ChatGPT Has 900M Weekly Users. Almost None Can Buy In It.

Your agent is about to spend your money, your card, your companies, your customers. We are going to put real money into agents hands right now in 2026 without a human being present. And when it moves to the wrong place, I guarantee you somebody is going to be left holding the bag. And there are six protocol camps right now that are fighting over who that somebody is. If you are building anything on the Agentic Commerce stack, you are already in their war whether you've named it or not. So there's six layers of an agentic purchase and a fight is breaking out at every single layer. These are the layers. One, who decides where the agent shops? Two, what counts as proof it was allowed to act? Three, who owns the credential when payment fires off? Four, which rails carry the money when software pays software? Five, who governs all of this at enterprise scale? And six, the question that ties it together, where does the responsibility for all of this actually live? For most of the internet's history, online buying has worked one way. A person searches, lands on a website, opens a cart, picks shipping, picks payment, reviews the price, clicks the button, and behind that click, a lot happens very fast. The merchant logs the order. A processor asks for authorization. A network or wallet weighs whether the transaction is legitimate. The merchant takes responsibility for fulfillment, returns, and support. If something goes wrong, every party has at least a partial record of what happened. That whole process is clumsy but it has a very critical advantage. Everyone agrees on the shape of the evidence. A human was present. A page displayed the product, the price, the tax, the shipping. A payment credential was used. The customer took an action. The records may be imperfect, but the structure is shared and agreed upon. And the structure is actually what makes the system hold together. Agentic commerce breaks that structure. And to be clear, when I say agentic commerce, I mean any purchase where software acts on behalf of a person or a business. The agent might assemble a cart and complete a payment. At the autonomous end, it might spend within a budget, buy services from other software, renew subscriptions, pay for API calls, or procure tools without anyone watching every single step. What's happening underneath is a shift in commercial authority. The question stops being whether the customer can pay, which is what we always thought. The question becomes how everyone knows that the agent that took that action was allowed to do what it just did. And that question reaches way past the checkout page. It touches identity and authorization and fraud and payment credentials and settlement and refunds and liability and data rights and the merchants's relationship to the customer. The old purchase bundle just gets taken apart. If the old structure breaks, someone's got to rebuild it, right? And so, six different camps are now trying to look at that taken apart bundle around the transaction and they're trying to rebuild it. And they're rebuilding it differently. And the first split is the one almost everyone thinks is the whole story here and it's not. Spoiler alert. So this is the visible part of the story. It's the shift that hit the news when OpenAI and Stripe launched instant checkout in chat GPT and announced the Agent Commerce Protocol or ACP. The product is very easy to understand. You ask ChatGpt about something. And for supported merchants, you buy without leaving the conversation. Stripe handles payment. Open AAI runs the agent surface. The merchant is the merchant of record on the hook for fulfillment returns and support just like they always were. That design matters. ACP says the assistant can be where commercial intent turns into a real order. So the agent can assemble a purchase context and can pass a structured transaction to a merchant and no website walkthrough would be needed. But there's a limitation. If checkout moves into the agent surface, the merchant risks losing parts of the customer experience that have always been central to their business. The merchant might stay merchant of record, but the assistant is going to control discovery and ranking and bundling and the final presentation of choices. And that very much weakens the merchants's ability to tell a brand story and shape repeat customer behavior. This is more than branding at the end of the day. It's actually a merchant viability problem. If the assistant becomes where customers express intent, the merchants's website stops being the default starting point and there's a long-term existential risk to merchant. And the concrete story here, I've shared it before. I purchase things using chat GPT because Chad GPT presents those options in shops for me. And and these can be large p. I've purchased a sound system this way. I have looked at bikes this way, different bicycles that I want to purchase. I can get much much better and more complete responses for me customized to me using that approach. And I don't use Google anymore. I don't even start on Amazon in many cases. I am in the US going to chat GPT as a first stop and I know that I'm weigh in on AI and this and that but there are a lot of people like me and they're going to be more and more over time. ChatGPT has 900 million users. This is a long-term threat to merchants and that's exactly why Shopify and Google who value merchants as core to their business have countered this with the universal commerce protocol or UCP. And UCP should be read as a merchant control argument not just you know one more acronym in the soup. ACP focuses tightly on agentto merchant checkout flows. UCP tries to make the full shopping path work across agents, merchants, payment providers, identity systems, commerce platforms, and more. They handle merchant rules, loyalty, discovery, etc. And the distinction there is the point. A merchant doesn't only need an agent to pay for the merchant to survive. It needs the agent to understand what the merchant actually sells and the conditions it's willing to sell under. Because real commerce involves variance and inventory and shipping rules and promotions and loyalty and return policies and subscriptions and bundles and warranties, fraud rules, support, etc. A checkout protocol that ignores most of that can complete a transaction, but it may not preserve the merchants's business. And so ACP seems like the strongest answer for a very clean agent service checkout. It seems like the answer if you're rebuilding the agentic economy from scratch. UCP is different. when you're wrestling with merchant system interoperability at a deep level with the agentic platforms that are emerging. And so these different protocols are answering different questions and they're locating power in different places. I'm going to go deep on the merchant control read in the Substack post with with the specific commercial functions UCP is trying to