AI is learning to buy, not just browse. Agent commerce, where AI agents make purchases on behalf of people, is turning chat into checkout and changing how businesses think about payments, risk, and fraud.

OpenAI’s ChatGPT now allows users to buy products directly in chat. Meanwhile, Google is rallying the industry behind a new payments protocol for AI agents. To a casual observer, these look like UX improvements. But to product leaders, they signal something far larger: the birth of agentic commerce, a world where AI agents act as buyers and trusted intermediaries in digital trade.

In this conversation, Saurabh Bajaj, Chief Product Officer at Oscilar, and Linas Beliūnas, fintech analyst, discuss what this shift means, how OpenAI’s and Google’s protocols work together, and why the future of AI payments depends on a new kind of risk infrastructure: a Risk OS.

TL;DR

• Agent commerce lets AI act as the buyer, redefining identity and risk. ACP and AP2 create shared standards for agent-led transactions.

• Trust must move from human verification to system-level validation and a Risk OS combines signals, models, and real-time decisioning for agent commerce.

• Oscilar’s approach uses layered AI and specialized agents to detect fraud and enforce consent.

Regulation and growth will favor organizations that embed transparency and trust at the core.

What is agent commerce and how is it changing ecommerce?

Until now, online shopping assumed a person was always behind the screen clicking “Buy Now,” entering card details, and confirming the purchase. That assumption is breaking.

Saurabh: When ChatGPT added "Instant Checkout" and Google introduced its Agent Payments Protocol, it wasn't just about convenience. Agent commerce changes the foundation of online transactions. It means AI agents act directly on the user’s behalf: browsing, deciding, and paying.

At Oscilar, we see this as a step change, not an iteration. The entire risk and compliance stack was built for humans. We now need a Risk OS that treats the AI as an active participant, with its own trust signals and constraints.

Linas: Exactly. OpenAI’s rollout of Instant Checkout shows how real this has become. ChatGPT users in the U.S. can shop directly inside chat, buying from Etsy and over one million Shopify sites including Glossier, SKIMS, Spanx, and Vuori. Stripe’s Shared Payment Token system powers it and OpenAI earns a small transaction fee.

To put the scale in perspective, ChatGPT sees about 700 million weekly users and over 3 billion monthly visits, putting it between WhatsApp and Amazon in volume of traffic. OpenAI’s Agentic Commerce Protocol (ACP) gives merchants and AI systems a shared standard. It’s the first real bridge between conversational AI and global commerce.

Saurabh: And it's really just the beginning. Agent commerce lets AI act as the buyer, carrying identity, payment method, and purchase context. Once agents start handling purchases, the entire risk model changes.

How do the Agentic Commerce Protocol (ACP) and Google’s AP2 Work?

Two new standards define how AI agents buy securely and how payments are authorized. For agents to buy securely, they need common rules: one for how they talk to merchants, and one for how they handle payments.

Linas: These new standards make this possible: OpenAI’s Agentic Commerce Protocol (ACP) and Google’s Agent Payments Protocol (AP2). ACP handles the conversation side — how the AI interacts with merchants, fills out orders, and sends a payment token. AP2 handles the authorization side, how that payment is verified and approved.

AP2 uses digital mandates: cryptographic proof that a user gave the agent permission to act. That makes every purchase traceable, verifiable, and auditable.

Saurabh: Exactly. Think of ACP as the checkout process and AP2 as the proof of consent. ACP manages the transaction flow; AP2 ensures the payment is valid. They’re complementary. ACP defines how an agent says, “I want to buy this on behalf of a user.” AP2 defines how the system proves that the user actually allowed it.

Together they solve two halves of the same problem: secure interaction and secure execution. Both are open standards, designed to prevent a fragmented ecosystem.

Linas: And because they’re open, they invite competition and collaboration. Google, OpenAI, Stripe, PayPal, and Mastercard are all working from the same playbook. This is how agent commerce becomes infrastructure and not just an app feature.

Why does AI shopping require a new model of trust and fraud prevention?

When AI begins acting on behalf of people, the source of trust moves from the user to the system. That breaks every assumption behind current fraud models.

Saurabh: In traditional commerce, you know who the buyer is. It’s a human with a device and a known pattern of behavior. In agent commerce, that identity is abstracted. The agent acts as the buyer. So we have to verify not only the payment, but the agent itself: is it authentic, authorized, and behaving within the user’s limits?

Linas: Traditional fraud systems can't answer that. They're built around human signals: typing speed, IP location, purchase timing. AI agents don't follow those patterns. They can transact faster than any human, coordinate across accounts, or even create synthetic identities.

The risk isn't just fraud, it's systemic vulnerability. If agents start interacting without a shared trust layer, we’ll see AI-to-AI manipulation, automated scams, and untraceable chargebacks.

Saurabh: That's why trust must become continuous. Each agent needs its own digital reputation, linked to verifiable mandates. Every transaction must be traceable to a chain of consent. Without that, the ecosystem collapses under its own speed.

What is a "Risk OS" and how does it protect agent commerce?

