely says out loud. The audit layer regulators want is one Visa cannot itself operate, because Visa is an interested party.
Mastercard’s Verifiable Intent, launched March 2026 with Google, IBM, Worldpay, and Adyen, is the most cryptographically ambitious of the five. It binds a consumer’s identity, instructions, and transaction outcome into a single tamper-resistant record. The catch sits one layer down. A signed credential proves what was authorized. It does not prove that the execution matched the authorization. An agent can produce a perfectly valid Verifiable Intent record and still execute something different off-chain, and Mastercard’s own servers are the storage of last resort.
Stripe shipped 288 product launches at Sessions 2026 and explicitly framed itself as the economic infrastructure for AI. The Machine Payments Protocol, agent-ready financial accounts, stablecoin cards in 30 countries, Privy-backed wallet provisioning. The frame Stripe uses for its own positioning is “invisible crypto infrastructure,” which is exactly the problem. When Stripe settles an agent transaction through its own rails, no neutral party confirms the execution was correct. Enterprise buyers building on MPP need an audit trail that Stripe does not unilaterally control.
Coinbase has gone further than any incumbent on open standards. x402 has processed 119 million transactions and signed up AWS, Stripe, and World as integration partners. The Coinbase team is publicly honest about the weak point: dispute resolution. The protocol does $28,000 a day in real volume against $600M annualized headline numbers, which tells you most of the activity is still test and dev. A credible accountability layer is required.
From the official Coinbase x402 FAQ:
“How do refunds work? The current exact scheme is a push payment and irreversible once executed. Two options:
- Business-logic refunds: Seller sends a new USDC transfer back to the buyer.
- Escrow schemes: Future spec could add conditional transfers (e.g., HTLCs or hold invoices).”
Option 1 is “hope the seller sends the money back.” Option 2 is a future spec item that doesn’t exist yet. Neither is a dispute resolution mechanism.
The FAQ also separately addresses facilitator honesty – they note that a malicious facilitator fails signature checks if it tampers with the payment itself. But that’s only proving the payment wasn’t intercepted. It says nothing about what happens when the payment went through correctly and the outcome was still wrong.
Revolut runs FinCrime AI agents that flag fraud, freeze cards, and block transactions for 13 million UK customers without human review at scale. Two engineers at Revolut built a market-making system on Claude and Revolut X via MCP in thirty minutes. As a regulated bank in 35 countries, Revolut faces a tightening EU and UK requirement that AI-driven financial decisions be auditable and contestable. Revolut has server logs. It does not have model attestation. If a customer challenges a freeze, there is no cryptographic proof that model X version Y made decision Z. The compliance burden of that gap is going to compound through 2026.
Five different companies. Five different stacks. The same missing layer in every one of them.
What the market calls “verifiability” is mostly four things, none of which verify.
The vendor landscape sorts cleanly into four layers, and the ranking matters because most buyers do not realize how shallow the layers above the bottom one actually are.
Read those four layers honestly and the picture is uncomfortable. The most cryptographically rigorous solution available today, Azure Confidential Inferencing, asks you to trust Microsoft. The most widely deployed observability platforms ask you to trust LangChain or Datadog. The most mature governance tool asks you to trust Credo AI. None of these are bad products. They solve real problems. They are simply not designed to do the thing the next phase of agentic commerce needs.
Microsoft can verify the code. It cannot verify the outcome.
Azure Confidential Inferencing is an important participant in this space because a meaningful portion of enterprise IT is buying it as the answer. Inference runs inside confidential GPU virtual machines backed by trusted execution environments. The Azure Confidential Ledger provides an immutable, append-only transparency layer. Users can independently verify, with hardware-rooted attestation, that the code Microsoft says is running is the code that is actually running.
However, that is not the same thing as verifying that the right outcome happened. Also the verification is not credibly neutral. The transparency ledger is operated by Microsoft. The attestation service is operated by Microsoft. If a regulator is investigating Microsoft, or if a customer is in dispute with a Microsoft-hosted agent, the verification chain runs through the entity being investigated. It is hardware-rooted trust, and it is not decentralized trust.
That is the gap EigenLayer fills. Operators are cryptoeconomically bonded to correct behavior, and slashing conditions put real capital at risk when outcomes are wrong. The verification chain does not run through a single infrastructure provider. It runs through a decentralized set of operators whose incentives are structurally aligned with producing correct outputs — and who face concrete financial consequences when they don’t.
Azure verifies that Microsoft is running the right code. A complete accountability stack verifies that the right outcome happened, and puts capital at risk if it didn’t.
Those are different claims. Both are useful. Only the second one closes the loop.
Three properties, and only one architecture has all of them.
Read the gaps in the five companies and the four layers together and a clear specification falls out. A complete accountability stack for agentic commerce needs three properties simultaneously, and the absence of any one of them is what every existing solution shares.
The first two properties together rule out every centralized vendor. The third rules out every observability and governance platform on the market, no matter how rigorous their tracing. Decentralized restaking is the one architecture that supplies all three. Operators run TEE-backed verifiable execution. The substrate is institutionally neutral. Restaked collateral provides the slashable economic consequence that no centralized auditor structurally can.
This is what EigenCloud is built for. EigenVerify (proposed) provides the dispute resolution layer that x402 acknowledges it needs and that Visa’s TAP is structurally missing. EigenCompute supplies the verified execution layer that completes Mastercard’s Verifiable Intent. EigenDA gives Stripe and Revolut the regulator-accessible immutable audit trail that no payment processor can credibly host on its own servers.
None of this requires the incumbents to rebuild anything. EigenCloud slots beneath their existing stacks as the accountability substrate. TAP keeps doing identification. Verifiable Intent keeps doing authorization. MPP keeps doing settlement. x402 keeps doing payment. EigenCloud supplies the layer that none of them can supply for themselves, because none of them can credibly be the neutral party.
That combination produces something that hasn’t existed before: a complete stack for autonomous agents to transact at institutional scale. Identify the counterparty, confirm the action is authorized, execute the payment, settle it, and generate verifiable proof that the right outcome happened with real capital at risk if it didn’t. No human in the loop to close it.
The web got identity wrong, bolted payments on as an afterthought, and never built accountability in at all. Thirty years later we are still living with those decisions. The agentic economy is early enough that the stack can be assembled correctly from the start. The result isn’t just faster automation. It’s automation you can actually trust with something that matters.
The EU AI Act is the moment this argument becomes load-bearing.
The August 2026 EU AI Act deadline is the forcing function. Its requirement is not just that high-risk AI agents produce logs. The requirement is that those records be independently verifiable by a regulator without relying on the operator. Azure’s transparency ledger satisfies this technically. It does not satisfy it institutionally. A regulator verifying Azure logs against Azure attestation is still trusting Microsoft. That is not what the regulation, read carefully, asks for.
Every regulated entity running AI agents in the EU is going to discover this gap on a compressed timeline. Revolut will discover it first because it has the most agents making the most consequential decisions at the highest scale. Mastercard will discover it next because Verifiable Intent records will end up in regulatory review. Visa, Stripe, Coinbase will follow.
The companies racing to host the agent economy have built remarkable infrastructure for the layers they own. The accountability layer is the one layer none of them can own, and the next eighteen months will make that explicit.
Build with us.
We are working directly with payment networks, agentic commerce platforms, and regulated financial institutions to deploy verifiable agent infrastructure on EigenCloud. If you are building in this space and the gap in this piece is one you have seen from inside your own stack, we want to talk.
Be the first to comment