AI-Native Playbook

The Future

From Attention to Intention

Agent-to-agent commerce is already in production. The go-to-market stack built for human readers is being rebuilt for software readers, and every legacy product surface is becoming a callable interface above the existing UI.

In April 2026, Claude Code can autonomously discover, register for, and pay for paid services through the x402 protocol. The agent picks the provider, signs the request over HTTP, and settles in stablecoin against a Coinbase wallet without a human touching the loop for vendor selection, pricing, or payment. Anthropic Agent Skills became an open standard at agentskills.io on December 18 2025, supported across Claude.ai, Claude Code, the Agent SDK, and the Developer Platform. The Linux Foundation x402 Foundation launched April 2 2026 at MCP Dev Summit North America with over twenty industry supporters including Google, Microsoft, Visa, Stripe, Cloudflare, Mastercard, and Amazon. The composite move is the first deployed instance of agent-to-agent commerce at the discovery, contracting, and settlement layers — verification still runs domain-specific and unsolved, and the rest of the chapter develops the gap that opens when the first three layers automate and the fourth does not.

Every layer of the historical go-to-market stack assumed a human reader, and that machinery has no counterpart on the agent side of the market. The unit of economic activity is moving from inputs (clicks, sessions, attention seconds) to verified outcomes (a refund recovered, a contract signed, a deployment shipped), and the firms that survive the shift are the ones whose products expose a callable interface for the software that will increasingly do the buying.

Agent-to-agent commerce stopped being theoretical when Claude Code started buying APIs

The proof point sits inside Claude Code's plugin marketplace. A practitioner runs /plugin marketplace add against the public Anthropic Skills repository, picks a paid MCP server, and the agent runs. When the server is gated by x402, the agent receives an HTTP 402 Payment Required response, signs a stablecoin payment against the user's wallet, retries the call, and receives the result. The full loop — discovery, authorization, payment, retry, response — runs without a human in the synchronous path2. As of April 2026 the public counters on the x402 product page show roughly 75 million transactions and $24 million volume on a 30-day rolling basis, with multi-chain support added in v2. The architectural primitive that did not exist eighteen months ago is now running at meaningful per-month volume against real money.

Three settlement-and-coordination protocols emerged through 2025 to standardize the same shape, each from a different incumbent. The Agentic Commerce Protocol from Stripe and OpenAI launched September 29 2025 with Etsy, Shopify, Glossier, Vuori, Spanx, and SKIMS at launch. Google's Agent Payments Protocol launched September 16 2025, interoperable with the Agent2Agent (A2A) protocol and with Coinbase x402 as the crypto rail. Coinbase's x402 Foundation under the Linux Foundation went GA April 2 2026 with the major card networks and cloud platforms as founding supporters. The card-network layer moved in parallel: Visa Trusted Agent Protocol launched October 14 2025 with Cloudflare and a published spec on GitHub, joined by Adyen, Microsoft, Stripe, Coinbase, Ant International, Checkout.com, CyberSource, Elavon, Fiserv, Nuvei, Shopify, and Worldpay. Mastercard Verifiable Intent followed on March 5 2026 with Google, Fiserv, IBM, Checkout.com, Basis Theory, and Getnet as committed partners; Pablo Fourez, Mastercard's Chief Digital Officer, framed the protocol's job in one line: "As autonomy increases, trust cannot be implied. It must be proven.". The Front-Running section below returns to Verifiable Intent's Selective Disclosure architecture as the authentication primitive that makes verifiable agent commerce land.

The political-economy signal sitting under the protocol layer is the speed at which the major incumbents paid in. Visa's October 2025 release cited the structural pressure: AI-driven traffic to U.S. retail sites surged over 4,700% in the year preceding the announcement. Card networks, cloud platforms, payment providers, and crypto infrastructure firms each contributed engineering and joined the new foundations within months of the surge data publishing — a pattern of standards co-production that historically takes years. The architectural shape — identity plus intent plus outcome, signed cryptographically, settled on a public payment rail, verifiable after the fact — is now decided.