keep on the merchant side. But regardless, both of those protocols tell you how the agent pays. And neither UCP nor ACP tells you whether the agent was allowed to pay in the first place. That is a different fight. And the camps fighting it sit a layer deeper. Because keep in mind, part of the ACP assumption where it's tied into OpenAI and chat is that you're assuming that the user in chat is authorized and authorizing. And it can get more complicated if there's an independent agent in the scene. So authorization is proof the agent was allowed to take the action. Authorization is definitely not the same as payment. A payment system can move money. That doesn't prove the money should have moved. In human commerce, authorization gets compressed into the final click or wallet confirmation. With agents, you break that apart. So, picture this scene. You tell an agent to book the best hotel near the conference under $300 a night. The agent searches, finds a room. The final purchase will depend on taxes, cancellation policy, loyalty status, check-in time, etc. The agent ends up booking a non-refundable room that technically fits the budget, but it violates what you actually meant because you know that you may not be able to make the flight and get to the conference in time. Who's responsible for this mistake? And if you think this is made up, travel expenses and agents are one of the first use cases we're looking at, and it does and will happen inside companies. A procurement agent may be told to find a conference location. It may be told to find a software vendor uh to compare pricing to buy access for a team and being able to pay from the company's accounts will not be the bar, but the company will need evidence that the agent had the authority to pay and was within guard rails when it did so. This is exactly the space that both Google and Stripe are targeting in different ways. Stripe is targeting this very simply. They're launching a approved payment link where you can point your agent at a link URL and the agent will pick up an authorized token for a purchase. It is very much the first foray into the larger authorization conversation. It does not immediately cover the case where you have a large purchase intent with multiple components and you need to preserve authorization over time. I expect it to move that way pretty soon. Google is also in the game here. Google's agent payments protocol or AP2 targets this same issue. In plain English, it provides a mandate or permission slip that generates the scope of the task, the constraints, and the proof that the user approved the agent's action. And here's why this matters. The old checkout page generated evidence through a human session and a click. An agent's evidence must begin much earlier, last a lot longer, and travel across many more systems to work. The user may and often will authorize the agent before the merchant is even known. The price may shift during that time. The purchase may be one of several options. If the transaction is disputed, a payment receipt is not enough here. The system has to show what the user asked for, what the agent was permitted to do, and whether the agent stayed inside those limits. Visa, Mastercard, and PayPal are moving in the same direction from their own positions in the system. Mastercard agent pay is built around agent registration and tokenized credentials and dispute protections. Visa intelligent commerce is very similar. PayPal's agentic commerce services try to make PayPal the wallet and trust layer across AI surfaces. These companies are after the trusted transaction layer, not the recommendation layer. And of course, as I said, Stripe is playing there as well. So that's the bet. Aentic commerce will not scale until consumers, merchants, and businesses trust the credential, trust the permission record, and trust the dispute process. I have much more on this in the Substack post. I get into the specific structure of what an authorization mandate looks like, the open questions about how mandates travel between systems, and where the bet sits if you're building agent infrastructure today. Now, we turn to stable coins. Stable coins enter the chat here for a very different reason. A stable coin is just a digital token that stably tracks the value of an underlying currency, often the US dollar. So, USDC is the canonical example here. They move value very quickly, often across borders outside the usual card settlement windows. They're especially useful when both buyer and seller are software versus a consumer and a retail merchant. The consumer version of Aenta Commerce is the one that we all picture and it may not be the best one to illustrate the stable coin picture. If you're shopping for shoes or groceries, cards and wallets will probably keep working to authorize your agents because they already carry a lot of the things that make those transactions work like consumer protection, refunds, fraud monitoring, etc. The case for agents and stable coins is a little different and more compelling as agents start to grow in usefulness. An agent might pay an API for a single data request. A coding agent may buy access to a hosted tool. A research agent may spend a few cents for a model call or a browser action. A SAS company might charge per task instead of per month for something an agent would pay for to do that task. And that's the purchase side of the picture. On the authorization side, companies will want agents that have their own wallet, their own budget, and their own spending log. And these payments, as I've been describing them, may be too small, too frequent, and too software native to make ordinary checkout and ordinary checkout fees work well. And that's where we get into stable coins that Stripe is offering and Coinbase's X42 protocol. X42 makes payment part of the web request itself. The name comes from HTTP 402, the long, dormant payment required status code that was always in the web's design, but never became a real payment layer. In an X42 flow, software requests a resource, gets payment instructions, pays, gets access. Payment becomes part of the conversation between machines. Stripe's machine payments protocol points in the same direction. MPPP is built for agents and software systems that pay for other software systems. So, this is less about a person buying from a merchant. It's more about agents paying for services and tools and API calls and data and compute and access like I've been describing. Right? Stripe's broader stable coin work including bridge and privy and tempo equip the agent with the wallet, the issuance, the orchestration, and the settlement infrastructure to back all of this up. Stable coins are indeed a better rail for some machineto-achine payments. They're cheaper, they're more efficient, they're more complete. I don't want to say everything's moving to stable coins because I think cards and wallets are better known to consumers and are often better for many consumer purchases. Both can