Something quiet happened in the last thirty days that almost nobody at the C-level has priced in yet. Three of the major model labs, two card networks, and at least one stablecoin issuer all shipped, within weeks of each other, production-grade payment primitives aimed at autonomous agents. Not demos. Not whitepapers. Live rails, with merchant onboarding, dispute flows, and SDKs your engineering team can pull tomorrow.
The press coverage focused on the wrong thing. Reporters wrote about agents buying coffee. The actual story is that a war has broken out over who owns the receipt layer of agent commerce, and the winner gets to tax a meaningful slice of every transaction your business will make for the next decade.
If you do not have a position on this by Q3, you will inherit one. And the one you inherit will be expensive.
What just shipped, and why it matters more than the model upgrades
For the last three years, the conversation about AI in commerce has been about capability. Can the model write the email. Can it close the ticket. Can it negotiate the contract. Capability is now assumed. The frontier has moved to settlement.
When an agent acts on your behalf, three things have to be true that were never true before. The counterparty has to know the agent is authorized. The transaction has to be cryptographically attributable to a principal who can be billed. And the dispute, when it comes, has to resolve against a party with a balance sheet, not a wandering process running on someone's laptop.
What shipped in April solves these three things. Badly, in different ways, with different commercial terms, and from different parties who all want to be the default. That is the war.
One model lab released a payment protocol where the agent carries a signed credential issued by the principal, and the merchant verifies it against a registry the lab operates. The lab takes a small cut on every verification. Another lab pushed a competing standard built on top of a card network's existing tokenization rails, where the network takes its usual interchange and the lab takes a thinner slice on top. A stablecoin issuer launched a programmable escrow product that resolves agent disputes through an on-chain arbitration pool, with fees paid in their token. A regional regulator, watching all of this with alarm, opened consultation on whether agent transactions need a separate consumer protection regime entirely.
Each of these parties is trying to become the receipt layer. The party that wins gets to define what counts as a valid agent transaction in their jurisdiction. They get to set the price of trust. And they get to see, in aggregate, every action your agents take, because the receipt has to flow through them.
The receipt is the new contract
Executives I talk to keep treating agent commerce as a logistics problem. How do we let our procurement bot buy office supplies. How do we let our marketing agent buy ad inventory. The framing is wrong. The interesting question is not how the agent buys. It is what the receipt looks like, who issues it, and what it commits you to.
A receipt in the human economy is a thin thing. It records that money moved. The contract sits elsewhere, in a master agreement, in terms of service, in a handshake.
A receipt in the agent economy carries the contract inside it. The signed credential the agent presents at purchase encodes the scope of its authority, the principal it acts for, the conditions under which the action is reversible, and the arbitration regime that governs disputes. The receipt is the agreement. There is no separate document. The act of paying is the act of contracting.
This is a change in how commerce works that I do not think the legal and finance functions of most companies have absorbed yet. Your CFO is used to a world where the contract is negotiated, signed, filed, and then transactions execute against it for years. In the agent economy, the contract is minted at the moment of transaction, by whatever protocol the receipt layer enforces. If you do not control the protocol, you do not control the terms.
Who issues your agent's credentials
Right now, in most companies running agent workflows, the answer to this question is "whoever the engineer who built it picked." That is a disaster waiting to be audited.
The credential issuer is the party who, in effect, vouches for your agent's authority to act. If your agent commits to a purchase, the merchant trusts the credential, the credential traces back to the issuer, and the issuer traces back to you. If the issuer is a model lab, the lab is in the loop on every action your agent takes. They see the prompt, the tool call, the merchant, the amount, the outcome. They keep the logs. They define what counts as misuse. They can revoke your agent's ability to transact at any time, for any reason their terms allow.
This is a posture that, applied to humans, would be insane. No CFO would accept a world where Visa can read every email their procurement team sends. But this is the default that is being built around agent commerce right now, while everyone is busy talking about whether the latest model can do tax returns.
Three commercial postures, and only one of them survives
Let me walk through the three positions a company can take on this, because they are not equivalent and the cost difference between them across a five-year horizon is enormous.
The first posture is to outsource the receipt layer entirely. You let your agents transact through whichever model lab or platform you happen to be using, on their default terms. The cost is small per transaction, maybe twenty basis points, maybe fifty. The cost in aggregate, across millions of transactions, compounds. More dangerously, the operational dependency compounds. Every agent your company runs is now a tenant on someone else's settlement rail. When that rail changes its terms, you change with it. When it goes down, your commerce stops. When the lab decides your use case violates a policy that did not exist last quarter, your agents are revoked.
The second posture is to multi-home. You issue credentials through several providers, route transactions based on cost and policy, and treat the receipt layer as a commodity to be shopped. This is the posture most sophisticated companies are drifting toward by accident. It reduces single-vendor risk. It does not give you control. You are still operating on rails you do not own, and the aggregate visibility into your operations is now spread across more parties, not fewer.
The third posture is to issue your own credentials, run your own settlement logic where it matters, and treat external receipt layers as optional counterparties rather than obligatory ones. This is harder. It requires actual engineering investment. It requires a legal posture on what your agents are authorized to do that is written by you, not by a vendor's terms of service. It requires you to understand cryptographic attribution well enough to know what you are signing. Most companies will not do this, and most companies will pay for that decision for the rest of their existence.