Each protocol solves a different cut of the same problem and the relationships are composable rather than competing:

  • x402 — open settlement rail for agent-to-agent payments at micro-amounts.
  • ACP — merchant-facing protocol for agent-driven retail checkout.
  • AP2 — Google's coordination layer tying payments to the broader agentic-commerce flow.
  • TAP — Visa's bot-distinguishing protocol helping merchants accept legitimate agents while blocking malicious traffic.

A single agent transaction in 2026 can use AP2 for orchestration, x402 for settlement, and TAP for merchant authorization without contradiction; the visible disagreement is over where authorization sits — TAP wants merchants to gatekeep agents at the HTTP layer, while AP2 plus x402 want agents to transact freely under cryptographic identity — and the resolution of that tension will shape which kinds of buyers and sellers can clear against which kinds of stacks.

Attention was the wrong unit of measurement

The historical model monetized inputs of every kind — clicks at the search layer, attention seconds inside the funnel, and the residual curiosity ads had already built by the time the pricing page loaded — treating the user as the product whose confusion was being arbitraged. The conversion funnel itself existed because attention was wasted at every step.

When the buyer is software, the relevant input variables change shape:

  • a goal expressed as code or as natural-language instruction the agent compiles into action,
  • a budget enforced by the wallet or by per-session token caps,
  • a deadline encoded in machine-readable form, often as a timestamp or duration,
  • a quality threshold defined by an evaluator function the agent will run against the result.

The conversion funnel collapses to two events: the goal expression and the verified outcome. Everything in between — discovery, comparison, negotiation, checkout — runs in software at a cost approaching zero per round. Schema legibility is now the qualifying gate; an offer that the agent's evaluator cannot parse never reaches the comparison stage where a human salesperson would have had a chance to recover.

The naive view that follows is that agent buyers are immune to manipulation. The empirical record is the opposite. Agents inherit the biases in their training data, including bias toward brand names and toward content optimized for AI retrieval; production agentic shopping benchmarks show measurable framing effects in product retrieval; structured catalogs can be stuffed in ways that move the agent's choice without changing the underlying product. The economic effect is that the manipulation surface migrates from the rendered page (where ads ran) to the structured catalog and the retrieval index (where machine readers read). The skill that used to land on the SEO team now lands on whichever team owns the agent-callable surface.

The verified data on the demand side already shows the inputs/outcomes shift in motion. Adobe Analytics' January 10 2026 holiday recap measured retail AI-referral traffic up 693.4% year-over-year in November and December 2025, AI revenue per visit up 254%, AI conversions 31% higher than non-AI sources nearly doubling year-over-year, AI conversions 38% higher than non-AI on Black Friday, and AI conversions 54% higher than non-AI on Thanksgiving. The methodology covers more than one trillion visits to U.S. retail sites. The mechanism behind the conversion lift is not that agents are better salespeople but that agents pre-qualify the buyer before referral: the un-converting tire-kicker traffic that human discovery surfaces would have surfaced never arrives, leaving the merchant a smaller and more pre-committed funnel.

Horizon: B2B procurement agents acting against multi-vendor catalogs are an active build cycle in 2026 (Pactum AI for negotiation, Procore and Trimble Construction One for vertical workflows, Coupa AI agents in the procurement stack), but the production-grade pattern of agents fanning out RFPs to fifteen suppliers in parallel and clearing on a structured-quote SLA is still consolidating across vendors as of April 2026.

The supplier side has its own answer that inverts the customer relationship. Jack Dorsey's "From Hierarchy to Intelligence" essay with Roelof Botha at Sequoia Capital (March 31 2026) names the third architectural layer above capabilities and interfaces as proactive intelligence: the system composes capabilities into solutions for specific customers at specific moments and delivers them proactively, prompting the customer rather than waiting to be prompted. Block Managerbot, launched April 7 2026, is the deployed instance: a Square-embedded agent that monitors seller operations continuously, surfaces actions on inventory forecasting, employee scheduling, and marketing campaigns, and requires seller approval before executing. It runs on Anthropic Claude Sonnet plus OpenAI GPT models behind a single proactive surface. Where the prior Square AI assistant waited for the seller to ask, Managerbot surfaces the reorder proposal once it spots an inventory trend two weeks from stockout. The mode shift, when interface is conversation rather than visual navigation, is that the company sees the customer's signal in full fidelity and the natural action is to prompt rather than wait.