To support agentic payments safely, companies need infrastructure that works at AI speed, an operating system for risk. A Risk OS is the infrastructure layer that keeps AI-led transactions secure.

Saurabh: A Risk OS gathers every signal: user ID, agent reputation, mandate scope, merchant data, and payment information and makes a decision in milliseconds. It connects directly to ACP and AP2 so trust travels with every transaction.

Our models work in layers:
• Supervised ML detects known fraud patterns.
• Anomaly detection finds new ones.
• Deep learning analyzes IP, behavior, and network patterns.
• Transformer models interpret agent messages and mandates.
• Passive authentication checks identity continuously without friction.

The goal is fast, explainable decisions that match AI speed.

Linas: What's compelling about Oscilar's model is that it's modular. Each risk agent has a defined role: identity verification, account takeover detection, payment fraud, or scam prevention. They work in concert, forming a holistic decision in real time.

That's the only way to operate at AI speed. Static rules can't keep up. The system must learn from every transaction and adapt instantly.

Saurabh: Right. Fraudsters are using AI too. The defense has to be AI versus AI, models that learn continuously, catch anomalies early, and make the right decision at the right moment.

How will agent commerce change business models and regulations?

AI buying affects not just payments but how brands grow and how regulators respond. As agents take over the buying experience, the balance of power shifts: from brands and platforms to systems of trust.

Linas: Merchants are already seeing the benefits. Conversion rates improve, acquisition costs fall, and profit margins rise. Some early pilots report margins above forty percent. But there’s a catch: agents mediate the customer relationship. That means brand loyalty will depend less on marketing and more on product quality and price.

Saurabh: And on trust. Oscilar’s systems already process thousands of signals across fraud, credit, and compliance. We now extend that to agent-specific signals: statistical IDs, mandate checks, and composite trust scores. Each decision is logged for full auditability.

Linas: Regulators will have to respond fast. They’ll need to define consent frameworks, data privacy rules, and liability standards for AI-driven transactions. Companies that already have transparent, explainable systems will be ready. Those that don’t will fall behind.

Saurabh: This is truly a full governance shift. Trust, safety, and regulation must evolve together if agent commerce is to reach scale.

What does the future of AI-driven commerce hold?

As agent commerce scales, it will expand far beyond shopping. The early use cases are retail. The next wave is full financial agency with AI handling every kind of transaction. 

Linas: Agents will soon manage everything from subscriptions to investment portfolios. They'll negotiate prices, file returns, and balance budgets automatically. For that to work, every transaction must be bound by verified mandates and live risk assessment.

Saurabh: Exactly. ACP and AP2 are the rails, but the Risk OS is the engine that keeps them safe. The next decade of commerce will depend on who builds the most trusted, real-time risk infrastructure.

Trust won't slow down commerce. It will become the competitive edge that powers it.

Building the trust layer for the age of agentic commerce

OpenAI and Stripe’s launch of ChatGPT Instant Checkout is only the visible start of a deeper transformation. The real contest isn't about who builds the best shopping interface. It's about who builds the trust layer that allows agentic commerce to scale without collapsing under fraud, disputes, or regulation.

Platforms like Oscilar are constructing that invisible layer: the Risk OS that makes AI-to-AI transactions safe, transparent, and fast. Those that see this as infrastructure, not a feature, will define the next decade of commerce.

Agent commerce is a step-function change. ACP and AP2 are the scaffolding. The Risk OS is the foundation. Without it, agentic payments will fail. With it, humans and agents will transact seamlessly trust built in, risk managed in real time.

That's the future we’re building toward at Oscilar: a platform where humans and agents can transact seamlessly, with AI models making the right calls in real time.

About Saurabh Bajaj

Saurabh Bajaj is the Chief Product Officer at Oscilar. With over 20 years in AI-driven risk technology, he has scaled companies like Feedzai, where he built a global AI risk platform, and Shape Security, where he led its $1B acquisition by F5 Networks. From stopping sophisticated fraud to enabling real-time credit and AML strategies, Saurabh’s work has consistently helped institutions stay ahead of emerging threats while maintaining seamless customer experiences. A builder and operator at heart, Saurabh is passionate about solving complex problems with urgency, curiosity, and clarity. He brings a global perspective, having grown up in Mumbai, India, and remains committed to making digital finance safer and more accessible worldwide. Connect with Saurabh on LinkedIn.

About Linas Beliūnas

Linas is the Head of Content Strategy at Oscilar and a recognized voice in payments, blockchain, and digital finance, known for making complex innovations accessible through his writing, keynotes, and popular newsletter. He has held leadership roles across the fintech landscape, including Director of Revenue at Zero Hash and Country Manager for Europe at Flutterwave, where he led the company’s European expansion. Earlier, at Solaris (formerly Contis Group) and Paysera, he drove triple-digit client growth and launched cross-border payment solutions. Now also a Venture Advisor at EQT Ventures, Linas combines strategic insight and operational expertise with a passion for demystifying financial technology. Follow Linas on LinkedIn.