Google’s New Protocol Secures AI Agent Deals, Backed by 60 Firms

▼ Summary
– Google has launched the Agent Payments Protocol (AP2) to securely enable agent-led payments in e-commerce.
– AP2 addresses security concerns by verifying user authorization and ensuring accountability for agent actions.
– The protocol supports multiple payment types, including credit cards, stablecoins, and real-time bank transfers.
– AP2 uses tamper-proof digital contracts called Mandates to define user intentions and authorize transactions.
– Over 60 organizations support AP2, and Google has made its technical specifications available on GitHub for wider adoption.
When artificial intelligence handles your shopping, security becomes the top priority. Google has introduced the Agent Payments Protocol (AP2), a new open standard designed to make AI-driven transactions safe and reliable. With backing from more than sixty major companies, this initiative aims to build trust in a future where digital assistants manage purchases on our behalf.
The rise of AI agents in e-commerce promises convenience, allowing these tools to find products, compare prices, and complete orders automatically. Yet handing over payment details to an automated system raises valid security questions. Google’s AP2 directly confronts these concerns by establishing a uniform method for authorizing and validating agent-led payments across different platforms.
AP2 functions as an extension to existing protocols like Agent2Agent (A2A) and the Model Context Protocol (MCP). Just as MCP lets users safely connect AI tools to their data sources, AP2 enables secure transactions between users, merchants, and payment providers. A core feature is its ability to confirm that an agent is acting with user consent, providing merchants assurance that transactions are legitimate. It also establishes clear accountability if something goes wrong.
The protocol supports multiple payment methods, including credit cards, stablecoins, and instant bank transfers, creating a single reliable standard for all agent-commerce interactions.
Under the hood, AP2 relies on something called Mandates, cryptographically signed digital contracts that cannot be altered. These come in two forms. An Intent Mandate is created when a user asks an agent to find or buy something. A Cart Mandate then authorizes the actual purchase.
In real-time scenarios where the user is actively involved, the agent seeks approval before finalizing the transaction. For pre-authorized or delegated tasks, like recurring orders, users can set specific rules upfront, such as spending limits. Once those conditions are met, the agent can generate a Cart Mandate automatically. In both cases, payment details are securely linked by the user, never exposed unnecessarily.
A broad coalition of industry leaders supports AP2 from the start. Partners include Accenture, Adobe, American Express, Coinbase, Confluent, Mastercard, Okta, PayPal, Salesforce, and 1Password, among others. This wide adoption signals strong confidence in the protocol’s design and utility.
For developers and organizations interested in implementing AP2, Google has published full technical specifications, documentation, and reference implementations on its public GitHub repository. The company plans to continue updating these materials with new examples and guidance, encouraging broader participation and innovation in secure agent-based commerce.
(Source: ZDNET)