Intent markets clear through signed intents and competitive solver auctions

The deployed precedent for what an intent market actually looks like sits inside DeFi, where the adversarial environment forced production-grade architecture. CoW Protocol takes signed off-chain intents from traders, batches them in short windows, and runs a competitive solver auction over each batch, with the winning solver compensated in COW token; every order in a batch settles at a uniform clearing price, which makes transaction ordering irrelevant and removes the surface that sandwich attacks and front-running run on. The architecture delivers MEV protection by construction: uniform clearing leaves no surface for the attack to attach to. Strip out the on-chain settlement and the architecture is a generic intent-market shape — signed user intents, short batch windows, competitive solver markets, uniform clearing rules, and ordering-resistant execution. Replace COW token compensation with USDC plus a traditional payment rail and the same machinery clears any structured outcome.

The cyber•Fund Intent Economy essay (December 15 2025) describes the lifecycle in eight stages — Declaration, Orchestration, Auction, Contracting, Execution, Validation, Settlement, Feedback — plus an optional Arbitration stage on disputed contracts, and notes that each stage already has a working production implementation across one industry or another. The integration work is hard. None of the stages requires research progress that has not already happened.

ERC-8004 (Trustless Agents, August 13 2025), authored by Marco De Rossi, Davide Crapis, Jordan Ellis, and Erik Reppel, is the protocol-level answer to discovery and reputation across organizational boundaries. Verbatim from the abstract: "This protocol proposes to use blockchains to discover, choose, and interact with agents across organizational boundaries without pre-existing trust, thus enabling open-ended agent economies.". The standard introduces three on-chain registries with deliberately narrow scope:

  • Identity Registry — an ERC-721-based portable identifier that resolves to a registration file describing the agent's endpoints and capabilities.
  • Reputation Registry — a feedback interface that accepts and surfaces reputation signals against the identity.
  • Validation Registry — a generic hook for requesting independent verification (re-execution, zero-knowledge proofs, or Trusted Execution Environment attestations) with results recorded on-chain for composability.

Application logic stays off-chain, where it can iterate at software speed while the trust primitives stay anchored.

Horizon: Multi-attribute auction clearing where the bid is a structured proposal carrying price, ETA, reputation, and compliance certifications is the architectural pattern the protocol stack is converging on, but as of April 2026 no production system in the agent-commerce mainstream has shipped a public weighted-utility-function clearing engine. CoW Protocol's solver auction is the closest deployed precedent and runs single-attribute (price-equivalent for fungible assets). The mechanism design literature is mature; the deployment cycle for multi-attribute clearing in agent commerce is 2026-2028.

Mastercard's Verifiable Intent is the cryptographic glue at the contract-and-settlement boundary. The framework links a consumer's identity, their specific instructions, and the outcome of a transaction into a single tamper-resistant record. Selective Disclosure shares only the minimum information needed with each party — the merchant sees the authorization without seeing the full instruction history, the issuer sees the cardholder authentication without seeing the merchant's product catalog. The specification is open-sourced on GitHub. The architectural shape the chapter cares about is that the audit trail itself is now a primitive the protocol layer hands to merchants for free, instead of a custom integration each merchant has to build. The closing pattern across stacks is consistent: a buyer agent expresses intent, seller agents bid against a multi-dimensional rubric, a clearing rule picks the winner, a settlement rail handles payment, a verifier checks the result, and a reputation graph absorbs the outcome and shapes the next round of bids.

Established SaaS is rebuilding around an agent-callable surface

Through the 2010s the SaaS contract was an API for developers and a GUI for end users. By 2026 the GUI for end users sits next to a CLI or MCP server that agents call directly, with the agent surface treated as a co-equal product the engineering team ships and instruments. The interface is for software readers, not human readers, and the companies that survive the next ten years build the callable layer with the same cadence they build the front-end.

