Get AI summaries of any video or article — Sign up free
Google's NEW Agent Money Protocol thumbnail

Google's NEW Agent Money Protocol

Sam Witteveen·
5 min read

Based on Sam Witteveen's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Google’s Agent Payments Protocol (A2P) is built to let agents handle real payments by adding a payments trust layer to A2A and MCP.

Briefing

Google is rolling out an “Agent Payments Protocol” designed to let AI agents handle money—making purchases, paying merchants, and managing financial interactions—while keeping identity, intent, and liability clear. The move matters because agent-to-agent and model-to-model protocols are already gaining traction, but payments are where real-world risk concentrates: fraud, impersonation, and uncertainty over who authorized what.

The protocol is positioned as an extension built on top of two existing standards: Agent2Agent (A2A), for coordinating between agents that aren’t necessarily under the same control, and MCP (Model Context Protocol), for tool and data interoperability. Google’s Agent Payments Protocol (described as A2P) adds a trust layer between an agent and merchants/payment systems. It aims to provide visibility into when agents initiate payments, manage payment credentials and identity, and—most importantly—make the user’s intent explicit rather than inferred from an LLM’s output.

Google frames the problem as a multi-party “game” with competing incentives. Merchants want control over the customer experience: showing offers, enrolling users in loyalty programs, and driving upsells. Payment ecosystems worry about impersonation and agent fraud. There’s also the legal and operational question of liability when something goes wrong. The protocol’s goal is to let merchants still interact with an agent (for example, by presenting offers or loyalty discounts) while tying the agent’s identity back to the user and enforcing rules about how credentials are used.

A2P defines roles and responsibilities for agents, including how they obtain an identity from credential providers, which identity gets presented to merchants, and how merchants pass that identity to payment processors for verification. Google currently provisions two modes. In “human present,” the agent does the research and cart-building, then the human confirms the purchase by clicking the final button. In “human not present,” the system relies on cryptographically signed intent mandates—so the agent can execute a specific transaction only when the user has empowered it to do that exact kind of purchase from a specific merchant.

Google also emphasizes “verifiable intent, not inferred action.” Trust can’t rest on ambiguous model responses; transactions should be deterministic and anchored with cryptographic proof of intent from the relevant parties. That distinction is likely to determine how hard fully autonomous purchasing will be in practice—straightforward for last-step confirmation, much more complex when agents act while the user is offline.

The protocol is being released as open and non-proprietary, with privacy-by-design and defined liability as core principles. Google has published it openly (with references to A2A being donated to the Linux Foundation) and provides an onboarding path via an AP2 website plus documentation and sample examples on GitHub, including Python-based implementations. The rollout is described as an early “0.1” release, with a roadmap and an invitation for feedback—especially on how the standard could expand beyond e-commerce toward broader agent marketplaces and task-farming scenarios where agents negotiate prices and complete work on the user’s behalf.

Cornell Notes

Google’s Agent Payments Protocol (A2P) adds a payments layer to existing agent interoperability standards (A2A and MCP), enabling agents to make purchases and handle financial interactions with clearer identity, intent, and liability. It targets the biggest blocker for real-world agent autonomy: payments risk, including fraud, impersonation, and uncertainty about who authorized what. A2P ties an agent’s identity back to the user, provides visibility into payment initiation, and enforces roles for credential handling between agents, merchants, and payment processors. It supports two authorization modes: “human present” (agent prepares; human clicks buy) and “human not present” (cryptographically signed intent mandates). The protocol’s emphasis on verifiable, cryptographic intent aims to make transactions deterministic rather than inferred from LLM outputs.

What problem does Google’s Agent Payments Protocol try to solve for agent-based commerce?