The middle posture is the one I expect to collapse. Multi-homing without control is the worst of both worlds. You bear the integration complexity of running multiple rails, and you still do not own the trust layer. Companies in the middle will get squeezed from both sides: the platforms will raise their take rates as switching gets harder, and the companies who own their own credentials will undercut them on transaction cost.
Why this is happening now and not in 2027
A reasonable executive reading this might ask why they need to act in May 2026, when this could plausibly wait. The answer is in the registry effects.
A receipt layer is a two-sided network. It has value to a merchant only if many agents present credentials it can verify. It has value to an agent principal only if many merchants accept the credentials it issues. Two-sided networks tip. They tip fast once they start tipping. And the tipping conditions are being set right now, in the SDK adoption curves, in the merchant integrations being signed this quarter, in the default settings of the agent frameworks that engineering teams are picking.
Six months from now, when the average mid-market company decides to deploy agents that transact, the receipt layer choice will already have been made for them by their tooling. The question of whether to issue your own credentials will be roughly as live as the question, today, of whether to run your own DNS. Possible, in theory. Vanishingly rare in practice. And the companies who set themselves up before the tipping point will have a structural cost advantage over everyone who got assigned a rail by default.
The historical analogy that should worry you
Think about what happened with payment processing for online merchants over the last twenty years. In 2005, a thoughtful e-commerce founder could have made a deliberate choice about how they handled card processing. By 2015, that choice had been made for them by their platform, and the platform was extracting two to three percent of revenue forever. Stripe built a multi-hundred-billion-dollar company on the back of merchants who never made a deliberate decision about their payment stack.
The receipt layer for agent commerce is a larger prize than card processing, because the volume of agent-initiated transactions across the economy will, on every credible projection I have seen, dwarf the volume of human-initiated card transactions within a decade. Whoever wins this is building a tax on a larger base. And the windows for vendor lock-in are opening right now, in this quarter, while most boards are still asking whether they should pilot a chatbot.
What the receipt layer reveals about your strategy
There is a deeper point I want to make, which is that the choice of receipt layer is also a choice about what your company is.
If your agents transact on a third-party rail, on third-party credentials, with third-party arbitration, then in a meaningful sense your company's actions in the world are being mediated by that third party. Your operational identity is leased. The audit trail of what your business did, last quarter, lives on someone else's servers, in someone else's format, subject to someone else's retention policy. When a regulator subpoenas it, they go to the rail, not to you. When a competitor wants to know what you are doing, they buy data from the rail, not from you.
A company whose actions are entirely visible to a third party, and whose authority to act is granted by that third party, is in a strange new corporate form. It is not exactly a subsidiary. It is something like a tenant of the rail's policy regime. There is no good name for this yet, but I suspect there will be one in a few years, and the connotation will be unflattering.
The companies that issue their own credentials and own their own receipt logic are doing something that, in retrospect, will look obvious. They are keeping the record of their own actions. They are setting their own terms for what their agents are allowed to do. They are refusing to lease their operational identity. The cost of doing this in 2026 is real but bounded. The cost of not doing it, paid out over a decade of agent commerce, is unbounded.
What I would tell a CEO right now
If I were sitting across from a CEO this week, here is what I would say.
You have a window, probably two or three quarters, to make a deliberate decision about how your agents are credentialed and how their actions are settled. After that window, the decision will have been made for you by tool selection, by integration inertia, and by the contract terms your vendors are quietly tightening as agent commerce volumes grow.
The decision is not technical. It is strategic. It determines who owns the record of what your company does, who can revoke your ability to do it, and what percentage of every agent transaction goes to a party who is not you and never will be.
Buying an off-the-shelf agent platform and accepting its default settlement layer is a decision. It is the decision to be a tenant. If that is what you want, fine, but make it consciously, with your CFO and your general counsel in the room, and price the long-term cost of the take rate against the engineering investment of doing it differently.
Most companies will not have this conversation. Most companies will discover, in 2028 or 2029, that a meaningful fraction of their margin is being skimmed by a layer they never chose, and that switching off it has become impractical. A small number of companies will have made the call now, and those companies will compound the difference for a long time.
The architecting argument
This is the kind of decision that cannot be solved by buying a product, because the product is the trap. Every vendor in this space has a commercial incentive to make their rail the easiest one to adopt and the hardest one to leave. The only way through is to architect the credential and settlement layer for your own business, on your own terms, with a clear-eyed view of which parts you actually need to control and which parts you can rent without consequence.
That requires someone in the room who understands the protocols, the commercial dynamics, the regulatory direction, and the operational reality of running agents at scale. Not a vendor. Not a system integrator selling whatever rail they have a partnership with. A strategic partner whose interest is aligned with yours, which is to say, with keeping your operational identity yours.
This is the work we do at Agor AI Advisory. We help companies make the receipt layer decision before it gets made for them, design the credential architecture that fits their actual risk posture, and build the settlement logic that does not put their commerce on someone else's leash. The window for this is open now and closing fast.