The documentation layer for the callable surface is AGENTS.md. Stewarded by the Agentic AI Foundation under the Linux Foundation, the format is supported across the major agent runtimes including OpenAI Codex, Cursor, Jules, Amp, Aider, Factory, and Gemini CLI. Verbatim from the spec: "AGENTS.md is just standard Markdown. Use any headings you like; the agent simply parses the text you provide." The companion Anthropic Agent Skills format (SKILL.md plus an evaluation harness) covers the same job from a different angle — a Skill is a callable bundle the agent loads on demand, an AGENTS.md is the runtime instruction set that tells the agent which Skill applies when. The pattern across the leading agent runtimes is to use both: a project-level AGENTS.md at the repository root, plus a folder of versioned Skills the agent invokes against specific tasks.

The CLI side of the callable surface is now common from major vendors. Google ships gws as the de-facto Apache 2.0-licensed Google Workspace CLI inside the googleworkspace GitHub organization, exposing one CLI surface for Drive, Gmail, Calendar, Sheets, Slides, Docs, and Chat — though the README discloses the project is community-maintained rather than officially supported. Google's first-party Gemini CLI (June 2025) ships with a ReAct loop, MCP support, a 1M-token context window, and an Apache 2.0 license. Stripe's Agent Toolkit (released November 14 2024) wraps the Stripe SDKs for agent use and ships its own MCP server, MIT-licensed. The architectural choice between CLI and MCP is now stable: CLI tools for local development workflows and single-tenant automation, MCP servers for multi-tenant SaaS with OAuth, and most leading agent runtimes use both.

The MCP side is where the legacy SaaS layer is consolidating fastest. Ramp ships a production MCP server at docs.ramp.com/developer-api/v1/guides/ramp-mcp-remote with tools for card activation, bill approval, reimbursement approval, natural-language policy questions, and beta agent-card credentials and funding. Notion's hosted MCP server provides full workspace access through OAuth and is designed to work with Claude Code, Cursor, VS Code, and ChatGPT. Linear, Asana, and monday.com all ship first-party MCP servers. monday.com's March 11 2026 release is the most direct restatement of agents-as-customers in a 2026 SaaS commercial model: instant API key provisioning, MCP support, OpenClaw integration, full enterprise governance, and a HATCHA reverse-CAPTCHA that verifies AI agents during signup rather than blocking them. Verbatim from the release: "Agents use the same account structure and pricing model as human customers, with free sign-up and API access available across all monday plans.". A SaaS company restating its commercial model around agents-as-customers is a structural marker; the rest of the industry is months behind monday.com on the framing, but moving in the same direction.

The protocol-stack convergence at the platform tier reinforces the shift. Salesforce and Google Cloud announced at Cloud Next '26 (April 22 2026) a joint architecture letting AI agents execute end-to-end workflows across Slack, Google Workspace, Agentforce, and Gemini Enterprise. The Atlas Reasoning Engine integrates Gemini natively into Agentforce; over 1,400 customers were using Gemini within Agentforce at announcement. Verbatim from Srini Tallapragada (Salesforce President and Chief Engineering Officer): "Businesses are ready to go all in on agentic AI, and that requires infrastructure and models that can operate across the entire enterprise.". Anthropic operationalized the same pattern from the model-platform side with the Connectors Directory at claude.com/connectors and Claude Managed Agents (April 8 2026, with Notion, Rakuten, and Asana as early customers), which lets enterprises define tasks, connect tools, and deploy agents without building separate orchestration layers.

The scale signal is the most direct evidence the trend is not speculative. The Model Context Protocol Registry tracker at mcpgrowth.den.dev shows roughly 13,853 servers as of April 2 2026, up from a handful at the protocol's introduction in November 2024 — growth of more than 3,900% in seventeen months. The MCP SDK records approximately 97 million downloads per month. The pattern is not waiting for laggards; it is consolidating around a small set of clients (Claude Code, Cursor, VS Code, ChatGPT) with every consequential SaaS shipping a server within weeks of competitors.

