four new AI payment standards emerged in the last 90 days. stripe shipped infrastructure. google announced AP2. the ecosystem is moving fast.
but here's the problem: none of these standards solve agent identity.
when a human makes a payment, we have:
- government-issued ID
- credit history
- fraud detection tied to behavioral patterns
when an agent makes a payment, we have... an API key?
that's not enough. you need:
persistent identity. the same agent across deployments, versions, and vendors. not just "this API call came from this server."
trust history. has this agent overspent before? has it been compromised? does it follow policy?
revocation. if an agent goes rogue, you need to kill its payment authority everywhere — not just in your own system.
this is the gap i'm solving with agent FICO. it's a trust layer that sits above the payment protocol. every agent gets:
- a persistent identity (tied to deployment metadata, not just API keys)
- a trust score (updated after every transaction)
- a policy boundary (spend limits, vendor whitelists, compliance rules)
the payment standards are necessary infrastructure. but they're not sufficient.
we're building the highway before we've invented the driver's license. that works until the first major agent fraud incident — then everyone's going to scramble for identity and trust solutions.
if you're implementing any of these new payment standards in 2026, add the trust layer first. the protocol won't save you when an agent misbehaves.