coexist because they solve different business problems and the agentic economy is about growing the pie, not shifting the pie. The right question is which rail matches the responsibility and the risk of the transaction with the right payment method so that in the end the customer's desire actually is aligned with what gets purchased. So that's the bar. cards or stable coins can both deliver value for customers depending on the use case. And if you want to go deeper on that use case, I get way into the weeds on how you think about the decision tree on taking an agent through a card layer, taking an agent through a stable coin layer, how you think about that strategically in the substack. You can dive way deeper there. Now, let's layer in the company that's trying to own the floor underneath this entire Aentic commerce experience, and we haven't talked about them yet, and it's AWS. AWS announced Amazon Bedrock agent core payments built with Coinbase and Stripe. The announcement matters because it tells you where enterprise agent payments are most likely to land. If companies build agents on a cloud platform, they expect the platform to help manage payment authority, wallet access, budgets, approval rules, and logs. That's a governance layer and it must be there. Governance is the set of controls that decide what an agent can do and cannot do, where a human must approve, what vendors it can pay, etc. Agentic commerce drags every one of those controls into the agent runtime. In other words, it must be decided as the agent runs correctly, completely quickly every time. And interestingly enough, AWS doesn't need to own every payment protocol to own this layer. It can connect to Coinbase for X42 and stable coin wallet flows. It can connect to Stripe and Privy for wallet infrastructure. It can support more protocols over time. AWS is actually not fighting for the payment rail here. The position that matters for them is the environment where enterprise agents run and receive tools and execute tasks and get monitored. It's a very powerful place to sit in the system. The agent runtime knows the task, the tools called, the policy active, the budget applied, what did the agent do before this and what will it do after. And a payment provider just sees the payment, right? The agent platform sees all the work around the payment and has a lot of leverage long term. Now, the other side of this matters as well. Big platforms are not going to just let outside agents act freely inside their systems. Amazon's own AI shopping work and its resistance to unauthorized agentic browsing make clear that platform commerce is going to stay controlled. So don't assume agentic commerce is a march toward open interoperability. Some parts will be protocol driven, some will be platform controlled, some will open up only under strict use identity and data sharing terms. So we've got six camps. We've got different bets. Here's the question that decides which one matters most for what you're building. The core question we started this video with is where does responsibility live? When the agent finds the product, who owns the recommendation? When it requests permission, who records that the user paid? When it pays, who owns the credential and the risk? When the buyer wants a refund, who handles the return? Where does the buck stop? These questions don't always have one answer. And I get you a full audit list at the Substack, by the way. They they but they don't have one answer, right? And that's why we have to go into that level of detail and have an audit list in the first place because we have to divide that larger question across many many layers and ask it deliberately for our business, for our lives as consumers, for how we set up our products and our strategy in an age when agents and humans both need to transact. But we can go through some of the layers we have covered and get hints at these answers. Right? ACP that answers the agent surface checkout question with the merchant still being the merchant of record. UCP answers the merchant system question. It says the merchant system is critical for transaction. AP2 answers the delegated authorization question. Visa, Mastercard, PayPal are trying to tackle network trust and tokenized credentials and dispute infrastructure. Coinbase and Stripe are answering around wallet and settlement and really thinking about how they unlock the agentic economy by changing how wallets authorization and rails work with stable coins long term. AWS answers through enterprise governance and is trying to run the runtime around the payment. This market is messy and it's messy for a really good reason. It's messy because it's valuable. The old purchase flow hid a lot of the responsibilities of the purchase inside a single human action. And when you unbundle that, there are trillions of dollars on the line. And it forces a degree of clarity that internet commerce has mostly avoided. A company building agent commerce has to define identity and permission and payment and settlement and refunds and liability to get this right. If a company can't define those terms, that company isn't ready to let agents transact. The companies that win this are going to take real responsibility for the payment across a particular layer. And you have got to pick the layer that you want to play in here. And even if you're a merchant, I got news for you. There is no one solution here. You're going to have to think carefully. If you're a consumer, you need to be aware of how this works because you're playing this ball game. Whether you like it or not, you need to understand what protocols are available at the layer you're interacting with. You need to understand how a merchant, how an agent builder, how a payment company, a stable coin builder is incentivized right now. Because I've got news for you. You are a participant in the internet economy. And as a participant in the internet economy, you have to understand the dynamics that are driving the largest change in the internet economy since its inception in the 1990s. This is bigger as a change than when Amazon started to unlock commerce in the 1990s. It's a bigger deal. So, the full strategic read sits over on the Substack. But the thing I want you to take away here is that the agentic economy is under debate, under discussion at multiple levels. Understand those layers. Understand the big players who are fighting over them. Understand why. And then you're going to understand the dynamics that are driving the battle for the next several trillion dollars in the internet economy. It's going to be absolutely massive. You will be involved no matter what your role is on the internet. And if you don't understand how those dynamics work, you're going to end up being involved passively. Your business may end up being sidelined or driven into a corner it doesn't want to be on Agentic Commerce. Understanding allows you to be intentional. Links in the description. Cheers. I'll see you next time.