The consumer-product equivalent of the callable-surface investment is generative-engine optimization (GEO), the practice of structuring a site's content and metadata to be cited by ChatGPT, Claude, Perplexity, and Google AI Overviews. Each AI search backend uses different retrieval — ChatGPT browses the live web plus its own index, Anthropic and Perplexity each have their own crawlers, Google AI Overviews uses Google's index — and standard SEO signals (canonical URLs, citation counts, freshness, structured data) all feed GEO. The production-grade answer for a consumer brand is to treat GEO as an internal marketing skill rather than buying it as an outsourced service: the agencies repackaging legacy SEO under a new label tend to ship the same backlink playbook with a higher price tag, while the in-house team that controls the structured-data pipeline and the crawlable surface area can iterate against actual citation traces in days rather than quarters.

A practitioner checklist for the agent-callable surface, in order of build cost:

  • Project-level AGENTS.md at repo root using the agents.md spec. One day of work for a small product surface.
  • Structured product schema (Schema.org Product JSON-LD on every product page, or a Stripe Product Catalog feed if integrating ACP). One to two weeks for a typical e-commerce surface.
  • Public OpenAPI 3.x spec at a discoverable URL. Three to five days if the API already exists.
  • First-party MCP server wrapping the API for agent runtimes that prefer MCP over OpenAPI. One to four weeks depending on auth complexity.
  • x402-priced endpoint using Coinbase CDP's x402 middleware on Vercel, Cloudflare, or comparable. Two to five days for a single-action endpoint.

Warning: CLI / MCP parity drift is the most common failure mode at SaaS companies that ship both surfaces. The GUI gets a feature, the callable surface lags, and agents quietly route around the product. The discipline that holds is to ship every product change to both surfaces on the same release, with the callable surface treated as the canonical specification and the GUI as a presentation layer over it. Token efficiency is the second-order failure: a verbose MCP response that returns multi-kilobyte JSON for what could be a short string blows context windows and inflates inference cost, and the engineering team that ships a tight schema beats the team that ships a verbose one even when both expose the same operations.

For startups (5–50): ship the AGENTS.md plus the structured product schema plus a public OpenAPI spec inside the first 60 days, then add the MCP server and the x402-priced endpoint in the next 30. The agent-readable footprint determines whether the company exists in the AI-referral channel, and the cost of building it after the product surface has fragmented is an order of magnitude higher than the cost of building it on Day 1.

For enterprise transformations (500+): stage the rollout. Quarter 1 stand up an MCP gateway in front of the existing API estate (Anthropic Connectors, Cloudflare AI Gateway, or Kong AI Gateway as named options) and ship AGENTS.md across the most-used internal repos. Quarter 2 integrate one card-network protocol matched to the business — Visa Trusted Agent Protocol if the priority is fraud signal, Mastercard Verifiable Intent if the priority is regulated-audit pressure. Quarter 3 layer ACP onto the e-commerce surface if the business sells goods that ChatGPT or Perplexity could route to. Stage the workflows: low-stakes high-volume internal workflows (procurement, expense, ticket triage) before customer-facing surfaces. The Salesforce + Google Cloud Cloud Next '26 architecture is the reference shape for inter-platform coordination.

Pricing models split four ways and each pairs with a verification problem

The supplier-side question every founder faces in agent commerce is what the price tag actually looks like once the funnel collapses and the buyer is software. Four pricing models are in deployment as of April 2026, and each is sustainable only if the matched verification problem is solved cheaply enough to fit inside the unit economics. The choice of pricing model is therefore a choice about which verification problem the supplier can actually solve at margin.