It tackles the gap between interoperable agent frameworks and the high-risk reality of money movement. While A2A and MCP help agents coordinate and use tools/data, payments introduce fraud and accountability issues: merchants want control over offers and loyalty, payment ecosystems worry about impersonation, and everyone needs clarity on liability. A2P is designed to make agent-initiated payments safer by tying agent identity to the user, exposing when payments are initiated, and requiring explicit, verifiable user intent rather than relying on ambiguous model outputs.

How does A2P relate to A2A and MCP?

A2P is described as an extension built on top of both Agent2Agent (A2A) and MCP. A2A supports communication between agents that may not be under the same control, while MCP supports tool and data interoperability. A2P adds the missing payments-specific trust and credential/identity mechanics so that agent-to-merchant and agent-to-payment-processor interactions can be verified and governed.

What are the two authorization modes, and why do they matter?

A2P provisions two modes. In “human present,” the agent finds items, prepares the cart, and returns details; the human performs the final action by clicking “buy now” or submitting the transaction. In “human not present,” the system uses cryptographically signed intent mandates to ensure the agent is empowered to execute a specific purchase from a specific merchant. The second mode is riskier and depends on stronger proof that the user authorized exactly what happens.

What does “verifiable intent, not inferred action” mean in this context?

It means trust cannot be based on an LLM’s ambiguous response. Instead, transactions should be deterministic and anchored with cryptographic proof of intent involving the relevant parties. The protocol’s design pushes toward a system where the user’s empowered goal is cryptographically recorded, so the agent’s payment action is verifiably authorized rather than guessed from text.

How does A2P handle identity and credentials across agents, merchants, and payment processors?

A2P defines roles and responsibilities for agents, including how they deal with credential providers to obtain an identity. That identity is presented to the merchant endpoint, and then the merchant provides it to the payment processor, which checks the payment credentials as the transaction proceeds. The goal is to make it clear that the agent acting on payments is tied to the user and that payment initiation is auditable.

What practical use cases does Google highlight for agent payments?

Examples include: an agent standing in line to reserve and pay for concert tickets the moment they go on sale; an agent that identifies a product from a screenshot, searches the web for the best price, and buys it if it’s under a user-set budget; and repetitive or triggered purchases like reordering supplements when stock runs out or when items go on sale. These scenarios illustrate both convenience and the need for strong authorization when purchases happen automatically.

Review Questions

  1. How does A2P’s “human not present” mode use cryptographic mechanisms to reduce payment risk compared with “human present”?
  2. Why does the protocol emphasize verifiable intent rather than relying on LLM outputs, and what does that imply for agent design?
  3. What roles do credential providers, merchants, and payment processors play in A2P’s identity and verification flow?

Key Points

  1. 1

    Google’s Agent Payments Protocol (A2P) is built to let agents handle real payments by adding a payments trust layer to A2A and MCP.

  2. 2

    A2P focuses on identity binding, payment-initiative visibility, and explicit user intent to reduce fraud and impersonation risk.

  3. 3

    Merchants can still interact with agents through offers and loyalty programs, while payment processors verify agent-linked credentials.

  4. 4

    Two authorization modes are supported: “human present” (human clicks buy) and “human not present” (cryptographically signed intent mandates).

  5. 5

    A2P’s “verifiable intent, not inferred action” approach aims to make transactions deterministic and cryptographically authorized rather than model-inferred.

  6. 6

    The protocol is released as an open, non-proprietary extension with privacy-by-design and defined liability principles.

  7. 7

    Google provides onboarding via an AP2 website and implementation resources via GitHub, including Python sample examples.

Highlights

A2P is positioned as the missing payments layer for agent interoperability—solving the hardest part of autonomy: money movement.
The protocol distinguishes “human present” from “human not present” using cryptographically signed intent mandates for offline purchasing.
Trust is meant to be anchored in cryptographic proof of intent, not in the ambiguity of LLM-generated text.
A2P is designed to keep merchants engaged (offers, loyalty) while still tying agent identity back to the user for payment verification.

Topics

Mentioned

  • A2A
  • MCP
  • AP2

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library