  • Per-action pricing. Charge per call, paid synchronously through x402, ACP, AP2, or TAP. The verification model is a cryptographic receipt plus proof of execution, both of which the protocol provides by default. Per-action fits variable-load utilities — search, scraping, data lookup, translation, image processing, payments — where the unit of work is small and the result is structurally easy to attest. The Firecrawl, Exa, and Perplexity APIs that Claude Code calls through paid-MCP integrations all clear per-action under the hood, with x402 settling each call against the user's wallet. The failure mode is over-fine-grained billing: pricing per token retrieved produces incentives to retrieve verbosely, and the supplier that prices per task and absorbs the variance on the work required wins against suppliers that meter the inputs.
  • Outcome-based pricing. Charge per verified result — a resolved ticket, a recovered refund, a generated lead, a shipped deployment, a contract reviewed and approved. The alignment with the agent's evaluation function is the tightest of the four models. Intercom Fin AI Agent prices at $0.99 per outcome with a 50-outcome monthly minimum. Sierra (Bret Taylor and Clay Bavor's customer-experience company) charges per resolved conversation as its disclosed pricing model and reached a reported $10B valuation on roughly $100M ARR by September 2025 on the strength of that pricing alignment. The model only holds when verification is independent, the criteria are objective, and the gameable surfaces are closed; the failure mode is gameable verifiers, the same return true pattern named in StrongDM's software factory analysis, where the agent passes the narrow eval without delivering the underlying outcome. Outcome-based pricing without cheap verification produces adverse selection: bad suppliers underbid good ones because their cost of producing a bad result is lower.
  • Usage-based pricing. Charge per token, per API call, per unit of compute, or per seat-hour. The model is familiar from the post-2010 SaaS era and easy to implement, but the alignment between buyer and seller is structurally weaker than the first two. Usage-based pricing on agent traffic incentivizes verbose responses on the supplier side and unnecessary retries on the agent side, both of which inflate the meter. The OpenAI and Anthropic API price sheets are the canonical examples; the model survives in commodity utilities where the unit price is the only relevant signal and the buyer's only meaningful question is cheapest reliable.
  • Hybrid pricing. A subscription floor plus a usage component plus an outcome bonus. Salesforce Agentforce ships a hybrid: platform-seat licensing combined with per-conversation pricing. The model is the most flexible and the most expensive to instrument — three meters running in parallel, each with its own attribution problem. The failure mode is bundle drift: when one of the three meters becomes unprofitable, the supplier can shift margin between meters in a way the customer cannot easily audit, the same dynamic that made late-stage SaaS contracts so re-negotiation-prone. Hybrid persists in long-lived enterprise relationships where the per-account economics absorb the instrumentation cost; the discipline that holds is to label each meter explicitly in the contract.

Every pricing model in the list above is sustainable only when the matched verification problem can be solved at unit-cost margin, and the supplier's choice of pricing model is fundamentally a choice about which verification problem the supplier can actually solve cheaply. Firms that pick a model misaligned with their verification cost structure get squeezed out by ones that pick a matched pair. This pricing-verification coupling pairs naturally with the Verification Gap framework the next section names; it is the supplier-side mechanism the buyer-side gap explains.

Front-running is structural and the verification gap is its consequence

The structural argument for decentralizing the intent layer is that any single party with a complete view of every intent has both the information and the incentive to monetize the gap between what the user wants and what the user gets. Google Shopping is the canonical pre-AI illustration: the first results are the merchants who paid the most for the keyword. Verbatim from cyber•Fund's Intent Economy essay (December 15 2025): "In a credibly neutral, decentralized Intent Economy, no single party can see all intents and preferentially route them.". The protocol layer fixes the problem only if the clearing layer is structurally prevented from reading the intent stream as a private signal.

CoW Protocol is the production proof that the architecture works in adversarial conditions. Every order in a batch settles at the same Uniform Clearing Price, transaction ordering inside the batch becomes irrelevant, and sandwich attacks have no surface to attach to. The mechanism replicates wherever intents stay private until clearing, clearing is uniform, and ordering is randomized or batched. The pattern does not require a blockchain — what it requires is a clearing rule that prevents any single observer from extracting the gap between intent and execution. A two-sided agent market with a short batch window, a uniform clearing rule, and a settlement rail underneath is the same architecture, regardless of whether the rail is x402 or ACH.

The front-running architecture in agent commerce is the Lethal Trifecta from §2.2 at market scale. The buyer-side agent has the private signal (the user's intent), exposure to untrusted content (every supplier's response is adversarial input by default), and external communication on the same execution path (the agent must transact). Concentrate all three on a single platform-controlled clearing layer and the platform owner sits in the same structural position the §2.2 trifecta names — capable of routing the intent against the user. The decentralization argument and the lethal-trifecta mitigation pattern are the same fix at different scales.

The named concept this section produces is the Verification Gap: the asymmetric collapse of search and negotiation costs while enforcement costs remain domain-specific and unsolved. Agents querying thousands of suppliers in parallel collapse search costs; multi-attribute auctions clearing in seconds collapse negotiation costs. Enforcement is the holdout: verifying that a delivered result actually matches the original intent still requires domain knowledge the protocol does not carry. The asymmetry produces adverse selection when buyers cannot verify quality cheaply, and the equilibrium tilts toward the lowest-quality acceptable result rather than the highest-quality available one.

Domain-specific verifiers are the layer that closes the gap, and each is its own product category in 2026. Working examples already exist:

  • Legal contract review — Harvey ships a contract-review verifier used inside major law firms; Spellbook and Robin AI cover related slices.
  • Code linting and quality — SonarCloud and Codecov already ship code-quality verifiers that an agent can call as part of an outcome-based pricing loop.
  • Medical coding — Nym Health and Fathom audit medical-coding outcomes against ICD-11 with a confidence interval.
  • Compliance attestation — Vanta and Drata verify control evidence at the policy level, with API surfaces that an agent can submit against.

ERC-8004's Validation Registry is the protocol-level slot for these verifiers — agents register their verification capability against the registry, other agents query the registry to find the right verifier for their specific verification need. Mastercard Verifiable Intent is the payment-level audit trail that records which verifier said what about which transaction. The application-level verifier products themselves are a 2026-2028 build cycle, and the companies that ship them will define the slope at which the intent economy expands into their domain.

Horizon: Three failure modes the architecture has to contain:

  • Whitewashing — a malicious agent builds a clean reputation, executes one high-value scam, and disappears. Mitigation pattern: reputation decay plus financial bonds proportional to contract value (ERC-8004 Reputation Registry plus EigenLayer-style restaking primitives slash on validated failure).
  • Validator collusion — verifiers cooperate to approve bad work. Mitigation pattern: rotating verifier panels, private reserve prices, statistical anomaly detection on quote correlations.
  • Gamed evaluators — agents that pass narrow tests but fail in production. Mitigation pattern: separate specification from evaluation, scenarios stored outside the agent's repository, holdout validation that the agent cannot read, eval suites that rotate fixtures.

No production agent network has shipped all three mitigations integrated as of April 2026; the architectural pattern is named, the deployments are sketched, and the next eighteen to twenty-four months will determine which combinations are robust under load.

The architectural shape of the intent economy is decided by the verification problem, but not every domain crosses the threshold at the same speed. The domains where verification is cheap (provable computation, financial reconciliation, code execution, payment settlement) are clearing at machine speed already, with supplier pricing trending toward commodity, while the domains where verification is expensive (legal judgment, medical decision, creative quality, high-trust enterprise contracting) keep a human gate in the loop and price the gate. Two further classes the architecture does not yet handle well: regulated consumer transactions where agency-of-action questions are unresolved (CFPB, EU AI Act enforcement on autonomous purchases is mid-flight), and small-value transactions where the marginal cost of agent inference plus payment fees exceeds the friction the agent removes. The map of which domains are which is the map of where surplus accrues over the next decade. Suppliers can build verifiers in the domains that lack them, while buyers can concentrate operations in markets where verification is already cheap; the two opportunities feed each other on opposite sides of the same protocol.

The next part of the playbook takes up the consequences. What survives in this market — the moats that compound when building gets cheap, the regulatory licenses that appreciate as license-gated supply stays fixed against agent-augmented demand, the decision-trace data and taste and distribution and physical assets that resist commoditization — is the subject of the next chapter, and the political fork between credibly neutral and surveillance variants of the same architecture is the chapter the playbook closes on.